Now they can guess your Social Security Number
Tue Jul 7, 2009 11:19AM EDT
See Comments (199)
By now we've had it beaten into our thick skulls: Protect your Social Security Number at all costs, because those nine magic digits are the gateway to your entire life. Financial history, medical records... just about everything hinges on your SSN remaining private.
As such, large-scale thefts of SSN and other private information continue to make headlines, but this piece of news takes the cake: Researchers at Carnegie Mellon University have now figured out a way to roughly reverse engineer the way in which Social Security Numbers are assigned. Armed with your date of birth and the state in which you were born, it's now possible to generate a quite small set of digits that are likely to contain your actual SSN.
How is this possible? Mainly because SSNs aren't just randomly generated. The first three digits are tied to your state of birth, and the next two digits (the "group number") are used sequentially as SSNs are handed out over time. The final four digits are supposedly random, but using a public database called the Death Master File, which lists SSNs that were held by the deceased, patterns emerged in those digits, as well.
The result is that, depending on the state and year of birth (the older you are and the larger your state of birth, the harder it is to guess your SSN), the researchers could guess a Social Security Number's first five digits with up to 90 percent accuracy, and the last four digits with up to 5 percent accuracy. Considering the odds of getting a SSN right by random guess really ought to be 1 in a billion, that's a phenomenal success rate.
And if those numbers seem small, consider that with the use of commonly-available botnets, computers could correctly guess dozens of SSNs every minute by simple brute force as they apply for bogus credit cards en masse. The Ars Technica story linked above also notes that many credit card verification services allow for a couple of digits in an SSN to be wrong, as a convenience for forgetful applicants, opening the door a little wider for hackers.
What happens now? It's hard to imagine an organization as venerable and bureaucratic as the Social Security Administration to change the way it works, but it's hard not to think that the nine-digit SSN may have at last outlived its utility, and its security. Still, just try to imagine the upheaval should the country attempt to move to longer numbers...
Top 5 Posts
More About Miscellaneous
Comments on Now they can guess your Social Security Number
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
27 Posted by msmari1976 on Tue Jul 7, 2009 2:56PM EDT Report Abuse
Oh Great! There goes our privacy and everything else that a person works hard for. If this is what we are going through...One can not help but wonder what will happen to our children and the next generation.
-
28 Posted by superscott5932 on Tue Jul 7, 2009 3:47PM EDT Report Abuse
well said...why would you publically publish this, a bunch of morons
-
29 Posted by therussells2007 on Tue Jul 7, 2009 4:11PM EDT Report Abuse
Should go to bar codes with pin numbers and scanners everyone can aford so that they may use them where needed. even at home when entering info.
-
30 Posted by mattmcconnell1 on Tue Jul 7, 2009 4:14PM EDT Report Abuse
it doesnt make any sense, for I was not born in US so how can my firt digits come from my state of birth??
-
31 Posted by skankboy_99 on Tue Jul 7, 2009 4:18PM EDT Report Abuse
Aren't the first three numbers actually tied to the state you apply for the card in rather than the state you were born in. If that isn't true then because mine would lead you to beleieve that I was born in Oklahoma rather than the state I was actually born in.
-
32 Posted by jwm8351 on Tue Jul 7, 2009 4:26PM EDT Report Abuse
Why is my used for any thing but ssn stuff?
-
33 Posted by blondietatt04 on Tue Jul 7, 2009 4:31PM EDT Report Abuse
um, sorry folks, the first three numbers are not your birthstate, they are the numbers assigned to the state in which you lived in when your SSN was applied for. http://w2.eff.org/Privacy/ID_SSN_fingerprinting/ssn_structure.article this link will help you all.
-
34 Posted by biggggboytoy on Tue Jul 7, 2009 4:32PM EDT Report Abuse
this is now revelations..once the ssn is gone they will insert chips into the hands of people for verification of the specific person..just a matter of time when this happens..
-
35 Posted by jpketchum10 on Tue Jul 7, 2009 4:35PM EDT Report Abuse
Ask the illegals how they do it? They don't speak a lick of english yet they claim to be an American citizen.Then there on someone's payroll, which we all know requires a social security number. Our politicians stabb the american citizen in the back for a vote.That is why they do not enforce our current immigration laws and secure our borders.Welcome to liberal america!! It's been time; America wake up!!!
