#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 13°C Sunday 27 September 2020
Advertisement

Revenue staff were warned not to use Zoom over fears taxpayer information would be harvested

IT staff in Revenue working on an advisory for employees developed a watch-list on reasons not to use Zoom.

Image: Shutterstock.com

REVENUE STAFF WORKING from home were warned not to use Zoom over fears taxpayer information would be harvested by online marketers or “for other purposes”.

The Revenue Commissioners sent out warnings to staff only to use Skype for Business and not Zoom, which had proved incredibly popular especially during the early Covid-19 restrictions.

Employees were reporting issues with the use of Skype on mobile phones and on their computers with some asking to use Zoom instead.

An internal email warned however: “Using this as a work application would carry a risk of taxpayer information being scraped and used, primarily for targeted advertising but possibly for other purposes.”

IT staff in Revenue working on an advisory for employees developed a watch-list on reasons not to use Zoom despite its convenience.

They said it was not “a product endorsed or supported by Revenue” for conferencing and that it was not encouraged for staff internal communications.

An advisory for “if you absolutely have to use Zoom” said users should always assume someone else can read, hear, or see what you are talking about and sharing.

They were also told “Zoombombing” was becoming common and that if you did not have to sign in for a meeting, then nobody else did.

“What started as a prank is now being used to record meetings and gather information by cybercriminals, said the advisory.

Revenue staff were told that sensitive material should not be shared through a Zoom channel.

The internal advisory said: “Privacy is not top of their agenda; up until recently Zoom have shared all cloud stored recordings, files and transcripts with Facebook.

“They continue to share such information with advertising agencies and in their terms and conditions you agree they have a right to access and share all data and material that is transferred through their platform.”

‘Crafting links’

Tax officials were warned to watch out in particular for links in Zoom chat that might look genuine.

“Attackers are crafting links to look like a shared file but in reality it links their system to a file on your system that could allow remote access or even upload your saved passwords to them.”

Even after advice had issued about use of Skype and that Zoom would not be supported, Revenue still continued to get queries from staff.

One of their IT officials wrote jokingly: “Staff taking it on themselves [to use] Zoom internally – if only there was a mail about Skype gone out.”

Revenue were also contacted by Europol and advised to cease use of Zoom.

An Irish detective sergeant based with the EU police agency forwarded concerns about bugs that could abused to steal Windows passwords, or be used to take over the webcam and microphone on a Mac computer.

It also included other vulnerabilities and other security concerns, saying: “You are advised to refrain from using Zoom for conference calls.”

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

Internal records also discuss the possibility of prohibiting access to Zoom on Revenue computer networks.

One email said: “Not sure we could block it completely, hopefully staff will follow directive.”

A response said that a block on the Revenue system “should take care of the majority … if they want to use it from their laptop at home, then that’s up to them.”

In a later advisory to staff, employees were also warned about the use of speaker devices like Alexa or Siri in their home.

An internal email said they “may be in the home office and listening in to calls regarding taxpayer data”.

Staff were recommended to unplug the device or move to a more secure location in their home for the duration of sensitive phone calls.

A spokesman for the Revenue Commissioners said their priority during the pandemic was protecting the health of staff and their families while continuing to provide services.

He said: “To support and assist those working remotely, and to ensure the principles, structures, and processes that govern and guide the way we do business are maintained, Revenue has issued regular guidance.”

This had included guidance on using Skype for business, reminders on security of remote devices, data protection guidance, troubleshooting, and issues around securing data confidentiality and security.

About the author:

Ken Foxe

Read next:

COMMENTS (6)

This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel