All About HackingBlackhat Hacking ToolsFree CoursesHacking

Tax-Evasion Hacks 2023

In this article we will learn about Tax-Evasion Hacks.

Introduction with Tax-Evasion Hacks

Although Benjamin Franklin stated that the only two things that are certain in life are death and taxes, today’s cybercriminals repeatedly attempt to deny the truth of this saying by hacking electronic systems containing tax-related information.

The purpose of this article is to discuss the most common tax evasion hacks. Specifically, the article will cover tax refund scams using stolen tax information (Part 2), cash register hacks (Part 3), and illegal modification of tax records (Part 4). Finally, a conclusion is drawn (Section 5).

Tax refund fraud using stolen tax information

U.S. The Internal Revenue Service (IRS) projects that more than 70% of U.S. taxpayers will receive a tax refund in 2016. In 2015, the average refund was $2,797. U.S. taxpayers may elect to receive their tax refunds using one of the following three methods: (i) direct deposit into the taxpayer’s bank account; (ii) a check sent to the taxpayer’s address, and (iii) applying for a refund in the following tax year. Refunds from electronically filed returns arrive in approximately three weeks.

By gaining unauthorized access to taxpayers’ personal financial information, hackers can receive large amounts of fraudulent tax refunds. For example, in 2015, criminals stole the personal financial information of more than 100,000 people from the IRS. Hackers exploited a security flaw in the IRS’s “Get Transcript” online service. This service allows taxpayers to download a large number of tax forms, such as tax forms related to college financial aid and mortgage applications. Fraudsters used previously stolen sensitive U.S. taxpayer information, such as physical addresses, birthdays, and Social Security numbers, to obtain personal information submitted through the “Get Transcript” service. According to IRS Commissioner John Koskinen, the attack used sophisticated schemes.

In this regard, he said: “We are dealing with criminals with a lot of money, we use expensive equipment and we hire a lot of smart people. The IRS believes the breach originated in Russia.

It’s worth noting that the IRS is constantly criticized for failing to protect taxpayer data. For example, in 2009 the Government Accountability Office (GAO) issued a report that outlined several problems related to the IRS’ handling of taxpayer data. The report concluded that: “information security weaknesses – both old and new – continue to impair the agency’s ability to ensure the confidentiality, integrity and availability of financial and taxpayer information.

These deficiencies represent a material weakness in the IRS’s internal controls over its financial and tax processing systems.” Information security gaps identified by GAO include, but are not limited to (i) weak password protection policies, (ii) the ability to access sensitive data (eg, passwords and user IDs) by any user on IRS networks, (iii) and inadequate logging of security events.

The IRS isn’t the only target of tax refund fraudsters. A number of other financial institutions are targeted for tax return hacking, including accounting firms, payment service providers and credit institutions. To illustrate, four major US accounting firms suffered the theft of more than 1,000 tax returns in 2011. The cyber fraudsters who committed the theft used the stolen information to fraudulently issue tax refunds and deposit them onto reloadable payment cards registered in the victims’ names.

Cash register hacks

By hacking cash registers and manipulating their memory, fraudsters can avoid paying various taxes, such as income tax, VAT and sales tax. A study by the Organization for Economic Co-operation and Development (OECD) shows that by using illegal sales suppression, Canadian restaurants alone avoid $2.4 billion in taxes annually.

Cash register hacking is usually done using technologies known as zappers or phantom-ware. Zappers are physical devices that allow fraudsters to prevent sales transactions from appearing on a business’s financial records. Phantom-ware is software that creates virtual sales terminals. While the zapper is more likely to be hosted on a server in the point-of-sale system, the phantom software most often resides in separate cash registers.

The sophistication of zappers and phantom software is such that these systems can reconcile inventory and employee time records with deletions. According to Boston University professor Richard Ainsworth, zappers are “almost impossible to detect” when properly installed.

