Viable Statistical Attack on Social Security Numbers
Ξ July 6th, 2009 | → 0 Comments | ∇ Technology |
Wired has the writeup:
By analyzing a public data set called the “Death Master File,” which contains SSNs and birth information for people who have died, computer scientists from Carnegie Mellon University discovered distinct patterns in how the numbers are assigned. In many cases, knowing the date and state of an individual’s birth was enough to predict a person’s SSN.
“With just two attempts, the researchers correctly guessed the first five digits of SSNs for 60 percent of deceased Americans born between 1989 and 2003. With fewer than 1,000 attempts, they could identify the entire nine digits for 8.5 percent of the group.”
“A botnet can be programmed to try variations of a Social Security number to apply for an instant credit card,” Acquisti said. “In 60 seconds, these services tell you whether you are approved or not, so they can be abused to tell whether you’ve hit the right social security number.”
It also turns out that some SSNs are easier to predict than others. Because of the way numbers are assigned, younger people and those born in less populated states are more at risk, Acquisti said. Before 1988, many people didn’t apply for an SSN until they left for college or got their first job. But thanks to an anti-fraud effort in 1988 called the “Enumeration at Birth” initiative, parents started applying for their child’s number at birth, making it much easier to predict based on a person’s birthday.
Leave a reply
You must be logged in to post a comment.
