According to an article by Brian Krebs in today’s Washington Post, it’s easier than we thought to guess anyone’s Social Security number because the Federal Government is using a poorly designed set of algorithms to assign numbers to applicants. You can start by checking the Death Master File for individuals who were born around the date and geographic place of your target.
See this page, which includes a FAQ on journal article by Carnegie Mellon University researchers Alessandro Acquisti and Ralph Gross called Predicting Social Security numbers from public data. (http://dx.doi.org/10.1073/pnas.0904891106) The article is available for free as an abstract and in full text (PDF).
One section of the Post’s report sent chills down my spine:
Linda Foley, founder of the Identity Theft Resource Center, a San Diego based nonprofit, cited another potential problem. She said many businesses have errantly rely upon or have moved to redact all but the last four digits of a person’s SSN, the very digits that are most unique to an individual.
“Because of the way the SSN has been designed, asking for the last four numbers of the SSN puts people at risk because those are the only numbers that are unique to you and cannot be guessed easily by someone who might want to use your identity,” Foley said.
Ars Technica also has an article called http://arstechnica.com/tech-policy/news/2009/07/social-insecurity-numbers-open-to-hacking.ars with some additional discussion.
Image courtesy of _saturnine on Flickr via a Creative Commons license.
Comments on this entry are closed.