Published with Permission by:
Lint, James R., “Hacking Assistance for Social Oversharing”, In Cyber Defense, 30 May 2017, Web, http://incyberdefense.com/news/happy-birthday-hacking-assistance-social-oversharing/
For some 40 years, the U.S. military has required all service personnel to wear identity tags, also known as dog tags, which include each soldier’s Social Security Number (SSN). In the recent years, dog tags provide a name, SSN, blood type and religion. All are essential items when soldiers are injured or worse.
Now the Army is changing the dog tag to protect soldiers’ data. It will switch to a 10-digit, randomly-generated number on an as-needed basis, said Michael Klemowski, Soldiers Programs Branch chief, U.S. Army Human Resources Command. The first to get the new dog tags will be those units being deployed into hostile locations.
One reason for the change is that in today’s battlefield, being captured wearing a dog tag with the soldier’s name and SSN could create trouble for the soldier and his family. The enemy is savvy and could use the SSN and the Internet to exploit bank accounts and other personal data.
Even in an organization as tradition-bound as the U.S. Army, change is possible. This switch to a 10-digit dog tag should be an example to other organizations that use or require more privacy data than needed on identification badges or other forms of ID.
Avoid an Un-Happy Birthday by Keeping Certain Data off the Internet
When people post their birthday on social media such as Facebook or LinkedIn, they expect to receive many Happy Birthday greetings for a couple of days before and after their birthday.
There is also the possibility they could have an unhappy birthday, too. Posting a birth date can be used by hackers to reset passwords on email accounts, bank accounts and other personal apps.
Sadly, some websites will ask for your birthday as an identity check. Often, they are not looking to know someone’s age, just what is stated as that person’s age for their inquiry verification. But that information is now in a database.
Cyber Security Defenders Call Birthday Data Vulnerabilities
Professor Herbert H. Thompson asked some of his acquaintances for permission to break into their online banking accounts. The goal was to access their online accounts using the information about them, their families and acquaintances that is freely available online.
He described his hack into a bank account in an article in Scientific American: “In a rare moment of clarity, I simply searched her [university email server] for ‘birthday.’ She made a reference to it on a post that gave me the day and month but no year.”
Thompson’s guess of her birth year turned out to be off by only one year. That was enough to successfully change her passwords, because of the number of attempts allowed on the email system.
Hackers call these attempts guesses; cyber security defenders call them vulnerabilities.
“A birth date, along with a name and hometown, can be used in a formula to recreate your Social Security information,” cyber security expert John Sileo told ABC News. “And, those are three defaults on Facebook.”
Your Birthday Can Lead To Your SSN
“[M]ost of the SSN-related ID theft problems have resulted from institutions that were careless with their record keeping, allowing SSNs to be harvested in bulk,” says ARS Technica. But a “pair of Carnegie Mellon researchers has now demonstrated a technique that uses publicly available information to reconstruct [individual] SSNs with a startling degree of accuracy.”
This came from a 2009 article. Most of us would readily agree that technology has changed a lot since then. The hackers too are much more advanced.
Industry Must Adopt Data Protection Methods Like the Army Has Done
We see the U.S. Army make improvements in data protection. Now we need to see similar improvements in industry. The future is bright for cybersecurity engineers, innovators and inventors. There is a wide-open race to build security safeguards into the programs and devices we use.
About the Author
James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.
Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 “Secrets to Getting a Federal Government Job.”