Now they can guess your Social Security Number
Tue Jul 7, 2009 11:19AM EDT
See Comments (199)
By now we've had it beaten into our thick skulls: Protect your Social Security Number at all costs, because those nine magic digits are the gateway to your entire life. Financial history, medical records... just about everything hinges on your SSN remaining private.
As such, large-scale thefts of SSN and other private information continue to make headlines, but this piece of news takes the cake: Researchers at Carnegie Mellon University have now figured out a way to roughly reverse engineer the way in which Social Security Numbers are assigned. Armed with your date of birth and the state in which you were born, it's now possible to generate a quite small set of digits that are likely to contain your actual SSN.
How is this possible? Mainly because SSNs aren't just randomly generated. The first three digits are tied to your state of birth, and the next two digits (the "group number") are used sequentially as SSNs are handed out over time. The final four digits are supposedly random, but using a public database called the Death Master File, which lists SSNs that were held by the deceased, patterns emerged in those digits, as well.
The result is that, depending on the state and year of birth (the older you are and the larger your state of birth, the harder it is to guess your SSN), the researchers could guess a Social Security Number's first five digits with up to 90 percent accuracy, and the last four digits with up to 5 percent accuracy. Considering the odds of getting a SSN right by random guess really ought to be 1 in a billion, that's a phenomenal success rate.
And if those numbers seem small, consider that with the use of commonly-available botnets, computers could correctly guess dozens of SSNs every minute by simple brute force as they apply for bogus credit cards en masse. The Ars Technica story linked above also notes that many credit card verification services allow for a couple of digits in an SSN to be wrong, as a convenience for forgetful applicants, opening the door a little wider for hackers.
What happens now? It's hard to imagine an organization as venerable and bureaucratic as the Social Security Administration to change the way it works, but it's hard not to think that the nine-digit SSN may have at last outlived its utility, and its security. Still, just try to imagine the upheaval should the country attempt to move to longer numbers...
Top 5 Posts
More About Miscellaneous
Comments on Now they can guess your Social Security Number
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
7 Posted by kevindtimm60 on Tue Jul 7, 2009 2:11PM EDT Report Abuse
what's funny is that this is wrong. at least one of their components to the algorithm is incorrect. 2 minutes of study will tell you what it is.
-
8 Posted by franco.lettieri on Tue Jul 7, 2009 2:13PM EDT Report Abuse
I think everyone should have to be finerprinted when you get your drivers license. Your identity should be backed up by fingerprints, head shot of face, photograph of retina, and signature.
-
9 Posted by michaelakiyama on Tue Jul 7, 2009 2:15PM EDT Report Abuse
This stupid article tells the crooks how to crack the social security system. Articles like this is not news, but acts of making trouble.
-
10 Posted by baltbear on Tue Jul 7, 2009 2:15PM EDT Report Abuse
it might be noteable that in 1981 or so, persons with "trust ratings" high enough to work with the fbi handing compleat rcods of perople were not allowed to know any more about how an ssn/ was generated than the first 3 digits. and there has always been a reason why an ssn by law
-
11 Posted by kbeck123 on Tue Jul 7, 2009 2:15PM EDT Report Abuse
THis only works for those issued SS numbers at birth, for those of us who are older you would need to know the state and the date we applied for a Social Security Card. Good luck with mine I moved 25 times in my first 20 years of life.
-
12 Posted by sardesignst@sbcglobal.net on Tue Jul 7, 2009 2:17PM EDT Report Abuse
This right here is why the news media sucks! Really? lets just explain to people how to steal your ssn by just figuring it out and the way they are made. While your at it why don't you describe the best way to bring a nuke to the U.S. Does anyone believe in too much news or is it just me?
-
13 Posted by patrickherring on Tue Jul 7, 2009 2:17PM EDT Report Abuse
wait....if you make the SSN's more secure, how are the illegals going to get free healthcare?
