Fraud Protection Algorithm Breeds Method to Guess SSN Using Personal DetailsS

The same algorithm developed by the government to protect people from applying for fraudulent social security numbers is now being adapted by Carnegie Mellon researchers to guess—within a few points of accuracy—your entire SSN.

Their method varies in accuracy from state to state, but the basics of it is that they use your birth date and the area you were born to come up with a likely match for the first few digits of your SSN.

Since the late 1980s, the government has promoted an initiative termed "Enumeration at Birth" that seeks to ensure that SSNs are assigned shortly after birth, which should limit the circumstances under which individuals apply for them later in life (and hence, make fraudulent applications easier to detect).

The last few digits are harder to guess correctly. If the algorithm narrows down your details to just the last few and attack it with a brute force method—say online, on a site that lets you try multiple times—this could mean that people could forge your identity by using details you have on Facebook, coupled with a botnet of a couple thousand machines. [Ars Technica]