Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Government-Aided Phishing

Zonk posted more than 8 years ago | from the i-like-hiding-personally dept.

222

Anonymous writes "A Florida county is posting the Social Security numbers, bank account info and other sensitive data of hundreds of thousands of current and former residents on its public Web site, Computerworld is reporting. A county official says there's no problem, since the postings are in compliance with state law requiring public availability of records." From the article: "The breach stems from the county's failure to redact or remove sensitive data from images of public documents such as property records and family court documents, Hogman said. Included in the documents that are publicly available are dates of birth and Social Security numbers of minors, images of signatures. passport numbers, green card details and bank account information."

cancel ×

222 comments

Sorry! There are no comments related to the filter you selected.

let's open some bank accounts (2, Insightful)

yincrash (854885) | more than 8 years ago | (#15102112)

i think it's time for me to head to the local bank.

what's going to convince them that this is a bad idea?

Re:let's open some bank accounts (3, Insightful)

boog3r (62427) | more than 8 years ago | (#15102242)

what's going to convince them that this is a bad idea?

maybe someone posting a link [205.166.161.12] to the broward county public records site...

Re:let's open some bank accounts (2, Funny)

boog3r (62427) | more than 8 years ago | (#15102260)

Well... It WAS working. Then i did a search for 'Johnson' and now the webserver seems to be stuck in never-never land.

*sigh*

Re:let's open some bank accounts (1)

KingOfGod (884633) | more than 8 years ago | (#15102500)

I think it might have been my fault. =/
I entered "*" into the search.

Re:let's open some bank accounts (5, Informative)

tomhudson (43916) | more than 8 years ago | (#15102611)

It's still working fine. What's worse, if you don't give a first name, it gives you by last name only, so you can just do a dictionary attack on last names,

I just randomly picked a last name, and a couple of clicks later I know that (I've removed the names) L.A.P and A.J.P got a mortgage for 141,999.00 on 5/14/2004 from the CITY FEDERAL SAVINGS BANK.

So, if I were a phisher, I now have two names, and a dollar amount. I already know approximately where, and by clicking on the other records I know that they've been there for about 20 years, and that they also had some legal problems back in 1991, again, I'm leaving out the details.

W.T.F ?!?!?!?!

I would be humongously upset that this sort of stuff is available just by clicking.

Worse, by searching on the same two names + broward county plus a good guess as to another term, I found a link to a dump of 756k from google's cache. http://www.google.com/search?num=20&hl=en&lr=&safe =off&q=www.co.broward.fl.us%2Fdatabase%2Frecords%2 F03-24nme.txt&btnG=Search [google.com]

If I were a phisher, a few minutes with perl would give me a decent dictionary with which to start ...

Re:let's open some bank accounts (4, Interesting)

Sylver Dragon (445237) | more than 8 years ago | (#15102657)

I'm doing a search now to test a theory:
The site is an .aspx page, which means that it's probably an IIS server back-ended by a MSSQL database. Given that they would want the text search to be case insensitive, it is quite possible that they were sloppy and used a SELECT * WHERE [last_name] LIKE @search_string (ok, they probably listed only the columns they wanted, you get the idea though). It is also possible that there is no limit defined for the number of records to return.
If all of the above is true, then the search I started should return everything between 1/1/1978 and 4/10/2006 in the database, assuming that their server survives the request. If this is true, this means that getting everything in their database is a trivial task, and that they are exposing a lot of people to identity theft, very easily. Further, even if they go through and redact the data later, it is probably too late, as the data would have been long since scraped. This is one time that I hope a slashdotting kills a server.

Re:let's open some bank accounts (1)

tomhudson (43916) | more than 8 years ago | (#15102675)

If its mysql, if yo don't supply a LIMIT clause, it defaults to 1000 (and I'll bet they changed the default to 50). You should have added a LIMIT 10000 to give you a good start.

Re:let's open some bank accounts (1)

deathy_epl+ccs (896747) | more than 8 years ago | (#15102710)

mysql != MSSQL

Re:let's open some bank accounts (1)

Hannah E. Davis (870669) | more than 8 years ago | (#15102468)

what's going to convince them that this is a bad idea?