To illustrate how zappers and phantom goods work, we discuss two cases, namely the American case involving Stew Leonard’s Dairy (Section 3.1) and the Dutch case involving Dudok Cafe in Rotterdam, Netherlands (Section 3.2). Next, we will deal with measures to prevent cash register hacking (section 3.3).

3.1 Stew Leonard’s Dairy case

The case is considered “the largest tax case in Connecticut history.” Stew Leonard’s Dairy, a Connecticut grocery chain, plays a major role in the case. Stew Leonard’s Dairy used zappers to generate an estimated $16 million in revenue over a decade. The cash was physically moved to St. Martin, an island in the northeastern Caribbean. According to the Second Circuit Court, to conceal the fraud, the defendants used software that altered the store’s sales figures to match the cash collected. The software left no audit trails indicating modifications to sales data.

The Connecticut Supreme Court explained the operation of the software as follows: “As an example, the program was designed to say that today’s criteria for selling cucumbers would be 50 units. If more than 50 units of cucumbers were sold, the surplus was taken to the share program. The Equity Program scanner went through every single item that sold that day. The diverted amount was spread over a wide range of products. Some of the calculations were pennies per item.’

3.2 The case of Café Dudok

Dutch tax authorities have discovered that Rotterdam-based coffee shop Dudok is using a cash register program to reduce business turnover. The program allowed Dudok employees to delete receipts through a hidden software function. Such an option was not officially described in the cash register manual or part of the normal user interface. Receipts that have been deleted through a hidden function of the software have been permanently removed from the cash register.

The owners of the cafe were thus able to reduce their tax obligations by reducing the amount of income generated. The Rotterdam District Court found that the existence of such an unofficial function is a sufficient indicator of tax fraud.

The court’s reasoning follows: “Given the special characteristics of the hidden option and the existence of other features of the adjustment program, the court cannot imagine a purpose for the hidden option other than illegal turnover manipulation. The court is therefore firmly convinced that the defendant, as the seller, knew about it. By selling the software to the catering establishment, the defendant knowingly and intentionally accepts a substantial chance that the purchaser will use the program to erase the turnover in order to conceal it from the Internal Revenue Services, with all the attendant tax consequences.”

3.3 Measures to prevent checkout hacking

Measures to prevent cash register hacking can be divided into three categories, namely mandatory cash register certification, cash register audits, and inserting smart cards into cash registers. Below, these three categories are explored in more detail.

Mandatory certification of cash registers

By requiring taxpayers to certify their cash registers, tax authorities will ensure that certified cash registers are not affected by phantom goods and zappers. For example, those responsible for certification can calculate the checksum value for the firmware object code installed on certified cash registers. After the certification of the cash register, they will be able to find out whether the object code has been changed.

Audits of cash registers

Comprehensive audits of business record keeping systems can reveal the presence of phantom goods or zappers. A comprehensive audit focuses not only on information in the cash registers, but also on employment taxes, consumption taxes and income taxes.

Inserting smart cards into cash registers

By embedding important cash register data onto smart cards that are securely embedded in cash registers, tax authorities will have access to redacted and deleted transaction information. One of the advantages of this solution is that state authorities can conduct remote audits, e.g. smart card data can be sent to tax authorities by e-mail. It is worth noting that the data on smart cards is encrypted. So users of the cash registers cannot edit it.

Unauthorized modification of tax records

Illegal access, theft and deletion of financial information are not the only methods used by cybercriminals who specialize in tax evasion hacking. Hackers can also modify information stored in the tax authorities’ database. For example, fraudsters hacked into the Uganda Revenue Authority (URA) system and fraudulently facilitated the customs clearance of 200 vehicles. The hackers were arrested in a car that was located very close to the URA premises while they were hacking. The fraudsters had laptops connected to the URA network.

The URA Automated Customs Data System Attack (ASYCUDA) is not the only attack on a customs system to modify government tax records without authorization. Similarly, the Nigeria Customs Service (NCS) was attacked by fraudsters who used stolen passwords of customs officials. As a result of the hack, the government of Nigeria lost billions of Naira (Nigeria’s currency).

