Student pleads guilty to IRS hack attempt for Trump tax returns

Prosecutors call him a mastermind. Defenders say it was Wayne’s World gone awry.

What is Black Hat and why is it so important? CBS' Dan Patterson is at Black Hat in Las Vegas. He breaks down why it is a must-see for hackers and cybersecurity professionals, plus the most interesting things happening at this year's conference.

The subject of past tax returns remains a sore issue for US President Trump and one student who attempted to take matters into his own hands may be facing jail time for his efforts. 

Andrew Harris, a previous student at Haverford College, tried to hack his way into systems belonging to the Internal Revenue Service (IRS) to steal the president's tax returns just before the 2016 US election. 

Last week, the 24-year-old pleaded guilty to two misdemeanor counts of computer fraud in the Eastern District of Pennsylvania court, as reported by The Philadelphia Inquirer

As a result, the student now faces up to two years in federal prison and a fine of up to $200,000. 

See also: This 'most dangerous' hacking group is now probing power grids

Harris accessed a Free Application for Student Aid (FAFSA) website from a school computer, together with student Justin Hiemstra, and realized applications would redirect to the IRS and automatically import tax returns. 

Granted this information, Harris wondered what would happen if they posed as one of Trump's children. After logging in with another student's credentials, the duo pretended to be Tiffany Trump and realized a FAFSA application had already been registered under her name. 

CNET: 7 Android VPN apps you should never use because of their privacy sins

Jordan Hamlett, a private investigator unconnected to the students, had already attempted to grab the same information by way of the same technique and was responsible for the application in question. Last year, the US Department of Justice (DoJ) sentenced Hamlett to 18 months in prison.

Harris and Hiemstra had no knowledge of Hamlett at the time and were unaware that the Department of Education was keeping a close eye on FAFSA traffic. 

After finding Trump's date of birth and Social Security number online, the pair had two out of three answers to security questions required to reset the application's password. However, they were forced to throw in the towel at the third hurdle. 

TechRepublic:  Top 5 password alternatives

This attempt, made on a school PC and likely without concealing their tracks or any form of obfuscation, led federal investigators to Haverford and eventually to the students. 

Harris' defense, Attorney William Brennan, said that while prosecutors deem him the "mastermind" of the scheme, the account compromise attempt should be considered more akin to an episode of Wayne's World "gone awry." Wayne's World was a set of comedy films involving two hapless teenagers. 

Hiemstra pleaded guilty last month. Now Harris has chosen the same path, he is due to be sentenced on December 16. 

Trump has consistently refused to release his tax returns. In related news this week, the US president said in court documents that a motion filed by New York officials to force Trump to hand over this information should be dismissed or frozen until a time when Congress makes a formal request for the same data.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0