You mean aside from the fact that you just posted your intentions on Slashdot? ;)

Class-action suit? (1)

KwKSilver (857599) | more than 8 years ago | (#15102587)

For X-billion dollars. Send a link to your "favorite" law-shark. I presume grotesque stupidity and wanton negligence bordering on malfeasance(?) is actionable. Any lawyers have an opinion on this crap?

That's easy (1)

btarval (874919) | more than 8 years ago | (#15102648)

"what's going to convince them that this is a bad idea?"

That's easy. Identify who "them" is, and narrow down all the SSN's, driver's license info, etc. and just publish that for the people who are responsible for posting this stuff. If you really wanted change the situation, just add a few of the high ranking politicians for the county to the list.

There are even ways of making this stuff a permanent part of the Internet, though I'll refrain from giving the less technically clueful some ideas.

I have a strong suspicion that the officials responsible for this would change their tune fairly quickly once they became educated on how having too much public information can be abused.

And, just to be clear, I'm not advocating that anyone do this. I wouldn't advocate this even for those beaurecrats in Florida.

On the positive side of things, if all the counties in the U.S. did this, it would certainly force the banking industry to change.

next news story (1)

Kwiik (655591) | more than 8 years ago | (#15102114)

Florida county website sues slashdot for launching a distributed denial of service attack (FP!?)

Re:next news story (2, Interesting)

JordanL (886154) | more than 8 years ago | (#15102134)

Hmm... posting it on slashdot DEFINATELY won't draw phisher's attention to it...

What the hell made Florida ever think that this was a good idea?

Re:next news story (3, Funny)

Anonymous Coward | more than 8 years ago | (#15102154)

What the hell made Florida ever think that this was a good idea?

I think you answered your own question.

Re:next news story (1, Redundant)

BigBlockMopar (191202) | more than 8 years ago | (#15102176)


What the hell made Florida ever think that this was a good idea?

The fact that it's FLORIDA. Florida would be a lovely place, if not for the people who live there - especially the politicians!

This data breach is, without question, criminally irresponsible. Wanna bet none of the inbred morons responsible is ever brought to trial?

I'm a Canadian computer geek who wants American citizenship - the only thing keeping me from wgetting the entire site and building an identity is the fact that I'm not a complete asshole.

Re:next news story (1)

rainman_bc (735332) | more than 8 years ago | (#15102200)

I'm a Canadian computer geek who wants American citizenship

You must have a fever or something... Wanting to move to a country like that.

Certainly devs earn more money in places like NYC, but they also pay obscene amounts of rent too. And due, the Vancouver tech market is booming.

Re:next news story (1)

BigBlockMopar (191202) | more than 8 years ago | (#15102381)


You must have a fever or something... Wanting to move to a country like that.

What? Of the most friendly people I've ever met (certainly more outgoing than Canadians), with a second-to-none can-do spirit?

Americans are just like Canadians, but on an individual basis they're friendlier, and the hardware stores have more/better tools.

Certainly devs earn more money in places like NYC, but they also pay obscene amounts of rent too. And due, the Vancouver tech market is booming.

Don't care. I'd rather live in rural Iowa than either one of those cities. If more than 70% of the men in a given place don't know how to change a spark plug, I'm not moving there. Bonus points are awarded for women who know what a spark plug does, let alone how to change one.

Re:next news story (1)

networkBoy (774728) | more than 8 years ago | (#15102205)

"I'm not a complete asshole."

But I am :-)
-nB

Re:next news story (0, Offtopic)

Darkman, Walkin Dude (707389) | more than 8 years ago | (#15102230)

Speaking of attracting undesireables, I appear to have picked up a stalker, nyahahah! Eh any ACs or GuloGulo (959533) that respond to this message, everyone remember the name, this one is truly half baked.

Re:next news story (2, Funny)

BigBlockMopar (191202) | more than 8 years ago | (#15102436)


Speaking of attracting undesireables, I appear to have picked up a stalker, nyahahah! Eh any ACs or GuloGulo (959533) that respond to this message, everyone remember the name, this one is truly half baked.

Hah! Stalkers? Gimme a break. Try carrying around my sig and see how many disgusting uncircumcised Europeans or "I was robbed at birth!" wackos hit me up.

I hope they all get phimosis. Savages.

Re:next news story (0)

Anonymous Coward | more than 8 years ago | (#15102733)

disgusting uncircumcised Europeans
So you're retarded then?

Argh argh argh argh! (1)

biendamon (723952) | more than 8 years ago | (#15102372)

It's spelled "definitely." The root of the word is "definite," not "definate." The root of that word is "finite," not "finate."

There is no 'a' anywhere in the word. Ever. Under any circumstances. If you're going to put something in ALL CAPS, please, for the love of God, people, spell it correctly.

Other that that, I agree with you completely.

Re:Argh argh argh argh! (1)

JordanL (886154) | more than 8 years ago | (#15102394)

I would be snide and affronted... but that I wage the same crusade with others. I'll go now. /cry

Re:next news story (1)

corblix (856231) | more than 8 years ago | (#15102449)

What the hell made Florida ever think that this was a good idea?

Florida doesn't "think". It is not a person. Florida is 16 million people, some of whom think.

What happened here is that someone did something stupid and someone else called them on it. But now, instead of fixing the problem, they're working on CYA. This is standard practice in any large, dysfunctional organization, nothing particularly special about Florida.

Re:next news story (1)

GrumblyStuff (870046) | more than 8 years ago | (#15102575)

What do you expect? It's America's Wang.

Re:next news story (1)

Jaysyn (203771) | more than 8 years ago | (#15102739)

We have nothing to do with those morons down in Miami.

Jaysyn

Hmmm (2, Insightful)

SupremoMan (912191) | more than 8 years ago | (#15102115)

This has "stupid" written all over it.

Local Politicians (4, Insightful)

DigiShaman (671371) | more than 8 years ago | (#15102122)

Anyone want to bet information of local politicians have been exempt from this? Hmmm? Anyone?

Re:Local Politicians (1)

PitaBred (632671) | more than 8 years ago | (#15102150)

I'd love to bet, but that's only because I enjoy losing.

Re:Local Politicians (2, Informative)

HaeMaker (221642) | more than 8 years ago | (#15102273)

They are not. Was able to look up records of at least one elected official.

Make checks payable to... well you can look up that info yourself!

Nope (0)

Anonymous Coward | more than 8 years ago | (#15102407)

Same thing in L.I. N.Y.
Several Politicians where there too.

Funny thing, they are public docments. Altering then to hide the information is illegal.

Re:Nope (5, Informative)

The Snowman (116231) | more than 8 years ago | (#15102654)

Funny thing, they are public docments. Altering then to hide the information is illegal.

Funny thing is, you are wrong. The Privacy Act of 1974 covers what to do with private data in government records at the federal level, and many states have similar provisions. Essentially the documents are public property, but specific personal details are not. For example, citing a court case, evidence, its outcome, etc. is public record. Giving the SSN of the person found guilty and the bank account number used to pay the fine is NOT public record.

Another example is declassified documents. Yes, they are public, but usually redacted. For example, giving information on an old military operation while redacting information that identifies the specific people involved. People that may very well still be in the military performing similar operations.

Altering public documents to the extent of redacting personal information, which is what this article is about, most certainly is legal and often required. However, you are an anonymous coward -- obviously someone redacted your user account so I don't know who you are.

Re:Nope (1)

ScrewMaster (602015) | more than 8 years ago | (#15102729)

Altering public documents to the extent of redacting personal information, which is what this article is about, most certainly is legal and often required. However, you are an anonymous coward -- obviously someone redacted your user account so I don't know who you are.

If I had mod points I dunno whether I'd give you a Funny or Informative.

Re:Local Politicians (1)

houghi (78078) | more than 8 years ago | (#15102522)

Nice idea though. Make information you find on decision takers public and see if they still think there is "no problem".

Do this during a live TV show:
- So you do not think there is a problem with the release of information
* Absolutely not. There is no security risk.

Have a scroller at the bottom with all the politicians information. Have several politicians. The neat part is that they will not know that they are agreeing to have their information on TV at that very moment.

Re:Local Politicians (1)

utlemming (654269) | more than 8 years ago | (#15102774)

LOL...if only a TV progam had the balls to do it. But it would be rather funny. You wouldn't even have to use real information. You ought to tell Comedy Central, I am sure that the Daily Show could enjoy that one.

Re:Local Politicians (2, Interesting)

patio11 (857072) | more than 8 years ago | (#15102632)

No, they're definately in there. Some quick Googling (heck, one name is in TFA) finds them pretty quick. I was kind of suprised that I could access the site from a foreign IP, as its pretty routine nowadays to limit that (I can't get my own credit reports without using a US based proxy, presumably because they were worried about fraud, and I had a devil of a time reading Dubya's campaign site during the 2004 election) for sensitive sites. Now, generally when we're talking about, say, e-mail delivery I'm 100% in favor of non-discrimination at the institutional level... but could you folks in Flordia strongly consider doing something about this if you start getting a lot of accesses from, say, *.ru?

Florida: comic relief for a stressed-out nation! (1)

drdanny_orig (585847) | more than 8 years ago | (#15102152)

Really, does it surprise anyone that it's Florida doing this?

Re:Florida: comic relief for a stressed-out nation (0)

Anonymous Coward | more than 8 years ago | (#15102233)

There's a reason the state looks like a flacid dingus.

Re:Florida: comic relief for a stressed-out nation (2, Funny)

Shadow Wrought (586631) | more than 8 years ago | (#15102243)

Obligatory:

<Homer>Florida? But that's America's wang!</Homer>

FLORIDA (5, Funny)

dteichman2 (841599) | more than 8 years ago | (#15102166)

From the same people who brought you Indecision 2000... here comes Identity Theft-O-Rama. 3 days in the future: 10:00 News: "For what seems to be no reason, thousands of individuals in Florida seem to be buying things online in mass. Oddly enough, none of the orders are being delivered to Florida. We'll have a video for you after the break. Over to you, Bob."

Re:FLORIDA (1)

Opportunist (166417) | more than 8 years ago | (#15102248)

Nah, that's just grannies spending spring break with their relatives to get away from those crazy teens partying.

Re:FLORIDA (1)

ScrewMaster (602015) | more than 8 years ago | (#15102746)

... individuals in Florida seem to be buying things online in mass

I was unaware that the Catholic Church was providing online access for its members. Perhaps you meant "en masse"?

Whenever I hear a strange story... (1)

Wilson_6500 (896824) | more than 8 years ago | (#15102750)

I'm never surprised to see that it's from Florida. What's with those people? Is corruption and stupidity among governmental officials, like, MORE prevalent there than everywhere else?

old news (3, Interesting)

Prophetic_Truth (822032) | more than 8 years ago | (#15102173)

Have you ever been sued for a bad debt? If so, chances are your signature, along with your application for whatever loan or credit you defaulted on is all public record. That usually contains a whole lot of personal information, not just limited to your SSN.

Re:old news (1)

Bryansix (761547) | more than 8 years ago | (#15102476)

And that makes it right? If people are goig to use the SSN as a all-purpose ID number then it needs to be gaurded along with birthdates, past addresses, bank account numbers, etc. They should not be just throwing that information around for anyone with no legitimate use to get a hold of.

Re:old news (1)

Prophetic_Truth (822032) | more than 8 years ago | (#15102562)

I never said it was "right". I was just saying that this has been an ongoing problem for awhile, but I summed it up in two words. I didn't mean to express that sentiment.

Re:old news (1)

Adambomb (118938) | more than 8 years ago | (#15102502)

yeah because the 'having a ton of cellphones activated with your info and then having massive balances forwarded to a collections agency and watching your beacon go down the tubes' part where they dont ASK for anything but a date of birth and ssn is just peachy.

Re:old news (1)

tomhudson (43916) | more than 8 years ago | (#15102661)

I got a bit of a surprise - I sent some registered mail - and now I have an "electronic copy" of their signature, sutiable for cut-n-paste.

I am NEVER AGAIN going to accept registered mail, or if I do, I'm signing someone else's name. This is getting ridiculous!

Re:Like that's a problem (1)

symbolic (11752) | more than 8 years ago | (#15102709)

Do you think identity thieves and other scammers are interested in people with bad credit?

Identity theft (2, Interesting)

thomaswahl (94657) | more than 8 years ago | (#15102179)


    When you are the victim of identity theft you know who to sue: Sue Baldwin,
  Broward County, and the State of Florida. Two out of three deep-pockets isn't bad.

