My wife is not into technology.  Or security.  Or UNIX.  Basically she looks at her Macbook as a way to check email, buy shoes, organize photos and videos, and make checklists for the babysitter.  So when she takes an interest in what I do, I REALLY perk up. She is very attentive to the things I do with our mail and sensitive information, only because she hears me talking about it all the time.  She knows not to give out passwords or personally identifying information.  She shreds expired cards and junk mail. She’s definitely more in tune to security than the average citizen.

Robber Dale hides from Cop Chip, by Loren Javier

We recently noticed a reporting error from the Social Security Administration and the only way to clear it up was to go to the local SSA office with a state-issued ID in hand.  Check out how they are “protecting” your personally identifiable information!

After taking her number she found a chair in the holding pen which is shared with the consultation desks where citizens talk to the agents resolving problems.  The part she got very concerned about was the lack of privacy and sound dampening properties of the room!  People were LOUDLY and openly talking about their problems at the desks, in which each conversation started with saying their social security number.  Follow up questions depending on your problem included full name, address, telephone, date of birth, mother’s maiden name, and mother’s married name.

REALLY?  Thank goodness there was a ban on cell phone usage (with a guard to enforce it) because nobody would think to bring a pen and paper to take notes!

Imagine sitting in a room and gathering enough information to steal ten to twenty identities per hour.  Sure, you’d start to look suspicious after a while, but that’s where college kids come into play.  Pay a handful of students $5 per identity, have them sit in there for an hour at a time, and everyone is happy.  You’ve bought enough information to create fake credentials and open lines of credit, and a college kid made a quick $50-$100 to spend on… uh… BOOKS and TUTORING.  Right.

All of the controls that we discuss daily as information security professionals mean nothing if all it takes to steal an identity is a college student with a pen and a Moleskine.  The take on a hack with a massive breach would be much higher and could be done remotely, but guaranteed identities with a little bit of time invested?  Yet another example of how low-tech hacking can be just as dangerous then the high tech stuff.

This post originally appeared on BrandenWilliams.com.