Scraping Social Security Numbers on the Web | Cyber Security
Latest breaking news on Cyber security
One of the most accredited forms of validation for a citizen's identity is a Social Security Number. A Social Security Number is a significant piece of government-issued identification in the United States. When this information is compromised, it can lead to serious problems where an individual to impersonate someone.
A citizen may never know that their Social Security Number has been compromised, but even if they do, it can still take several months (or years) to obtain a new one. When a Social Security Number is compromised, whether it's known or not, a malicious entity can leverage it to impersonate them to achieve various goals including utilizing their health care and opening credit lines.
The most important steps to take once it is believed that a Social Security Number has been compromised is to first file an identity theft report with the local police. Secondly, place a fraud alert on your credit file indicating that a potential identity theft has occurred. This can be done by contacting a credit reporting agency such as Equifax, TransUnion or Experian.
Identity fraud is more common than many citizens believe. A study done by Javelin Strategy and Research in February of 2018 revealed that the rate of fraud victims per year is increasing.
Many incidents of identity fraud can be traced back to data breaches of major companies that deal with and store sensitive information of citizens. A recent example of a large amount of Social Security Numbers being leaked is the Equifax data breach discovered in July of 2017. In this breach, 145.5 million were reportedly affected. Due to this breach, digital attackers might have sold victims' Social Security Numbers online and/or shared freely by malicious entities.
When hackers and identity thieves look to share information or advertise information they're looking to sell, they migrate towards websites that allow for anonymous posting. The most commonly known and utilized are Pastebin, Gist and Slexy. At OCD-Tech we have been developing a tool that constantly scrapes these anonymous posting sites for sensitive information, one of which is Social Security Numbers.
We were able to capture 28,260 unique Social Security Numbers over about a year and 3 months. That comes to an average of 239 Social Security Numbers per week and 1,047 Social Security Numbers per month. The below image indicates a mapping of Social Security Numbers we found to the corresponding state which they were assigned from. (This practice was discontinued after June 2011, so not all found Social Security Numbers may be mapped.)
You can find out more information about the map here: https://plot.ly/~DanScrapy/20/ssns-scraped-from-march-2016-to-june-2018-hover-for-breakdown/
Protecting yourself from identity theft is a losing battle. The majority of Social Security Numbers compromised are due to breaches, which means there isn't much to be done by citizens to protect their Social Security Number.
The best that can be done is to monitor your credit report and stay up-to-date on current events involving breaches of sensitive information, especially those regarding companies you've given your Social Security Number to. Performing these actions can allow a citizen to report a potential threat quickly and mitigate damages. Alternatively, there are companies that provide identity theft monitoring as a service.
About the Authors:
Daniel Bohan is from West Roxbury, MA. He's currently a third year at Bucknell University studying Computer Science.
Daniel Kelly is from Braintree, MA. Daniel Kelly is in his last year at University of Alabama at Birmingham getting his Master of Science in Computer Forensics and Security Management.
Editor's Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.