Re:Identity theft (1)

Penguinoflight (517245) | more than 8 years ago | (#15102335)

Broward County and Sue Baldwin are only doing what is required by Florida Law. They cannot be a target, but that does leave the largest of the 3.

Re:Identity theft (1)

lspd (566786) | more than 8 years ago | (#15102720)

When you are the victim of identity theft you know who to sue: Sue Baldwin

No no no.... It says right on the mortgage that her name is VERNA Sue Baldwin.

Personally I love her oath to "uphold and defend the Constitution of the United States and the Constitution of Florida." Priceless...

bad year for boward (5, Interesting)

tehwebguy (860335) | more than 8 years ago | (#15102180)

this is the same county who's police intimidated, threatened, and were just plain jerks to an undercover journalist attempting to find a "police officer complaint form":
http://cbs4.com/topstories/local_story_033170755.h tml [cbs4.com] (watch part 1 and 2, videos on the right)

and then retaliated against the journalist after the piece aired:
http://cbs4.com/local/local_story_086232143.html [cbs4.com]

Re:bad year for boward (2, Interesting)

Anonymous Coward | more than 8 years ago | (#15102322)

They also managed to misplace 58,000 absentee ballots [local10.com] .

Dammit, why'd I have to take a job down here? I did some digging and, sure enough, there are documents about me freely available on the web.

Re:bad year for boward (1)

commonchaos (309500) | more than 8 years ago | (#15102323)

Extra points for using the public database to get information on the police officer referenced in those articles.

Re:bad year for boward (1)

Ph33r th3 g(O)at (592622) | more than 8 years ago | (#15102346)

Nice. Unfortunately, thugs with badges like that are all too common. The job attracts power-trippers like those in the video, and the low pay pretty much screens out all but the most corrupt or the most dedicataed.

Re:bad year for boward (1)

Belial6 (794905) | more than 8 years ago | (#15102619)

Since the corruption goes all the way to the top, the "most dedicated" don't last. That leaves only the corrupt. I sold my last house to move out of a city where the mayor had a police officer call me and threaten me.

Note to self: When a city is trying to drive residents from their homes, don't take pictures of a hit and run.

C'mon, the least Slashdot could do... (2, Funny)

jd (1658) | more than 8 years ago | (#15102188)

...is post a link to the information! How else are we to know if the data is genuine?

Devaluing SSN & account numbers (0, Redundant)

dfsmith (960400) | more than 8 years ago | (#15102216)

On the plus side, the more SSNs (not a secure identifier) and bank account numbers (everyone you've ever written a check to has it) are out in the open, the less valuable they become to fraudsters.

At least, they would be, if institutions recognized that they are pretty worthless identification to begin with.

Re:Devaluing SSN & account numbers (1)

Opportunist (166417) | more than 8 years ago | (#15102262)

You mean, like a driving license as a proof of ID or a proof of a stay permit?

Re:Devaluing SSN & account numbers (1)

dfsmith (960400) | more than 8 years ago | (#15102304)

In CA at least, to get a driving license you need to:

  1. have your photo taken
  2. have your thumbprint taken
  3. take a test
  4. copies or originals of various identifying documents
and in return you are issued a card that is difficult to copy. The card's a bit better than a 9-digit number. Item 3 at least must keep some of the identity thefts at bay! B-)

Re:Devaluing SSN & account numbers (1)

Opportunist (166417) | more than 8 years ago | (#15102326)

Good in theory. But, correct me if I'm wrong, there is nothing on the license telling if you're actually a citizen of the US. On the other hand, the driving license is the primary ID card.

Let's put it that way, the border cops near San Diego were quite glad I had my passport with me...

Re:Devaluing SSN & account numbers (1)

AK Marc (707885) | more than 8 years ago | (#15102735)

But, correct me if I'm wrong, there is nothing on the license telling if you're actually a citizen of the US.

Of course not. For one, it's a driver's license. That has nothing to do with citizenship or residency. Also, the state issued driver's licenses are not linked to federal citizenship status. If you've ever gotten a job, you know what proves identity, and what proves citizenship. You can use a valid passport to prove both (I think the only civilian ID a natural born citizen can have that proves both identity and citizenship). Without that one document, which you can't use as a driver's license, you have to have two separate documents. Something like a license to prove identity, and something that proves citizenship, like a Social Security card or birth certificate for natural born citizen or the appropriate paperwork from INS for the others.

