Wednesday, July 8, 2009

Social Security Numbering System Is Vulnerable to Fraud, Researchers Say - NYTimes.com

Social security numbers have always been at-risk...if someone could design a computer program that could predict SSNs reliably...sheesh. Is this the death of SSN?

Consider these points from the New York Times article appearing below:
  • tags: privacy, ssn, socialsecurity

    • The nation’s Social Security numbering system has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth.
    • The findings, published Monday in The Proceedings of the National Academy of Sciences, are further evidence that privacy safeguards created in the era before powerful computers and ubiquitous networks are increasingly failing, setting up an “architecture of vulnerability” around personal digital information, the researchers said.
    • now possible to routinely reconstruct sensitive personal information from the type of online postings frequently found on social networking sites and other public sources.
    • By testing their algorithm on a half million publicly available records in the Social Security Administration’s Death Master File, the researchers were able to
    • identify millions of Social Security numbers for individuals whose birth date and location were publicly available.
    • The researchers said that while it would not be easy for cybercriminals to reconstruct their methodology, they believed it was within the grasp of sophisticated attackers. They also emphasized that the prediction of Social Security numbers was just one component of identity theft. For example, an attacker who developed a similar algorithm might use it as part of an ambitious attack against an online credit reporting system, where many Social Security numbers could be tested rapidly.
    • “The public should not be alarmed by this report because there is no foolproof method for predicting a person’s Social Security number,” said the spokesman, Mark Lassiter. “The method by which Social Security assigns numbers has been a matter of public record for years. The suggestion that Mr. Acquisti has cracked a code for predicting an S.S.N. is a dramatic exaggeration.”
    • the agency was in the process of creating a random system for assigning numbers, which will be put in place next year.
    • even if the agency did assign numbers at random, it would not increase the security of hundreds of millions of numbers that had already been assigned.

Posted from Diigo. The rest of my favorite links are here.

No comments:

Subscribe via email

Enter your email address:

Delivered by FeedBurner

Disclaimer

Disclaimer

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure