How to Use 1 Million Stolen Fingerprints

Posted July 21, 2015 at 5:10am

“The hackers who recently broke into the computers of the federal Office of Personnel Management didn’t just steal the usual names, addresses and Social Security numbers. This time, they took something else: fingerprints. Over 1 million sets of them,” writes FiveThirtyEight . ” What exactly does one do with lots of stolen fingerprints?”  

“In fact, the most likely uses of the stolen prints are more about deep spycraft than petty phone theft… Combine the old grade-school truism that fingerprints, like snowflakes, are unique (or at least pretty close to it) with the fact that fingerprints can’t be changed, and you’ve got a powerful identity authentication tool that could be used to great effect by a foreign intelligence agency.”  

“First, they could be used to sniff out individuals operating in a foreign country under false identities. Imagine that you, an American spy, travel to Hackistan ostensibly to work as the ambassador’s dog walker. The Hackistani government grabs your fingerprints when you arrive in the country. But now, after their successful hack, they can check yours against the prints in the stolen OPM database. They find that your prints are a partial match with the prints of a contractor who worked for the U.S. Department of Defense a decade ago. Uh oh.”  

“Second, Berke said, the prints may help in creating new, assumed identities for the thieves or their associates. Foreign operatives could do this ‘by replacing the fingerprint data of legitimate employees with the fingerprints of a person who wishes to assume that identity’… Typically, the OPM would be able to track changes made to the personnel database. But in this case, the hackers had administrative access, and it’s impossible for OPM now to know if changes were made.”