• The Forums are now open to new registrations, adverts are also being de-tuned.

IT Security: Attacking tax records

Spinal

Spinal

MB Enthusiast
Joined
Sep 14, 2004
Messages
4,806
Location
between Uxbridge and the Alps
Car
x254, G350, Duster, S320, Mach1, 900ss and a few more
A slightly odd and very off topic question here...

As part of my course, I've stumbled across an interesting question - to oversimplify:

Who would want to gain access to a companies tax records and why?

Now, remembering that I'm half Italian, I'm thinking the mob/organised crime would love to get their hands on such details as it would allow them to check how much a company "really" earns and bill their "insurance" appropriately.

Similarly, blackmail might be a risk, but I feel this is pushing it.

Plain old curiosity? Finding out how much your rivals make? Do corporate tax records include any details on employees?

Any insights? Frankly, I'm not sure what a corporate tax record includes - hence I'm not sure what people would want!

TIA,
Michele
 
An interested party - do you mean tax records, or company returns, as found on www.companieshouse.gov.uk ? - you can find out who the directors are, and how much money the company is earing, amongst other interesting things.

I had reason to look into a company recently, and was able to purchase the last directors, accounts and share reports. You also get the address of the Directors, at the time they signed the 363a form.
 
Spinal said:
Who would want to gain access to a companies tax records and why?
Click to expand...

That's a good question - assuming this is a security-type question.

Perhaps it's trying to get at the point that not all data is worth protecting to the nth degree, especially when so much is in the public domain.
 
Mr E said:
That's a good question - assuming this is a security-type question.

Perhaps it's trying to get at the point that not all data is worth protecting to the nth degree, especially when so much is in the public domain.
Click to expand...

All date NEDDS to be protected without any exeptions. Who is to decide what to NOT protect? And why?

Cheers
Chris
 
columb said:
All date NEDDS to be protected without any exeptions. Who is to decide what to NOT protect? And why?

Cheers
Chris
Click to expand...

That's walking a fine line... there is a difference between data and information.

IMO, information is data with some value (no matter how small).
e.g.
- Your name is information. Your credit card details are information. Your facebook profile is information
- Your name encrypted by 3DES without the key is data. At this point, the key is information.
- Noise on an internet signal is data - I think you'll find it hard to argue that the interference from a power line is information that needs protecting - imo, although it may be data; it doesn't contain information. (kind of like spam...)

I'll write something more with a larger view of what I've come up with so far later tonight...

Michele
 
First, sorry - should be DATA not DATE (looong week).
2nd, yes, INFORMATION should be protected.
I would say that however data is encrypted it is still information - you never know, when a new attack will brake current encryption methods..

Spam, however can contain information (like your email address or openrelay IP). And there is my question: who is to decide what to protect??

Cheers
Chris
 
columb said:
First, sorry - should be DATA not DATE (looong week).
2nd, yes, INFORMATION should be protected.
I would say that however data is encrypted it is still information - you never know, when a new attack will brake current encryption methods..

Spam, however can contain information (like your email address or openrelay IP). And there is my question: who is to decide what to protect??

Cheers
Chris
Click to expand...

Though I don't necessarily disagree (at least, not totally) I'm going to play devil's advocate here...

If all information should be protected (I'm assuming you mean information stored at a corporate/government level and not a personal level) - do you mean that any and all information should be encrypted?

By your own statement, the encryption will probably be broken in future thus putting the information at risk. Also, who would bear the costs? Let's suppose the mbclub admins (sorry :p) were to decide to store all the forum data encrypted with 3DES, and issue all users with public/private key pairs and all the rest. This may have the result of making the information fairly difficult to access by most hackers/crackers; but at the same time it may have the opposite effect. As your average Joe Bloggs cannot/does not know how to use PPK-pairs (and probably doesn't want to... they "just want it to work") they will find a workaround, probably with the effect of introducing new vulnerabilities.

As to the decision of who decides what information is to be protected and why. Well, arguably, the people deciding should be a combination of the owners of the information and the stake-holders in the system (e.g. in the case of facebook the owners/google). After all, without the co-operation of both, your system would collapse.

Now, back to the tax records. An interesting incident happened in Italy, where the government published all tax records online. A mixture of indignation and bandwidth stopped that - but it did happen (legally-ish). People were extremely indignated.

So let me move it away from the corporate and into the private. Would you care if your annual tax-delarations were published online? Who could attack such a system? (I'm guessing reasons could be blackmail, curious people and auditing - so anyone really)

It's an interesting point really... it leads to so many other things, including "other" proposed databases containing much more confidential data (like medical records, but lets not let this get political).

WLeg: Just got a sample off that site... I can't seem to find any information on annual earnings nor tax declarations. Similarly, there is very little further information - am I missing something? (Using the rtf sample from here:
ftp://wck2.companieshouse.gov.uk/pub/chd_ais/DemoCoReport.rtf
)

Thanks!
Michele
 
columb said:
All date NEDDS to be protected without any exeptions. Who is to decide what to NOT protect? And why?

Cheers
Chris
Click to expand...

The point I'm trying to make is that there's always a cost/benefit ratio attached to these things.

I'm not a security expert, but why would a company worry too much about information that (in their circumstance) is in the public domain anyway? When it comes to "private" data, that's a completely different story...
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)

Similar threads

AMGeed
Any IT security experts here?
Replies
14
Views
3K
fabes
fabes
billywhiz
Insurance Fraud - In detail - Don't be a victim
2
Replies
22
Views
8K
Kris-H
Kris-H
Back
Top Bottom