Log In | Register
7 Comments
Printadvertisement
WASHINGTON — For all the concern about identity theft, researchers say there's a surprisingly easy way for the technology-savvy to figure out the precious nine digits of Americans' Social Security numbers.
"It's good that we found it before the bad guys," Alessandro Acquisti of Carnegie-Mellon University in Pittsburgh said of the method for predicting the numbers.
Acquisti and Ralph Gross report in Tuesday's edition of Proceedings of the National Academy of Sciences that they were able to make the predictions using data available in public records as well as information such as birthdates cheerfully provided on social networks such as Facebook.
For people born after 1988 — when the government began issuing numbers at birth — the researchers were able to identify, in a single attempt, the first five Social Security digits for 44 percent of individuals. And they got all nine digits for 8.5 percent of those people in fewer than 1,000 attempts.
For smaller states their accuracy was considerably higher than in larger ones.
Acquisti said in a telephone interview that he has sent the findings to the Social Security Administration and other government agencies with a suggestion they adopt a more random system for assigning numbers.
Social Security spokesman Mark Lassiter said the public should not be alarmed by the report "because there is no foolproof method for predicting a person's Social Security number."
"The suggestion that Mr. Acquisti has cracked a code for predicting an SSN is a dramatic exaggeration," Lassiter said via e-mail.
However, he added: "For reasons unrelated to this report, the agency has been developing a system to randomly assign SSNs. This system will be in place next year."
The researchers say their report omits some details to make sure they aren't providing criminals a blueprint for obtaining the numbers.
The predictability of the numbers increases the risk of identity theft, which cost Americans almost $50 billion in 2007 alone, Acquisti said.
A problem in the battle against identity thieves is that many businesses use Social Security numbers as passwords or for other forms of authentication, something that was not anticipated when Social Security was devised in the 1930s. The Social Security Administration has long cautioned educational, financial and health care institutions against using the numbers as personal identifiers.
"In a world of wired consumers, it is possible to combine information from multiple sources to infer data that is more personal and sensitive than any single piece of original information alone," he said, warning against providing too much data on social network sites.
Acquisti, who researches the economics of privacy, said he got interested in what could be learned from easily available by looking at social networks, which he termed "a great experiment in self-revelation."
People were willing to include their date of birth and hometown, he said, and he already knew that was part of the information used in issuing Social Security numbers.
So the researchers turned to the SSA's "Death Master File," which lists the numbers of people who have died. The purpose of making that file public is to prevent impostors from assuming the Social Security numbers of deceased people.
But by plotting the data for people listed on the file between 1973 and 2003 the researchers were able to develop patterns for number issuance.
"I was surprised by the accuracy of certain predictions," Acquisti said.
The system can produce a range of possibilities for the last four numbers, making it easier for a computer to test the possibilities until the correct number is found for an individual, Acquisti explained.
In addition, "attackers can exploit various public- and private-sector online services, such as online "instant" credit approval sites, to test subsets of variations to verify which number corresponds to an individual with a given birth date.
While it was well known that the numbers have a geographic component, past studies have used the patterns plus other data to estimate when and where a specific number may have been issued.
"Our work focuses on the inverse, harder, and much more consequential inference: it shows that it is possible to exploit the presumptive time and location of SSN issuance to estimate, quite reliably, unknown SSNs," Acquisti said.
The research was supported by the National Science Foundation, the U.S. Army Research Office, Carnegie-Mellon University and the Pittsburgh Supercomputing Center.
___
On the Net:
© 2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
10 Votes- Enjoy this article? Help vote it up the 'Vine.
Published to:
- Randolph E. Schmid's Column, All of Newsvine
- Groups: none
- Regions: United States , Washington DC
 | Social Security number code cracked, study claims - Yahoo! News | Yahoo! News | Tue Jul 7 | 0 |
| Social Security Number Code Cracked, Study Claims - ABC News | ABC News | Mon Jul 6 | 0 |
| Study Finds Social Security Numbers Can Be Guessed From Data Found on Internet Social Networks, such as Facebook, MySpace and other public sources | Bloomberg.com | Mon Jul 6 | 5 |
| Researchers: Social Security Numbers Can Be Guessed | The Washington Post | Mon Jul 6 | 0 |
- Public Discussion (7)
What's this?
Who's leading the conversation?
This visualization below allows you to see the impact that each user
has on the current conversation.
The top row contains the group of users who have had the most impact, the 2nd
row the group of users who have had the 2nd most impact (et cetera).
Users with similar impact are grouped together, and the average score of the group
is shown to the left of the group. The author of the article is also shown on the
left, in their corresponding group.
