Slashdot Mirror
HS Students Steal SSNs to Prove They Can
thatshortkid writes "Local news in Chicago is reporting about two Hinsdale Central High School students who breached their school's computer system and retrieved all of their peers' (plus staff's) Social Security Numbers. They claim they have destroyed the information and haven't given it out, but the SSA and FTC have been alerted for good measure. While they claim their motive was to prove that the breach could take place and no malice was involved, they face possible school disciplinary action and criminal charges."
From the article, it appears they didn't reveal the security flaws, they got caught. Besides, breaking into systems without permission just to show they are insecure isn't necessary. I've never had anybody who I reported a security problem to just pooh-pooh it, not even when I was a teenager.
Different SSN prefixes are assigned to specific SS offices to give out. What determines which one you get is which office you get your numbers/original card through.
In many cases (especially recently), SSNs are applied for semi-automatically through the hospital someone is born in, so in that case the hospital location would determine the prefix.
Personally, I didn't have a SSN until I was 23 (and only then because I couldn't avoid it anymore without causing myself hassles with otherwise-decent employers that I didn't feel like hassling with), so my prefix is the same as the office I applied through when I got mine at age 23, nothing to do with my birth location.
The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
What you do then is offer to make a bet. Offer him something nice and juicy, and get it in writing. Never do security testing without written permission.
I would think that people would have learned from the example of Randall Schwartz. You especially don't want to do it with someone who would be publically embarrassed by it because you're at high risk that they will file charges.