Australian security expert Chris Rock presented two methods by which he managed to issue death certificates for real people, and birth certificates for non-existent people. THE presentation it happened at the DEF CON hacking conference that is taking place these days in Las Vegas, as reported by AFP.
Mr Rock appears to have discovered errors in the digital systems used by Australian hospitals to report births and deaths, and presented the Results with his book "The Baby Harvest: How virtual babies become the future of terrorist financing and money laundering."
As Mr. Rock puts it very eloquently, "You could kill anyone you want."
The problem lies in the lack of proper security procedures when online recording of a death.
The Internet is now well for our homes and our lives, helping to reduce bureaucracy in our dealings with government agencies. Of course, this is very good, but sometimes, when the implementation of official procedures in an online environment is done without the data being secured, it can bring citizens into very awkward situations.
According to K Rock's lecture at DEF WITH, many governments use a fairly simplistic process to report the death of a person.
While this is usually done by filling out some paperwork, and requires only a doctor and a funeral. If you have this data, by filling out an online form you can "die" whoever you want.
You simply search online for a doctor's personal information, which is usually available for indexing by engines. searchs.
Mr Rock was able to post a doctor's account in the online system used to report deaths in Australia.
To verify death, he then created a funeral website that he used to prove death. Then he placed a link on the web site.
Without any further verification, his application was approved in one day, giving him a death certificate of the person he chose.
The entire submission process is fully automated, all that is requested is the name of the deceased, the details of the person filing the application, and the choice of the causes of death, from a list of medical terms.
It should be mentioned that the victim of such an attack will never know that a death certificate has been issued in his name until he discovers it from some service.
Just as the researcher managed to issue death certificates for anyone who wished, he was also very easily able to issue false birth certificates.
The same simplistic process and the lack of control measures also worked in the electronic system used to record births.
Mr Rock said he only had to register a fake doctor account and then provide personal information about the parents. These were enough to "give birth" to as many babies as she wanted.