Social networking sites may make identity theft easier

As more people join social networking sites, the amount of information being shared on the Internet has drastically increased. With some key information often provided on social networking sites, identity thieves can piece together Social Security numbers more easily.

A New York Times article reported that a paper published at Carnegie-Mellon University last year by Alessandro Acquisti and Ralph Gross, stated that the pair could “accurately predict the full, nine-digit Social Security numbers for 8.5 percent of the people born in the United States between 1989 and 2003 — nearly five million individuals.”

They would accomplish this by using public information, including social networking profiles, to find the birthdates and city or state of birth of those individuals. These pieces of information helped the researchers determine the geographic location of the individuals, which would reveal the first three digits of the social security number.

Knowing the first three digits still left six to be predicted, and the government doesn’t disclose how those are assigned. Chris Gregg, director of IRT, has heard of the issue of easily determining the first few digits of the social security number and said it has been discussed in some IT circles.

“It could be a risk in that it can reduce the number of SSN digits [an] identity thief would need to guess,” Gregg said via e-mail. “This is probably a greater risk if the thief had access to the last four digits of the SSN as well, which some companies still use to help verify a person’s identity.”

If an identity thief has some digits of a Social Security number, he or she can use number-generating technology and possibly decipher the rest.

“The irony is the remarkable power on desktops and servers today that can be applied to productive, positive uses can also be applied to illegal, intrusive uses,” IRT Vice President Sam Levy said via e-mail. “There are many very sophisticated methods for what is known as ‘data mining.’ The question is whether the data are gotten legally and used legally. The best advice is still to be very careful about what you put online, and especially any personal information that can lead to any type of pattern matching.”

Most St. Thomas students use some type of social networking site, and many use privacy and security controls to limit the amount of information that some friends and non-friends, can view on their profile. But lots of information is exchanged without a second thought, including birthday greetings and information about jobs and where people attend school.

Many of the students said they trust the security and privacy that Facebook provides, but most said they don’t trust it 100 percent.

“I think that people need to be really careful about Facebook because I think that no matter how much privacy you set you still have so many people you’re connected to and so many ways people can see your information,” freshman Madee Carlson said.

Sophomore Sara Twiehaus has heard of the issue of identity thieves finding out some digits of a person’s Social Security number by using the birthdate. For that reason, she does not list her year of birth on her Facebook profile and said knowing that is “pretty terrifying.”

“People seem to just put whatever they want on [their profile] and they don’t really think that other people besides their good friends and family can see it and that can get really dangerous,” Twiehaus said.

Sophomore Julian Woodhouse has heard of the issue as well. Someone guessed where he was born based on the first three digits of his Social Security number, even though he was born in Germany.

Although many companies mean well, sophomore Ilya Natarius said privacy and security does not always stand up to hackers. He mentioned the PayPal issue a few years ago where users’ bank information was hacked from the site.

“There’s the one kind of code that says if there’s information security that’s written, it can always be unwritten no matter how hard you try,” Natarius said. “So it is what it is you have to accept it and just try as hard as you can to keep as much information private.”

The New York Times reported that the work done by the Carnegie-Mellon researchers presents a potential risk, but not an actual one. However, unpublished research by the two “explores how criminals could use similar techniques for large-scale identity-theft schemes.”

Many St. Thomas students, including senior Michael Alexander, think the young generation is too relaxed about sharing information on social networking sites and elsewhere.

“I feel like people don’t always think things through especially if it comes to the point of an employer seeing it or who they give their information to,” Alexander said.

Stephani Bloomquist can be reached at slbloomquist@stthomas.edu