.

Predicting Social Security Numbers from Public Data

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Jul 07, 2009 5:02 pm

Predicting Social Security Numbers from Public Data

Not sure where this should go, so why not in SE. Here is an academic paper on the topic by researches from Carnegie Mellon University that was just released on the Proceedings of the National Academy of Sciences web site and a couple links to articles reporting on it.

Predicting Social Security Numbers from Public Data

Report: Social Security numbers can be predicted
CNET - http://news.cnet.com/8301-1009_3-10280614-83.html
CNN - http://www.cnn.com/2009/TECH/07/07/soci ... index.html

Let the discussion begin...

Don
CISSP, MCSE, CSTA, Security+ SME
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sat Jul 11, 2009 4:35 pm

Re: Predicting Social Security Numbers from Public Data

I always wondered about this since I knew that the first 5 were easy to guess, just didn't know how easy the last 4 are.

"The Social Security number's first three digits -- called the "area number" -- is issued according to the Zip code of the mailing address provided in the application form. The fourth and fifth digits -- known as the "group number" -- transition slowly, and often remain constant over several years for a given region. The last four digits are assigned sequentially"
twitter.com/timmedin | http://blog.securitywhole.com
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Sat Jul 11, 2009 9:49 pm

Re: Predicting Social Security Numbers from Public Data

I have two brothers (two years apart, so this spans four years) and we all have the same first five numbers.

I was in the service some years ago and I remember personnel specialists being able to tell you your place of birth based on your SSN.  It was a big joke.  Some of them claimed to by psychic.  You'd put your home of record as being say Utah and they'd say, "but you were born around San Francisco, right?"  Everybody would chuckle and life would go on.

My wife does medical work and turned me on to the Social Security Death Index.  This is a database where you can find out if a particular social belongs to a dead person.  I started thinking years ago that with that data (to help bracket in the last four numbers based on birthdate) and the first five that were already easily guessable that you'd be on a legit number in no time.  Bad news is that the SSDI is freely available via many genealogy sites.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk

Return to Social Engineering

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software