-
14 Posted by kc_williams.1125 on Tue Jul 7, 2009 2:17PM EDT Report Abuse
THE SOCIAL SECURITY "CODE" IS NOT A SECRET. THE FIRST 3 DIGITS ARE THE STATE. THE SECOND 2 ARE THE COUNTY/POSTAL CODE, AND THE LAST 4 ARE A RANDOM DRAW IN AGE RELATION TO POPULATION. WE WERE TAUGHT THIS IN 9TH GRADE. TAKE A GEOGRAPHIC IFORMATION SYSTEM'S CLASS AND YOU WILL BE TESTED ON THIS KNOWLEDGE. I LOVE IT WHEN RESEARCHERS CLAIM TO DISCOVER SOMETHING THAT WE ALREDY KNEW.
-
15 Posted by rcd2772 on Tue Jul 7, 2009 2:17PM EDT Report Abuse
This essentially isn't a big deal since companies do not ask for only your SSN to gain access to accounts. It's really not an extraordinarily huge deal. www.shirtgenius.com
-
16 Posted by dpaice71 on Tue Jul 7, 2009 2:19PM EDT Report Abuse
There is no part of my social that even hints at my date of birth....Month, day or year
-
17 Posted by rushabh21 on Tue Jul 7, 2009 2:22PM EDT Report Abuse
But SSN is 10 digit...why is this article stuck at 9? Even the screenshot shows 10 digits.
-
18 Posted by skofflaw007 on Tue Jul 7, 2009 2:25PM EDT Report Abuse
OH SNAP! i got some insider info from this blog URL="http://tinyurl.com/myssb7"]here[/URL]
-
19 Posted by sa.webber on Tue Jul 7, 2009 2:25PM EDT Report Abuse
Thanks alot for your help in showing people how to guess out SSN. Thanks a ton Yahoo. Now they know what numbers are linked to what.
-
20 Posted by lorraine_burris13 on Tue Jul 7, 2009 2:29PM EDT Report Abuse
KNTHART you are right on!
-
21 Posted by towcked4u1969 on Tue Jul 7, 2009 2:37PM EDT Report Abuse
Yeah that wouldn't work with mine either. My social starts with the same number as my son who was born in Arizona. But i wasn't born in Arizona, just happened that i didn't get a SS card until i was 13 - in Arizona.
-
22 Posted by pentax542000 on Tue Jul 7, 2009 2:39PM EDT Report Abuse
some way to help stop it. theyre basically showing everyone how it works -.-
-
23 Posted by bobbird3131 on Tue Jul 7, 2009 2:39PM EDT Report Abuse
Researchers!? I've known this is how they picked social security numbers since I was a teenager. How come it's taken the rest of you this long to catch up to the fact that it's a problem?
-
24 Posted by lifterforlife on Tue Jul 7, 2009 2:42PM EDT Report Abuse
That is so funny. All a person will have to do to crack someone's ss number is spoof them with something that asks for name, birthday and last four of social (more people feel secure with just last four) and you literally have their number down to one number left to guess. 1 in 10 chances-- how many credit card companies are their lmfao :p Thank god I am not on the victim side our computer revolution hahaha So easy to do bad things with technology. Especially with most people not fully understanding their own computers.
-
25 Posted by matthewfriedel on Tue Jul 7, 2009 2:42PM EDT Report Abuse
rushabh21 look at ur ssn card its 9 numbers
Sponsored Links
My Tech
Please enable your browser's cookies to activate the My Tech column.
Also on Yahoo! Tech
| Computers | Home Office | Wi-Fi & Networking | Phones & PDAs | Cameras & Camcorders | TV & Home Theater | Portable Audio |
|---|---|---|---|---|---|---|
6 Posted by heidi_m007 on Tue Jul 7, 2009 2:09PM EDT Report Abuse
Is this really all that those geniuses have to do?? Reverse engineer the SS system? Figure out and try to guess someones number? The United States has REAL PROBLEMS and THIS is what they are doing?? Don't forget to post it to every media outlet and teach every hacker exactly what steps you guys took to breach that system.