To increase the security of the system and prevent future cyber attacks, NCS used biometric systems. Since 2012, Nigerian customs officials have been using biometric cards to identify and conduct their operations. It should be noted that in 2014, Nigeria introduced biometric national identity cards. By 2019, all Nigerians will be required to have biometric national identity cards containing (i) ten fingerprint information, (ii) facial photograph and (iii) iris capture.

Also Read:Everything you need to know about Ethical Hacking as a Career by Blackhat Pakistan 2023


Payment recording systems and systems processing the personal data of millions of taxpayers are increasingly attractive targets for cybercriminals. To reduce the number of tax evasion hacks, tax authorities need to increase information security awareness in the following areas: (i) identifying information security weaknesses that can be used to carry out such hacks; ii) elimination of identified weaknesses in the area of ​​information security; and (iii) creating and implementing comprehensive information security programs based on the most advanced information security standards.


  1. Ainsworth, R. T., ‘Electronic Tax Fraud-Are There ‘Sales Zappers’ in Japan?’, Boston University School of Law & Economics Paper 08-31, 2008. Available at .
  2. Ainsworth, R.T., ‘Zappers & Phantom-Ware: A Global Demand for Tax Fraud Technology’, Social Science Research Network, 2 June 2008. Available at .
  3. Bagala, A., ‘How hackers accessed URA system to defraud Shs2.4 billion’, Daily Monitor, 25 October 2015. Available at .
  4. Becker, B., ‘IRS chief: Hackers seek fraudulent returns in 2016′, The Hill, 6 February 2015. Available at .
  5. Collins, K., ‘The IRS is using a system that was hacked to protect victims of a hack—and it was just hacked’, Quartz, 1 March 2016. Available at .
  6. ‘Customs suspends officers over hacking of data system,’ Vanguard, 13 April 2011. Available at .
  7. District Court of Rotterdam, LJN: AX6802 (Jun 2, 2006). Available at .
  8. Frates, C., ‘IRS believes massive data theft originated in Russia’, CNN Politics, 5 June 2015. Available at
  9. Geuss, M., ‘MasterCard-backed biometric ID system launched in Nigeria’, Ars Technica, 3 September 2014. Available at .
  10. ‘Information Security. Continued Efforts Needed to Address Significant Weaknesses at IRS’, United States Government Accountability Office, 2009. Available at .
  11. ‘IRS Ready to Start 2016 Tax Season; Encourages use of and e-File; Works with States, Industry on Identity Theft Refund Fraud’, U.S. Internal Revenue Service, 14 January 2016. Available at,-Industry-on-Identity-Theft-Refund-Fraud .
  12. Kiyonga, D., ‘Uganda Revenue Authority hackers jailed 12 years’, The Observer, 4 April 2013. Available at–uganda-revenue-authority-hackers-jailed-12-years .
  13. McCoy, K., ‘Cyber hack got access to over 700,000 IRS accounts’, USA Today, 26 February 2016. Available at .
  14. ‘Most Recent IRS International Hacking Reveals Vulnerability’, Procedurally Taxing, 28 May 2015. Available at .
  15. Pagliery, J., ‘Criminals use IRS website to steal data on 104,000 people’, CNN Money, 26 May 2015. Available at .
  16. Pauli, D., ‘Businesses use fraud software for tax scam’, IT News, 8 April 2013. Available at .
  17. ‘URA Computer System Hackers Nabbed,’ Uganda Revenue Authority, June 2012. Available at .
  18. Vijayan, J., ‘IRS Taxpayer Data is Insecure’, PC World, 18 January 2008. Available at .
  19. Zambito, T., ‘Bulgarian hacker admits role in $6M IRS refund scheme, feds say’,, 6 July 2015. Available at .

Leave a Reply

Your email address will not be published. Required fields are marked *