Computer scientists at Carnegie Mellon University have figured out how to predict Social Security numbers from publicly accessible birth data with frightening accuracy. The researchers analyzed a public information source known as the “Death Master File,” which includes birth data and SSNs for people who have died. The scientists found that in many instances, if you know the date and state in which a person was born, you can deduce their SSN.
With just two attempts, the researchers correctly guessed the first five digits of SSNs for 60 percent of deceased Americans born between 1989 and 2003. With fewer than 1,000 attempts, they could identify the entire nine digits for 8.5 percent of the group.There’s only a few short steps between making a statistical prediction about a person’s SSN and verifying their actual number, Acquisti said. Through a process called “tumbling,” hackers can exploit instant online credit approval services — or even the Social Security Administration’s own verification database — to test multiple numbers until they find the right one. Although these services usually block users after several failed attempts, criminals can use networks of compromised computers called botnets to scan thousands of numbers at a time.
“A botnet can be programmed to try variations of a Social Security number to apply for an instant credit card,” Acquisti said. “In 60 seconds, these services tell you whether you are approved or not, so they can be abused to tell whether you’ve hit the right social security number.”
Related Posts: On this day...
- Google+ is Awesome. Facebook Maimed, Twitter Mortally Wounded? - 2011
- So Long HDMI: New Standard for A/V Uses Ethernet Cables - 2010
- LeBron James to join Dwyane Wade and Chris Bosh on the Miami Heat? - 2010
- Haystack, an anti-censorship tool specifically for users in Iran, to launch soon - 2009
- Prevent brute force attacks on SSH servers with DenyHosts - 2009
- Chinese bloggers evade censors by writing backwards - 2008