Register for an account

X

Enter your name and email address below.

Your email address is used to log in and will not be shared or sold. Read our privacy policy.

X

Website access code

Enter your access code into the form field below.

If you are a Zinio, Nook, Kindle, Apple, or Google Play subscriber, you can enter your website access code to gain subscriber access. Your website access code is located in the upper right corner of the Table of Contents page of your digital edition.

Technology

Researchers Guess Social Security Numbers From Public Data

80beatsBy Eliza StricklandJuly 7, 2009 7:42 PM
social-security-card.jpg

Newsletter

Sign up for our email newsletter for the latest science news

Were you born after 1988 in a small state? If so, researchers would have a particularly good chance of figuring out your Social Security number. In a new study, researchers used publicly available data, including an individual's place and date of birth, to guess the Social Security number that would have been assigned to that person. And the study's authors say that cyber-crooks could use similar techniques for identity theft.

“We live in a precarious time, where knowledge of a Social Security number, along with other information about one’s name and date of birth, is sometimes sufficient to impersonate another individual,” said Alessandro Acquisti, the study’s lead author [Bloomberg].

Acquisti's team shared their results with the federal government, but the Social Security office is downplaying the findings; spokesman Mark Lassiter said there is still no "foolproof" method for predicting Social Security numbers.

"The suggestion that Mr. Acquisti has cracked a code for predicting an SSN is a dramatic exaggeration," Lassiter said via e-mail. However, he added: "For reasons unrelated to this report, the agency has been developing a system to randomly assign SSNs. This system will be in place next year" [AP].

For the study, which was published in the Proceedings of the National Academy of Sciences, researchers first combed through the Social Security Administration's "

Death Master File," which lists the numbers of people who have died. The purpose of making that file public is to prevent impostors from assuming the Social Security numbers of deceased people. But by plotting the data for people listed on the file between 1973 and 2003 the researchers were able to develop patterns for number issuance [AP].

The number assigned to each individual is currently based partially on the zip code where they were born, and partially on the date the number was issued. In 1988 the government began issuing numbers at birth, making it easier for researchers to determine that second factor. The researchers then delved into a variety of public sources to find individuals' places and dates of birth--including social networking profiles that had been left public, for all to see. For people born after 1988, it took only one attempt to identify the first five Social Security digits for 44 percent of the people.

They were able to identify all nine digits for 8.5% of people born after 1988 in fewer than 1,000 attempts. For people born recently in smaller states, researchers sometimes needed just 10 or fewer attempts to predict all nine digits [Los Angeles Times].

While 1,000 attempts may seem like a lot of work to figure out one Social Security number, researchers note that computers can be programmed to do the work at lightning speed.

Through a process called “tumbling,” hackers can exploit instant online credit approval services — or even the Social Security Administration’s own verification database — to test multiple numbers until they find the right one. Although these services usually block users after several failed attempts, criminals can use networks of compromised computers called botnets to scan thousands of numbers at a time [Wired.com]. 

Related Content: 80beats: Hackers Infiltrate Pentagon’s $300 Billion Fighter Jet Project 80beats: Mystery of the Conficker Worm Continues: Does It Want to Scam or Spam? 80beats: Electrical Espionage: Spies Hack Into the U.S. Power Grid 80beats: Is the U.S. Government Losing the Battle Against Hackers?Image: FBI

2 Free Articles Left

Want it all? Get unlimited access when you subscribe.

Subscribe

Already a subscriber? Register or Log In

Want unlimited access?

Subscribe today and save 70%

Subscribe

Already a subscriber? Register or Log In