In the movie “Live Free or Die Hard” villain Thomas Gabriel justifies his plan to take down the American economy by saying to John McClane (Bruce Willis), “You think I’m the bad guy. Nothing could be further from the truth. I’m the good guy here. I told them this could happen if they didn’t listen. Did I get a ‘Thank you?’ No, I got a ‘F–k you.’ But they wouldn’t listen….That’s right. I am doing the country a favor.”
Thomas Gabriel’s plot was to take over a data center in Maryland and siphon off billions of dollars. It’s frightening when life imitates fiction but a Gabriel-like plot may very well happen unless citizens speak up and demand more accountability with a contract that the Social Security Administration (SSA) intends to award that allows you to check your social security funds online.
I’m all in favor of having the government do more online and with fewer people, but not if it means the bad guys can potentially rip off the government for billions of dollars. But while the movie bad guys had to jump through hoops to try and steal the money, the SSA has created a system that will allow the bad guys to simply ask for it. How can this be done and why hasn’t anyone in government objected to unleashing government access into our lives?
The SSA recently issued an RFP that will allow a private contractor the ability enable consumers to access to SSA accounts online by asking both non-credit and credit-related questions to prove your identity. There are two problems with this approach.
First, each time they ask you a credit-related question, it results in a pull on your credit rating, so your credit score is likely to drop with successive inquiries. Second, authenticity is “assured” by asking the user a set of four questions based on your credit report. But if a user fails to answer these questions correctly, the user is given a second attempt at answering four new questions. Only after the third attempt, will the Website end the session of a user. But, a user can just as easily close their browser and start all over again.
As you can imagine, with enough tries, anyone can guess at this information, all without being locked out of the system. So anyone who has, through ID theft, acquired a bunch of Social Security numbers (remember when the Fed’s allowed 26 million social security numbers stolen?) can make an attempt to get all the questions that may be asked.
If successful, a hacker can then hijack anyone’s account that is receiving a monthly benefit check or deposits, have those monthly amounts deposited into their offshore accounts and have the real person suffer without the funds they need to survive. According to Cybersecurity experts I spoke with here in Silicon Valley, it would take only a few people a couple of weeks to hijack 100-500,000 accounts with the new system. If each beneficiary was receiving only $1,000 per month the hackers could steal as much as 500 million dollars each month.
And given the fact the funds could be electronically routed through multiple offshore bank accounts (start with Russia, the Wild West of Banking, then Malta and then a regional bank in Switzerland) it would be hard to trace where the money ended up.
So while Hollywood needed to come up with an elaborate plot to steal billions from a government agency, it seems the SSA has edited that plot to make it much easier and less risky for the bad guys. Leave it up the government to create a bailout program for the bad guys that will cost taxpayers even more money.
COMMENTS
Please let us know if you're having issues with commenting.