Australian security expert Chris Rock presented two methods by which he was able to issue death certificates for real people, and birth certificates that did not exist. The presentation was held at the DEF CON hacking convention held in Las Vegas these days, AFP said.
Mr Rock seems to have discovered errors in the digital systems used by Australian hospitals to report births and deaths, and presented the results in his book The Baby Harvest: How virtual babies become the future of terrorist financing and money laundering. ”
As Mr. Rock puts it very eloquently, "You could kill anyone you want."
The problem lies in the lack of proper security procedures when online recording of a death.
The Internet is now well for our homes and our lives, helping to reduce bureaucracy in our dealings with government agencies. Of course, this is very good, but sometimes, when the implementation of official procedures in an online environment is done without the data being secured, it can bring citizens into very awkward situations.
According to K Rock's lecture at DEF WITH, many governments use a fairly simplistic process to report the death of a person.
While this is usually done by filling out some paperwork, and requires only a doctor and a funeral. If you have this data, by filling out an online form you can "die" whoever you want.
You just look online for a doctor's personal information, which is usually available for search engine indexing.
Mr Rock was able to post a doctor's account in the online system used to report deaths in Australia.
To verify death, he then created a funeral website that he used to prove death. Then he placed a link on the web site.
Without any further verification, his application was approved in one day, giving him a death certificate of the person he chose.
The entire submission process is fully automated, all that is requested is the name of the deceased, the details of the person filing the application, and the choice of the causes of death, from a list of medical terms.
Let us report that the victim of such an attack will ever learn that a death certificate was issued in his name until he discovered it from a service.
Just as the researcher managed to issue death certificates for anyone who wished, he was also very easily able to issue false birth certificates.
The same simplistic process and the lack of control measures also worked in the electronic system used to record births.
Mr Rock said he only had to register a fake doctor account and then provide personal information about the parents. These were enough to "give birth" to as many babies as she wanted.