This report discusses the fact that many of the things that the Social Security Administration does to prevent fraud, and what some people put out (such as their birth dates) on social networking websites such as Facebook, may allow crooks to make a good guess at their social security numbers!
On the surface, the process seems like it would lead to randomized--and thus secure--numbers. But it doesn't. When economist Alessandro Acquisti and computer scientist Ralph Gross of Carnegie Mellon University in Pittsburgh, Pennsylvania, compared SSA's public death records with birth data, they found that area numbers are not rotated until all 9999 serial numbers have been assigned. So instead of each of New York's 85 area numbers being the possible starting three digits for any Social Security number on any given day, Social Security numbers are assigned essentially in order: 576-32-0001 is followed immediately by 576-32-0002, etc. That means a potential thief can narrow down a number simply by knowing the date (often some 6 to 11 weeks after birth) on which one received it. After 1989, individuals started receiving Social Security numbers at birth, rather than at their discretion (often when they began their first job), so pinpointing these people's numbers is especially easy, says Acquisti.
So easy in fact that Acquisti and Gross were able to do it themselves. Using fairly standard computer algorithms, the duo predicted the first five digits of Social Security numbers for people born after 1989 44% of the time on the very first try. On a handful of attempts, they managed to get all nine digits on the first try, but at the very least they could predict the full numbers of 8.5% of those born after 1989 in fewer than 1000 tries, they report online today in the Proceedings of the National Academy of Sciences.
Horrors!
This paper is an open access article which you can get from here.
Zz.
No comments:
Post a Comment