Let's put it that way, the border cops near San Diego were quite glad I had my passport with me...

Did you check the requirements before leaving the country? Even though it is "just Mexico" it still is a completely different country. I was told that an American leaving the US should, at a minimum, take a birth certificate and ID, no matter where they are going. Without that, it is possible that reentry could be denied or delayed. And if you have a passport, it is silly to not take it with you when you leave the country, even for "just Mexico."

Why am I not surprised. (5, Funny)

Sir Unimaginative (967464) | more than 8 years ago | (#15102223)

Yeah, hello, Spain? You can have it back now.

No way (4, Funny)

Opportunist (166417) | more than 8 years ago | (#15102275)

You break it you buy it!

Re:Why am I not surprised. (3, Informative)

Solra Bizna (716281) | more than 8 years ago | (#15102580)

I need to get out more, that was the funniest thing I've read in a week.

-:sigma.SB

They must do it! (4, Insightful)

mi (197448) | more than 8 years ago | (#15102226)

Editing out the SSNs and DOBs is not only not required by law, it, likely, is against the law.

This info was Public Records since, well, always :-)

Anybody could go to town hall and browse the registry of deeds and other repositories. It just became more convenient to do it, but it was always possible.

In a way, we always relied on "security through obscurity" keeping this information (kinda) private, and are now all upset at the obscurity withering out.

Re:They must do it! (1)

i.r.id10t (595143) | more than 8 years ago | (#15102250)

Yup, its only 'cause someone out there decided that they'd let the govenment generate unique id numbers for their customer/patient/client/whatever database. From then on, it was all down hill...

Re:They must do it! (1)

lspd (566786) | more than 8 years ago | (#15102758)

Business didn't start this nonsence. FDR started it in 1943 with Executive Order 9397. [uhuh.com]

Re:They must do it! (2, Informative)

LiquidCoooled (634315) | more than 8 years ago | (#15102253)

Its not that it was ever private.
Its that the criminals have found a use for the information.

Re:They must do it! (1)

Firethorn (177587) | more than 8 years ago | (#15102270)

Editing out the SSNs and DOBs is not only not required by law, it, likely, is against the law.

It violates federal law, which trumps state law. Specifically, the privacy act of 1974

Re:They must do it! (1)

mi (197448) | more than 8 years ago | (#15102299)

It violates federal law, which trumps state law. Specifically, the privacy act of 1974
I doubt it, because this supposed violation always existed -- since 1974 anyway.

It just became more harmful, because of the Internet, but the nature of it did not change.

So, people, don't let your 2000-election wounds open up again :-)

Re:They must do it! (0)

Anonymous Coward | more than 8 years ago | (#15102479)

Huh? Your reply makes no sense.

It violates federal law. Period.

It cannot be grandfathered or whatever it is you were trying to suggest.

Re:They must do it! (1)

mi (197448) | more than 8 years ago | (#15102557)

Huh? Your reply makes no sense.
Try harder.

What I meant was, having a state law patently contradicting a federal one for over 30 years, while possible, is a lot less likely, than a Slashdot user misreading one or both of the laws.

Re:They must do it! (2, Interesting)

Detritus (11846) | more than 8 years ago | (#15102513)

It violates federal law, which trumps state law. Specifically, the privacy act of 1974

Wrong. The Privacy Act of 1974 only applies to the executive branch of the federal government.

Re:They must do it! (1)

product byproduct (628318) | more than 8 years ago | (#15102321)

This is because showing a number to identify yourself is a stupid idea to begin with. Public cryptography gives methods to prove to someone that you own a secret without having to disclose that secret. THAT'S the kind of ID we should be using.

Re:They must do it! (1)

TubeSteak (669689) | more than 8 years ago | (#15102494)

In a way, we always relied on "security through obscurity" keeping this information (kinda) private, and are now all upset at the obscurity withering out.
The obscurity was never there. Only the stupid or lazy didn't look.

