A new report suggests that with your date of birth and state of birth I can accurately predict what your Social Security Number will be. Will this decrease the value of a SSN in the hacker black market?
The researchers from Carnegie Mellon University used pattern analysis to statistically “guess” what your social security number should be. They analyzed the social security numbers of those that have died to determine what numbers could be available in the future and then used their pattern analysis data to determine what possible combinations can be furhter removed from the dataset based on your state of birth and date of birth.
The researchers identified in a single attempt the first five Social Security digits for 44 percent of the records of the people listed as dead from 1989 to 2003 and the complete Social Security numbers in fewer than 1,000 attempts for 8.5 percent of those records.
“Extrapolating to the U.S. living population, this would imply the potential identification of millions of SSNs for individuals whose birth data were available,” the report states.
What makes the report very worth reading is that toward the end of the report, the researchers use a scenario involving a botnet being used to apply for fraudulent credit cards based on guessing an 18 year old’s SSN. Although the report makes use of a couple assumptions including how easy it is to find birth date data for US residents, the general idea of predicting SSNs for fraudulent use is an interesting one.
The algorithm used to extrapolate and create credit cards numbers have been available for years and many credit card scam artists will use the algorithms to ensure the credit card number they have are legitimate. I expect the same to now occur in the next few years for SSNs. Data quality will be a problem that many botnet and identity theft attackers will be concerned with.