Cyber security experts: Hackers target children's SS numbers

For computer hackers looking to steal someone’s identity, there’s nothing better than taking the social security number of a child, say cyber security experts at two area universities.

Excela Health stopped 832 “violent intrusions” by hackers trying to gain access to the social security numbers of children in the last month, Excela Chief Executive John Sphon said recently.

Excela, which has an information systems security professional on its cyber team, said its intrusion software caught the hackers and its detection software reported the largest number originated in Vietnam.

“This (stealing children’s IDs) has been around for quite a while, but there has been a slight resurgence recently,” said Brad Messner, a computer science, cyber security and data analytics instructor at Seton Hill University in Greensburg.

Hackers steal the identity information of an estimated 1 million children in the United States in a year, said Patrick Juola, a Duquesne University computer science professor and coordinator of its cybersecurity program.

“Clean” social security numbers of youngsters age two and younger “is the number one seller on the dark web,” Sphon said last week at the Economic Growth Connection of Westmoreland luncheon.

“The children are vulnerable because they have a blank slate,” Juola said. “You can make up a computer identity and there is no information to contradict it.”

Children’s social security numbers are so attractive because “the kids have a higher credit rating than the adults and are not monitored regularly” through credit reports, Messner said. It could be 15 or 16 years before a person uses their social security number, Messner said.

Those 16 years are enough time for computer hackers to develop a fake persona in which purchases are made and paid for, “then blow it all by taking $100,000 in cash advances,” Juola said.

The health care sector is an attractive target because data about a patient can be transferred so often, Messner noted.

UPMC, like most health systems, “continuously faces cyber security threats from around the world,” said UPMC spokeswoman Wendy Zellner.

The Pittsburgh-based health system made investments in training employees to recognize phishing attempts to obtain their passwords and technology that alerts UPMC to suspicious activity on its computer networks, Zellner said.

Dan Laurent, a spokesman for Allegheny Health Network, said he was not aware of any attempts by computer hackers to get that identity information from AHN’s computer system.

Although Excela determined that the majority of the hackers were trying to break into a Greensburg-based computer system from Vietnam, “that is not unique” to that South East Asian country, Messner said. Vietnam is not home to the largest number of hackers, but the United States is the number one target. Those hackers might be sending thousands of attacks daily to mid- to large-size companies, Messner said.

Juola had a word of advice for parents of young children.

“You should check your children’s credit report and yours. Don’t wait until she applies for a job … and find out she has two mortgages in Texas,” Juola said.