From TFA: Baldwin added that the information available on the Web is also freely available for public purchase and inspection at the county offices. "Professional list-making companies have always purchased copies of records and data from recorders to use in the creation of specialized marketing lists, which they sell," she said. So too have title insurance underwriters and credit reporting agencies.

Anyone with the time and motivation could go ahead and do this. How else do you think so many dead people register to vote every year?

Re:They must do it! (1)

mi (197448) | more than 8 years ago | (#15102537)

The obscurity was never there. Only the stupid or lazy didn't look.
And guess who is complaining now?

Maybe not Phishing but... (1, Funny)

NorbrookC (674063) | more than 8 years ago | (#15102227)

I don't know if this could be considered "phishing" in the sense that I'm trying to lure people into giving me their information. It's right out there for all to see without going through all the bothersome effort of setting up a fake website and sending out the e-mails! Just some browsing, and then setting up the bank transfers and charging purchases!

And to think of all the effort that's being wasted on setting up phishing schemes, when Broward County will do all the work instead!

Bill Gates SSN (2, Informative)

ajakk (29927) | more than 8 years ago | (#15102240)

I remember that this became an issue when someone got credit cards issued in Bill Gates's name. His SSN was listed on SEC filings because he was a majority holder of Microsoft stock. They have since changed the listing requirement with the SEC.

From the website itself.... (4, Informative)

bvdbos (724595) | more than 8 years ago | (#15102251)

Defending Yourself Against Identity Theft

According to the Federal Trade Commission (FTC), identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. The FTC reports that there were 161,819 victims of identity theft in calendar year 2002. Florida has one of the highest

Back to top

Tips to Avoid Identity Theft
-Do not respond to phone calls or emails from unknown solicitors seeking personal information.
-Do not leave documents containing identifying information lying around your house or workplace. Keep them in a secure location.
-When discarding documents containing your social security number, credit or debit card information, or utility and phone bills, shred or destroy them. Don't just throw them away.
...
-Limit the contents of your wallet. Do not carry extra credit cards or important identity documents (social security card, passport, etc.) except when needed. Never carry passwords or PIN numbers in your wallet. -Photocopy, scan, or make a list of the contents of your wallet and keep it in a safe place. Copies or scans should include both sides of each item. A list should include account numbers, expiration dates, and customer service phone numbers for each item.


Maybe someone could point them to their own site? And why make copies if you can download for free???

Attacking the wrong people (5, Informative)

GigsVT (208848) | more than 8 years ago | (#15102269)

Virginia has your SSN and a lot of information up too, in the virginia courts database that has everyone's criminal record, including traffic.

Most states have this.

Don't attack the wrong people, the blame lies squarely with the credit card companies for using your SSN as identification and trusted authentication.

These are all public records and always were public records. It just saves you a drive to the court house of the respective county (or paying a PI network to do same) to have them online.

Yeah, I admit Florida is one fucked up state in so many ways, but don't blow this out of proportion.

Re:Attacking the wrong people (0)

Anonymous Coward | more than 8 years ago | (#15102597)

Yeah, I admit Florida is one fucked up state in so many ways, but don't blow this out of proportion.


Well, how about when somebody uses that publicly available data (conveniently accessible from the third world instead of the courthouse) to fuck your identity up and then charge up a shitload of merchandise on bogus accounts attributed to you we ask you not to blow it out of proportion.

Yes, credit card companies are wrong to use the SSN for authentication and identification, but then again so does.. voila.. social security. And we all know that SS fraud never happens. On top of that, the social security number is the de facto ID number for many organizations so the state needs to adjust. Even my ass backward state (Ohio) have gotten this through their skulls and most if not all government sites have pulled SSNs.

The more SSN's out there the better? (3, Insightful)

hsmith (818216) | more than 8 years ago | (#15102274)

Look at it this way. SSN's aren't what they were meant to be. They are your "everything" number now. In some respects, is the value of the SSN being diminished because they are so easy to use and get a hold of now? It could possibly be a big plus because now we get into a situation where they just aren't worth using so everyone stops using them for important transactions. Lets hope...