Each user's score is based on the number of comments the user has made plus the
number of votes their comments have received. The scores are calculated relative
one another, so while their absolute value is not particularly important, their
relative difference does indicate a larger difference in impact on the conversation.
4.5
{"commentId":8059935,"authorDomain":"mightyblogger"}
Considering that legally, the only real use of Social Security numbers is between you and the government, not you and banks or lenders or health care providers, this should be light story, the problem is how many companies refuse service if you refuse to provide a SS number - which you are not required by law to provide them.
That - needs to be fixed.
{"commentId":8059935,"threadId":"620655","contentId":"3002372","authorDomain":"mightyblogger"}
- 8 votes
#1 - Mon Jul 6, 2009 5:33 PM EDT{"commentId":8075539,"authorDomain":"behindmyscreen"}
What the government needs to do is to outlaw the use of the SSN for commercial transactions.
{"commentId":8075539,"threadId":"620655","contentId":"3002372","authorDomain":"behindmyscreen"}
- 2 votes
{"commentId":8061232,"authorDomain":"armstrongdebra21"}
I agree, wholeheartedly. This issue is the number one problem, at least on my list, facing people in this country today. Consider the following: millions of people are now faced with foreclosure, which ruins your credit, and millions more are unemployed, which ruins your ability to pay your bills and subsequently ruins your credit. Companies today are allowed to use your credit score to determine your worthiness as an employee, so if you need a job, or second job, to pay your bills and guard your credit score, you are going to be SOL. No good credit, no job, no bank account, no more credit card offers, and your existing credit cards will dry up or disappear.
Hundreds of thousands of jobs disappeared last month: what do you suppose we're going to do with all those unemployable people??
{"commentId":8061232,"threadId":"620655","contentId":"3002372","authorDomain":"armstrongdebra21"}
- 1 vote
#2 - Mon Jul 6, 2009 6:24 PM EDT{"commentId":8062034,"authorDomain":"robbo409"}
Rub the sleep out of your eyes little boys & girls...
Isn't info like this better kept under wraps? Now all the wannabe hackers have something to get them back to at least trying to get into password secured areas.
Alessandro Acquisti = IDIOT
Ralph Gross = IDIOT
Randolph E. Schmid = IDIOT
ASSOCIATED PRESS = IDIOTS
SO MANY IDIOTS WITH THEIR NAMES LISTED AND NO ONE SAYS ANYTHING ABOUT THEM!!!
THAT'S THE SCARY PART...
IS NEWSVINE PART OF AP?
{"commentId":8062034,"threadId":"620655","contentId":"3002372","authorDomain":"robbo409"}
#3 - Mon Jul 6, 2009 6:58 PM EDT{"commentId":8063576,"authorDomain":"pev"}
Um. Robbo? Your caps lock button is right over there on the side of the keyboard. Might've gotten hit by accident.
Here's a news flash: we've known about this for a while now. There've been websites on the net for years listing the area numbers of SSNs and when / where they were issued, and the Death Master File is not only public information, it's placed online by the government so businesses can search it for fraudulent SSNs. Some of us used to guess SSNs for kicks because it was easy.
What the Carnegie Mellon researchers did was a proof of concept, necessary before government groups will take action on an issue that is a known problem but has insufficient hard facts to support it. Now there are hard facts to support it.
The problem isn't the people who are drawing attention to the fact that the system is flawed, Robbo. The problem is the fact that our infrastructure is relying on a system that was not designed to be used in the way it's being used, and our government is resistant to change because it's expensive.
Now...please chill out some and stop shouting at those who are trying to help.
{"commentId":8063576,"threadId":"620655","contentId":"3002372","authorDomain":"pev"}
- 2 votes
{"commentId":8088126,"authorDomain":"jwms"}
LOL...Well, I have no problem giving my name, or social security number to anyone. If anyone wants to try and be me...more power to them. Maybe I should feel honored :)
{"commentId":8088126,"threadId":"620655","contentId":"3002372","authorDomain":"jwms"}
{"commentId":10417707,"authorDomain":"breelaboy"}
{"canLink":false,"threadId":"620655","isPrivate":false}
You're in Easy Mode. If you prefer, you can use XHTML Mode instead. |
As a new user, you may notice a few temporary content restrictions. Click here for more info.
Start Tracking
Stop TrackingCOMPANY STUFF:
LEGAL STUFF:
- © 2005-2009 Newsvine, Inc. |
- Newsvine® is a registered trademark of Newsvine, Inc. |
- Newsvine is a property of