-
36 Posted by drfuzzysnuggles on Tue Jul 7, 2009 4:36PM EDT Report Abuse
If it can be memorized, then any numerical password sequence is crackable--simple as that. Frankly, I'm amazed it took THIS long to figure SSN cracks. Now the mathematical system has been discovered, some wealthy $$$ SPAM KING will buy it. Bar coding is out and laughable as an option. A new SSN system of using a long mix of alpha and numeric characters is discussable--but the time / cost of implementing such for ALL Americans is staggering. Perhaps a cost effective approach would be to identify people into the SS system using DNA or eye retinal scan. Looks like another pet project at the ASAP urging from the Obama/Biden/Pelosi team--pray they don't wreck America doing it.
-
37 Posted by drfuzzysnuggles on Tue Jul 7, 2009 4:36PM EDT Report Abuse
If it can be memorized, then any numerical password sequence is crackable--simple as that. Frankly, I'm amazed it took THIS long to figure SSN cracks. Now the mathematical system has been discovered, some wealthy $$$ SPAM KING will buy it. Bar coding is out and laughable as an option. A new SSN system of using a long mix of alpha and numeric characters is discussable--but the time / cost of implementing such for ALL Americans is staggering. Perhaps a cost effective approach would be to identify people into the SS system using DNA or eye retinal scan. Looks like another pet project at the ASAP urging from the Obama/Biden/Pelosi team--pray they don't wreck America doing it.
-
38 Posted by u_listen_to_me on Tue Jul 7, 2009 4:40PM EDT Report Abuse
Just make it a 16 digit number like the credit card numbers with Alphanumerics and all...course them there are people such as these that have no life anyway, but examine ways to get into people private lives
-
39 Posted by sashie0619 on Tue Jul 7, 2009 4:40PM EDT Report Abuse
The first three numbers are not where you were born they maybe the state in which the card was issued. My friend and I went to the SS office in Paterson, NJ to get our SS cards. It was an assignment by our Social Studies teacher at Central High School in 1962. I was in line before her. I was born in Pennsylvania, she was born in Paterson, NJ. We both have the first 8 numbers, her last number is one higher than mine. So I think they need to do a little more research!
-
40 Posted by crossties1 on Tue Jul 7, 2009 4:49PM EDT Report Abuse
FOlks, this is not ne winfo. new-to-you doens't mean people who want to hack hadn't figured it out a looong time ago. To all the Knthart supporters; big government= big CONTROL, not big SECURITY. There is a big difference. You ask for a king, and don't care what it will costyou.
-
41 Posted by jamesbwave on Tue Jul 7, 2009 4:52PM EDT Report Abuse
great knthart, do we really need more government agencies. NO!
-
42 Posted by mightb4u2000 on Tue Jul 7, 2009 4:56PM EDT Report Abuse
i got lifelock, so no big deal, or is it.
-
43 Posted by mcsincnj_98 on Tue Jul 7, 2009 4:57PM EDT Report Abuse
SSN was never supposed to be tied to any financial, medical or any other data. Blame the banking industry for not wanting to invest in it's own set of numbers. On the plus side, I heard that because SSA is almost out of numbers, they are going to do away with the first numbers being tied to the state you were born. So essentially a full randomization will occur.
-
44 Posted by sekhmeht on Tue Jul 7, 2009 5:01PM EDT Report Abuse
Yeah, post how people did it so others can figure it out too......brilliant!
-
45 Posted by rickmoerer@rocketmail.com on Tue Jul 7, 2009 5:06PM EDT Report Abuse
I hate to tell these people that they are wrong on their study. My SSN starts with the same 3 #'s that were issued in new york and i was born in washington. when i have to give my SSN to someone i am asked alot, "oh you were born in New York", and i have to tell them no i was born in washington. then they tell me there SSN # starts with the same 3 #'s as mine but they were born somewhere else, not in washington. So they need to rellok at their study, and im only 31 years old.
Sponsored Links
My Tech
Please enable your browser's cookies to activate the My Tech column.
Also on Yahoo! Tech
| Computers | Home Office | Wi-Fi & Networking | Phones & PDAs | Cameras & Camcorders | TV & Home Theater | Portable Audio |
|---|---|---|---|---|---|---|
26 Posted by yellowrosetx777 on Tue Jul 7, 2009 2:52PM EDT Report Abuse
Not everyone got there SS# when they were born. I was 12 and did not live in the state that I was born in. In the 60's most kids did not get one till they were going for a job. I got mine when my brother got his for a job. The first 3 digets tell what sate you were in when you got your SS# not where you were born. NOw you get them where the child is born but not years ago. I know I am old. LOL Check you facts nest time!!