Researchers Use Facebook and Other Social Network Data to Hack Social Security Numbers - 1,379 Views,
|
Previous Article « New Cell Phone Watch Phone Goes on Sale
Read Next Article » Positive Recommendations on LinkedIn Used in Lawsuits Against the Recommender
As online society becomes ever more social, and cares ever less about personal security, the phrase “social security” seems more than ever an oxymoron. Perhaps nowhere is this more clearly brought home than in this week’s announcement by researchers at Carnegie Mellon that they have cracked the social security code, and were able to predict with frightening accuracy many social security numbers (SSNs). In many cases, their hack was aided by information gleaned from such social networking sites as Facebook.
Follow Anne on Twitter
Alessandro Acquisti and Ralph Gross undertook the research to determine just how “secure” social security numbers are. Not surprisingly, they found that with just a little bit of information that in times earlier would have been considered very private, and not readily available, they were able to guess the first five digits in someone’s social security number on the very first attempt nearly half of the time, and they were able to get the full social security number nearly 10% of the time in under 1000 attempts.
While 1000 tries to get a full SSN may sound like a lot - when you consider the guessing brute strength that most computers have nowadays, it’s really nothing. Especially for someone motivated by criminal intent.
Of course, it’s been known for ages that where you are born determines the first few digits of your SSN. If you are born on the very eastern part of the east coast of the U.S., your SSN will start with 0, while if you are born in the very western part of the western U.S., your social security number will start with 9 or 8.
While that was well-known, what wasn’t so well-known was that the algorithm for generating social security numbers includes your date of birth.
Acquisti and Gross started by using the Social Security Administration’s “Death Master File” - which contains the SSNs of everyone who has died. The Death Master File is public information, primarily to ensure that the social security number of a deceased person isn’t misused by a criminal assuming the identity of the deceased.
Using the SSNs from the Death Master File, Acquisti and Gross were able to detect patterns in the assigning of the numbers.
They then turned to live people. Facebook, and similar social networking sites, provided a fertile ground. Many people on Facebook include their date of birth, along with their location, in their profile information.
Where someone was born, and the social security number was issued, in a smaller state, the accuracy rate was even higher than for those born in larger states.
Muses Acquisti, “I was surprised by the accuracy of certain predictions,” adding that “It’s good that we found it before the bad guys.”
The Social Security Administration is disputing these findings, issuing a statement that “there is no foolproof method for predicting a person’s Social Security number.” An administration spokesperson added that “The suggestion that Mr. Acquisti has cracked a code for predicting an SSN is a dramatic exaggeration.”
Still, said the spokesperson, “For reasons unrelated to this report [Ed note: Uh huh..], the agency has been developing a system to randomly assign SSNs. This system will be in place next year.”
Researchers Use Facebook and Other Social Network Data to Hack Social Security Numbers
Twitter Explained in Plain English
Previous Article « New Cell Phone Watch Phone Goes on Sale
Read Next Article » Positive Recommendations on LinkedIn Used in Lawsuits Against the Recommender
Read more:
» Facebook Phone Now Available - the World’s First Social Networking Phone
» Google to Connect Friends Across Websites with Google Friend Connect
» A New Class of Social Contacts - Frolleagues
For additional similar stories check out our archives on Facebook, Privacy, Security, Social Networking
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
