April 19, 2024, 09:52:11 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: NEW CHILD BOARD CREATED IN THE POLITICAL SECTION FOR THE 2016 ELECTION
 
   Home   Help Login Register  
Pages: 1   Go Down
« previous next »
  Print  
Author Topic: Social Security Numbering System Vulnerable to Fraud, Experts Say  (Read 1519 times)
0 Members and 1 Guest are viewing this topic.
MuffyBee
Former Moderator
Monkey Mega Star
*
Offline Offline

Posts: 44737
« on: July 06, 2009, 11:16:06 PM »
http://www.nytimes.com/2009/07/07/us/07numbers.html?hp
Social Security Numbering System Vulnerable to Fraud, Experts Say
By JOHN MARKOFF
Published: July 6, 2009
The nation’s Social Security numbering system has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth.
The findings, published Monday in The Proceedings of the National Academy of Sciences, are further evidence that privacy safeguards created in the era before powerful computers and ubiquitous networks are increasingly failing, setting up an “architecture of vulnerability” around personal digital information, the researchers said.

The researchers, Alessandro Acquisti, an associate professor of information technology and public policy, and Ralph Gross, a postdoctoral researcher, noted that there were a range of implications from the research, including that it was now possible to routinely reconstruct sensitive personal information from the type of online postings frequently found on social networking sites and other public sources.

The authors write that the predictability of Social Security numbers is “an unexpected consequence of the interaction between multiple data sources, trends in information exposure and antifraud policy initiatives with unintended effects.”

Identify theft is a global problem that has been greatly exacerbated by the rise of the Internet. Social Security numbers are widely used for identification and authentication, and are sold both by digital information aggregators and on black markets set up for the purpose of identity theft.

The accuracy with which it is possible to correctly predict an individual Social Security number varies both with the state in which a person was born and the date when the number was assigned, according to the researchers.

By testing their algorithm on a half million publicly available records in the Social Security Administration’s Death Master File, the researchers were able to identify statistical patterns that then permitted extrapolating to the country’s living population, making it possible — in principle — to identify millions of Social Security numbers for individuals whose birth date and location were publicly available.

“This report is a wake-up call,” said Peter Swire, a law professor at Ohio State University who served as the Clinton administration’s chief privacy counselor. “Social Security numbers are an aging technology, and we have to do serious planning for what will come next.”

From the researchers’ sample, it was possible to identify in a single try the first five digits for 44 percent of deceased individuals who were born after 1988 and for 7 percent of those born from 1973 to 1988. It was possible to identify all nine digits for 8.5 percent of those born after 1988 in fewer than 1,000 attempts.

The accuracy of the prediction system increased for smaller states and for people born after 1988. The accuracy was higher for those born in the late 1980s and after because of rules that led increasingly to the assignment of Social Security numbers at birth. The researchers, for example, reported that they needed 10 or fewer tries to predict all nine digits for 1 out of 20 Social Security numbers assigned in Delaware in 1996.

The researchers said that while it would not be easy for cybercriminals to reconstruct their methodology, they believed it was within the grasp of sophisticated attackers. They also emphasized that the prediction of Social Security numbers was just one component of identity theft. For example, an attacker who developed a similar algorithm might use it as part of an ambitious attack against an online credit reporting system, where many Social Security numbers could be tested rapidly.

A spokesman for the Social Security Administration played down the significance of the researchers’ findings.

“The public should not be alarmed by this report because there is no foolproof method for predicting a person’s Social Security number,” said the spokesman, Mark Lassiter. “The method by which Social Security assigns numbers has been a matter of public record for years. The suggestion that Mr. Acquisti has cracked a code for predicting an S.S.N. is a dramatic exaggeration.”

For decades, Mr. Lassiter said, the agency has cautioned the private sector against using the Social Security number as a personal identifier. He also said the agency was in the process of creating a random system for assigning numbers, which will be put in place next year.

Mr. Acquisti said that even if the agency did assign numbers at random, it would not increase the security of hundreds of millions of numbers that had already been assigned.

“My hope is that publishing these results may open a window of opportunity, so to say, to finally take action,” Mr. Acquisti said. “That S.S.N.’s are bad passwords has been the secret that everybody knows, yet one that so far we have not been able to truly address.”
Logged
  " Everyone is entitled to his own opinion, but not his own facts."  - Daniel Moynihan
WhiskeyGirl
Monkey All Star Jr.
****
Offline Offline

Posts: 7754
« Reply #1 on: July 07, 2009, 05:35:56 AM »
Quote
Medical identity theft takes many guises. In Mr. Sharp’s case, someone got hold of his name and Social Security number and used them to receive emergency medical services, which many hospitals are obliged to provide whether or not a person has insurance. Mr. Sharp still does not know whether he fell victim to one calamitous perp who ended up in several emergency rooms or a ring of accident-prone conspirators.

In another variant of the crime, someone can use stolen insurance information, like the basic member ID and group policy number found on insurance cards, to impersonate you — and receive everything from a routine physical to major surgery under your coverage. This is surprisingly easy to do, because many doctors and hospitals do not ask for identification beyond insurance information.

Even more common, however, are cases where medical information is stolen by insiders at a medical office. Thieves download vital personal insurance data and related information from the operation’s computerized medical records, then sell it on the black market or use it themselves to make fraudulent billing claims.

In a widely reported case in 2006, a clerk at a Cleveland Clinic branch office in Weston, Fla., downloaded the records of more than 1,100 Medicare patients and gave the information to her cousin, who in turn, made $2.8 million in bogus claims.


http://www.nytimes.com/2009/06/13/health/13patient.html?hp

How much of the nations medical bill is due to fraud?  I don't see anything in the Obama plan to root out fraud.  Any prosecutions?
Logged
All my posts are just my humble opinions.  Please take with a grain of salt.  Smile

It doesn't do any good to hate anyone,
they'll end up in your family anyway...
Pages: 1   Go Up
  Print  
Scared Monkeys Discussion Forum > Current Events and Musings > News of the Day > Topic: Social Security Numbering System Vulnerable to Fraud, Experts Say
 « previous next »
 
Jump to:  

Use of this web site in any manner signifies unconditional acceptance, without exception, of our terms of use.
Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC
 
Page created in 6.128 seconds with 19 queries.