Presentation on theme: "Deriving Mother’s Maiden Names Using Public Records Virgil Griffith Undergraduate Research Assistant Indiana University DIMACS Security."— Presentation transcript:
Deriving Mother’s Maiden Names Using Public Records Virgil Griffith Undergraduate Research Assistant Indiana University firstname.lastname@example.org DIMACS Security Workshop Rutgers University
Our Approach Data-mine online public records databases which are required by law to be public Use heuristics to deduce maiden names On a large enough scale, even the easiest cases lead to massive compromise. Could be applied anywhere, for simplicity we focused only on Texas.
Why Texas? Large population Significant in of itself Closer to national averages than California. Large states have good online records.
Surveying Potentially Useful Public Records US National Census Voter Registration Records Property Records Phonebooks Newspaper Obituaries Social Security Death Index Marriage Records Birth Records
Searching for Free Birth/Marriage Records Add 4,499 Texans Fully Compromised: 4,499 Mormons Searchsystems.net County Records Found: 12 Marriage Indexes 7 Birth Indexes County Records Found: 12 Marriage Indexes 7 Birth Indexes Rootsweb.com’s WorldConnect Family Tree’s for 4,499 Living Texans Rootsweb’s USGenWeb Texas Bureau of Vital Statistics
Texas Dept. of Vital Stats State archive for all vital information 1966-2002 Marriage index Online 1968-2002 Divorce index Online +6,174,968 Marriage Records Informs us that… In Oct. 2000 Birth indexes taken offline In June 2002 Death indexes also taken offline +2,431,967 Birth Records Texans Fully Compromised: 4,499
Low Hanging Fruit in Birth Records 1923-1949 Births have MMN in plaintext! 1,114,680 Males Auto-compromised 1,069,448 Females in records Connecting females born 1923-1949 to Marriages 1966-2002 gives 288,751 compromises (~27%). 1950-1995 has 40,697 hyphenated last names +1,114,680 +288,751 Texans Fully Compromised: 1,407,930
Analysis: Work So Far 1.Children will have same last name as their parents 2.Suffixed Children will have same first and last name as parents 3.Children often born shortly after parents’ marriage 4.Children born shortly after parents’ marriage often born in same county. Attackers don’t have to pick the correct parents,just the correct MMN! Texans Fully Compromised: 1,407,930
Example #1 Ernest AAKQUANAHANN Dionne COX Mother’s Maiden Name = COX Entropy = 0 bits Texans Fully Compromised: 1,407,930
Example #2 Shawn ZUTTER Lisa MENDOZA Chad ZUTTER Lauren LANDGREBE Mother’s Maiden Name = ? Entropy = 1 bit Texans Fully Compromised: 1,407,930
Example #3 Robert STUGON Duarte STURNER Jim STUGON Luann STURNER Mother’s Maiden Name = STURNER Entropy = 0 bits Texans Fully Compromised: 1,407,930
Work In Progress: Assuming born 5 years from Marriage + Same County +2,355,828 Texans Fully Compromised: 4,190,493
Future Work Add more birth records to see if % birth compromises goes up. Parents’ names often repeated in their children’s names. Factor in Groom’s suffix when looking for Suffix Children Factor in Divorce Records Factor in SSDI/State Death Records FINAL Texans Compromised: 4,190,493 ~20.09% of state population
End Work further described in: V. Griffith, M. Jakobsson (2005) Messin’ with Texas: Deriving Mother’s Maiden Names Using Public Records