Cyber-Thieves Rejoice: Feds Set to Open Social Security Data
by David KralikIn the movie “Live Free or Die Hard” villain Thomas Gabriel justifies his plan to take down the American economy by saying to John McClane (Bruce Willis), “You think I’m the bad guy. Nothing could be further from the truth. I’m the good guy here. I told them this could happen if they didn’t listen. Did I get a ‘Thank you?’ No, I got a ‘F–k you.’ But they wouldn’t listen….That’s right. I am doing the country a favor.”
Thomas Gabriel’s plot was to take over a data center in Maryland and siphon off billions of dollars. It’s frightening when life imitates fiction but a Gabriel-like plot may very well happen unless citizens speak up and demand more accountability with a contract that the Social Security Administration (SSA) intends to award that allows you to check your social security funds online.
I’m all in favor of having the government do more online and with fewer people, but not if it means the bad guys can potentially rip off the government for billions of dollars. But while the movie bad guys had to jump through hoops to try and steal the money, the SSA has created a system that will allow the bad guys to simply ask for it. How can this be done and why hasn’t anyone in government objected to unleashing government access into our lives?
The SSA recently issued an RFP that will allow a private contractor the ability enable consumers to access to SSA accounts online by asking both non-credit and credit-related questions to prove your identity. There are two problems with this approach.
First, each time they ask you a credit-related question, it results in a pull on your credit rating, so your credit score is likely to drop with successive inquiries. Second, authenticity is “assured” by asking the user a set of four questions based on your credit report. But if a user fails to answer these questions correctly, the user is given a second attempt at answering four new questions. Only after the third attempt, will the Website end the session of a user. But, a user can just as easily close their browser and start all over again.
As you can imagine, with enough tries, anyone can guess at this information, all without being locked out of the system. So anyone who has, through ID theft, acquired a bunch of Social Security numbers (remember when the Fed’s allowed 26 million social security numbers stolen?) can make an attempt to get all the questions that may be asked.
If successful, a hacker can then hijack anyone’s account that is receiving a monthly benefit check or deposits, have those monthly amounts deposited into their offshore accounts and have the real person suffer without the funds they need to survive. According to Cybersecurity experts I spoke with here in Silicon Valley, it would take only a few people a couple of weeks to hijack 100-500,000 accounts with the new system. If each beneficiary was receiving only $1,000 per month the hackers could steal as much as 500 million dollars each month.
And given the fact the funds could be electronically routed through multiple offshore bank accounts (start with Russia, the Wild West of Banking, then Malta and then a regional bank in Switzerland) it would be hard to trace where the money ended up.
So while Hollywood needed to come up with an elaborate plot to steal billions from a government agency, it seems the SSA has edited that plot to make it much easier and less risky for the bad guys. Leave it up the government to create a bailout program for the bad guys that will cost taxpayers even more money.
Email this to a friend | Print |
Share on Facebook
| Tweet this
| 
Follow Us on Twitter
Subscribe via RSS
Got a Tip?
27 Comments
My fund will likely read ZERO 'cause that's what I'll probably get from SS.
Thinking back to my college years here…remember how shocking it was to some of us to realize that many professors there ("instructers" or faculty) would actually instruct AGAINST common sense or, rather, contrary to practice? Worse, when questioned, the response was brutal and condemning. So here again we see just how faulty the "theory vs. practice" people are, they can talk, write and fund elaborate theories that fail, utterly fail, to function in practice.
It would appear to me that this is worth writing or calling one's elected representative about. If enough noise is made . . . .
right……………………………who came up with this idea? did he get a bonus?
fishy, fishy, fishy………………the government giving control to the private sector……..i smell fish.
Social Security is bankrupt, so any account balance they show for me is bogus.
That being said, I love it that the government is making it easier for someone to steal the money the government is stealing from me now in order to pay off my grandparents' social security. Whoever thought this was a good idea either stands to gain from such theft or needs to be pillored in the public square for idiocy.
Whatever happened to issuing plain old usernames and passwords/passphrases?
Isn't going online to check your Social Security Funds kinda like asking to speak to your Fantasy Football team at Halftime?
I mean sure they are real players just like it is real money, but you're never really going to play them as a team just like you're never really gonna get that money back.
Could individuals simply opt out of this cyber-system?
Gee, I think the kids in the government would be shocked that anyone wouldn't want to be a part of this screw up.
This article is so full of inaccuracies, I don't know where to start.
First off, this type of credit pull authentication has been in use for about ten years now. I know, because I helped code it. It does not result in a hard inquiry on your credit, and has ZERO effect on your report or score.
Second, we developed this kind of code to make hacking it rather difficult. You can certainly try to get all the questions, but the number of times you're allowed to try is severely limited. Just starting a new web session won't do the trick over the long haul–enough attempts and you can no longer attempt to validate this individual online.
Third, there is nothing new here–we see this kind of attempt at fraud all the time. This was the entire reason these credit-based questions came about–they make it much harder to open any kind of account using stolen wallet -type data (SSN, address, name, bday). Customers who use this solution have seen a significant drop off in fraudulent activity as a result of these kind of implementations, and to date none of the major credit bureaus have suffered any kind of data theft.