OK it had to be said (3, Funny)

Spy der Mann (805235) | more than 8 years ago | (#15102284)

Something phishy's going on here.
*ducks*

PUBLIC RECORDS (1, Interesting)

Penguinoflight (517245) | more than 8 years ago | (#15102293)

The thing is these records are required to be public. A lot of counties in Florida just decide to blank out all important information, or simply not publish the entire document on their web sites. I would have to argue that the county in question is actually do what is required by law, and nothing less.

It's really not fair at all to say that a record is "Public" if you have to drive to the office and pay $4/hr for a parking spot (if you're lucky enough to find one). Besides, most courhouses have rules like "no weapons", where you will see every officer in the place carrying a gun.

Should people be subjected to phishing? no. The information that is on record at courthouses shouldn't be enough to make phishing targets, but that's not the fault of the courthouse.

Wanted Posters (1)

rbannon (512814) | more than 8 years ago | (#15102318)

Just yesterday I was looking at wanted posters, and each one had an SS number on it. So this doesn't seem surprising at all.

Re:Wanted Posters (2, Funny)

Bill Dimm (463823) | more than 8 years ago | (#15102391)

I was looking at wanted posters, and each one had an SS number on it.

Yeah, but were you really tempted to steal the identity of someone the police were looking for?

I give up. (1)

ph4s3 (634087) | more than 8 years ago | (#15102389)

You struggle and struggle to protect your own identity and something like this sponsored by our own inept government happens. It's enough to make you honstly consider that 7x9 shack in the woods as a viable alternative to modern existence.

This is good! (3, Insightful)

Electrum (94638) | more than 8 years ago | (#15102404)

The federal government needs to do this on a nationwide scale. The SSA should give a deadline, say one year, then publish all SSN data. SSN is not supposed to be used as an identifier, nor as a secret. Doing this will force organizations to change their procedures, thus hampering identity thefts and other security issues that result from treating a public, non-unique identifier as a secret.

Shocking: laws do NOT replace common sense (2, Insightful)

suv4x4 (956391) | more than 8 years ago | (#15102430)

"A county official says there's no problem, since the postings are in compliance with state law requiring public availability of records."

If all things in compliance with the law are perfect, then what the hell we need politicians to change/update the laws for? Fire the bastards.

Privacy Act (1)

jascat (602034) | more than 8 years ago | (#15102442)

Has no one heard of the Privacy Act of 1974 [usdoj.gov] ? Things such as SSN, birth dates, telephone numbers, addresses, etc are all protected. Somehow, it only makes sense to blank that out, even when it comes to freedom of information actions. I'm ashamed to call Florida my state of residence now.

Re:Privacy Act (2, Informative)

Detritus (11846) | more than 8 years ago | (#15102549)

Try reading it again. It doesn't apply to the states.

One word describes it all... (0)

Anonymous Coward | more than 8 years ago | (#15102470)

Dumbfuckistan !!

What's the big deal...? (1)

Gandalf_the_Beardy (894476) | more than 8 years ago | (#15102480)

Can someone explain to a poor Brit just *why* you need to keep your SSN safe - which being as it's publicly accessible seems to be an impossibility. Is it the only thing needed to apply for credit in your name or just a convenient stepping stone to a little social engineering to get what info you would need?

Re:What's the big deal...? (1)

01101101 (869973) | more than 8 years ago | (#15102622)

Can someone explain to a poor Brit just *why* you need to keep your SSN safe - which being as it's publicly accessible seems to be an impossibility. Is it the only thing needed to apply for credit in your name or just a convenient stepping stone to a little social engineering to get what info you would need?

Despite that it was not intended as such, being a relatively unique ID it has become the key field for anything financial including credit bureaus. Even a lot of non financial institutions like to track people with it. Knowing a SSN is almost as good as being someone these days. It is a key that unlocks many doors.

found in five clicks (2, Interesting)

drkich (305460) | more than 8 years ago | (#15102526)

I started searching for my friends and family. I found a number of their documents online with just a couple of clicks. Absolutely ridiculous! I called my senator (state and federal) and I urge you to do the same.

Re:found in five clicks (0)

Anonymous Coward | more than 8 years ago | (#15102718)

They might be more impressed with the issue if you call your senator and tell them their SSN.

YKOUG FAIL IT.. (-1, Redundant)

Anonymous Coward | more than 8 years ago | (#15102730)

ab0ult who can rant part of GNAA if
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>