Two researchers at Carnegie Mellon University have shown they can reverse engineer a person’s Social Security number using, ironically, nothing more than data from publicly available data on government sites, and the data you share with the world on Facebook.
Like many confirmation numbers we use daily, from bus tickets to software purchase codes, Social Security numbers are assigned based on a formula that uses two inputs to generate a code. The inputs for SSNs are state of birth and date of birth, two things that most people have made available on social networking sites. That alone isn’t dangerous.
According to ArsTechnica, cracking the last four digits of an SSN, which are seemingly assigned at random, cuts the rate of accuracy considerably; the authors of the study were able to get a number right only after about 10 tries, more than enough failed tries to lock out an IP address on most banking sites. But they note that a botnet working in concert could attack smaller states with alarming alacrity–a virally-controlled network of 10,000 machines could crank out the identities of residents of the State of West Virginia at around 2,800 a minute, based solely on basic information from Facebook. It might be time to abandon the SSN as our primary credential in favor of something more comprehensively secure.
[Via ArsTechnica; Photo by chezrump]