So…nice try. I'd suggest learning how the credit industry works, and what kind of controls are in place, before spouting this kind of scare-mongering yet fact-light diatribe.
"it results in a pull on your credit rating, so your credit score is likely to drop with successive inquiries."
That would be a "soft inquiry", which doesn't affect one's credit rating.
mark of the beast stuff here…
Not to get all black helicopter with you, but consider this: you willingly give up your identity online when you buy and sell. Seeing that in End Times no one will be able to buy or sell without the 'mark of the beast' one wonders exactly what will be the outcome of this invasion/theft of your identity.
If not the SS# could it be some other kind of 'secure' tag?
Just asking…
More asinine manuvers from in inept group of power hungry socialist clowns.
It's bad enough that several Obama initiatives have Orwellian overtones or that many Obama Administration actions smack of "backdoor reparations".
Now we open up our most sensative data to the continent most likely to benefit from U.S. citizen I.D. fraud, Africa? Reperations for an entire continent?
STOP THE MADNESS! One term might be TOO LONG! PLEASE, SOMEONE, FIND A HIGH CRIME AND/OR MISDEMEANOR SOON!
THIS GUY OBAMA IS NIXON'S PARANIOD, GOV. PRICE FIXING TYPE IMPERIALIST PRESIDENT CLONE, THERE HAS TO BE A CRIME COMMITTED BY HIM BY NOW, RIGHT?
More asinine manuvers from in inept group of power hungry socialist clowns.
It's bad enough that several Obama initiatives have Orwellian overtones or that many Obama Administration actions smack of "backdoor reparations".
Now we open up our most sensative data to the continent most likely to benefit from U.S. citizen I.D. fraud, Africa? Reparations for an entire continent?
STOP THE MADNESS! One term might be TOO LONG! PLEASE, SOMEONE, FIND A HIGH CRIME AND/OR MISDEMEANOR SOON!
THIS GUY OBAMA IS NIXON'S PARANIOD, GOV. PRICE FIXING TYPE IMPERIALIST PRESIDENT CLONE, THERE HAS TO BE A CRIME COMMITTED BY HIM BY NOW, RIGHT?
We'll have to pledge alligence to Obama and be issued an "I.D. Card"….
Or as the SS had to do, pledge alligence to Der Furher and get a blood type tatoo on the inside of one's inner arm…same difference
scarily so…
None of the major credit bureaus have reported any kind of serious data theft, but that does not mean it has not happened. I used to work for one of the big three as a systems programmer and know for a fact there were some smaller incidents that caused concern. They would never officially admit it of course.
Before making this information available on the Internet, the gateways to the information were difficult to find and easier to secure. Placing gateways to this information on the Internet increases the odds of a breach significantly. It only takes one crucial mistake by one developer to open a hole in your security. It might not even be a developer that works for you, but for the database or OS developers. Being on the Internet increases your audience of hackers.
Except that it still shows up on your report and can be used however the end-user of the report desires.
No doubt there will soon be a push towards biometric security. Just wait for the Democratic Bill pushed by Obama to subsidize the purchase of Iris scanners for every home in the nation.
You would think with how much he is pissing off the CIA that they would be wiretapping the hell out of him. Those are not the right guys to mess with. Yet more naivete by the Supreme Ruler.
Thinking back to my college years here…remember how shocking it was to some of us to realize that many professors there ("instructers" or faculty) would actually instruct AGAINST common sense or, rather, contrary to practice? Worse, when questioned, the response was brutal and condemning. So here again we see just how faulty the "theory vs. practice" people are, they can talk, write and fund (on someone else's money) elaborate theories that fail, utterly fail, to function in practice. Cass Sunstein (Obama's "Internet Czar") and Tim Geithner (O's Treasury Secretary) come to mind here.
Meanwhile, one's SS# is on envelopes sent by the govt; it is the student ID at any number of colleges; it is asked for by sales clerks for one to obtain store credit cards; it is required by doctors for their records; etc.
Okay, you all are officially scaring the heck out of me…
[...] here to read the rest: Cyber-Thieves Rejoice: Feds Set to Open Social Security Data This entry is filed under America – Blogs, Big Hollywood. You can follow any responses to this [...]
TJ, that would be the normal course, except for Senator Spector. The only thing he hears is the mush in his head. grrrr
[...] Girl”: Michelle Obama and the Martha’s Vineyard black elite Post racial…. Cyber-Thieves Rejoice: Feds Set to Open Social Security Data “Transparency” was only supposed to apply to the administration; not all of us Scorsese [...]
I'm looking forward to medical records for everyone available online too. Will those muslims who stalked the upper crust community in Maryland for women to kidnap find it useful to find a cripple first online? Who is going to pair AIDS medical data with a Google map app? Ah, more social security data online wont lead to more identity fraud with Obama's open borders and his Attorney General Eric "Nation of Cowards" Holder fighting Georgia from requiring proof of citizenship to register to vote right?
that should go over quite well, don't you think?
You must be logged in to post a comment.