Are online DNA databases dangerous?


06/12/2018

Data of over 92 million people were compromised as a result of a hacker attack on the popular genealogy site MyHeritage, where users downloaded their DNA test data to find relatives. Can DNA information in the hands of hackers be much more dangerous than bank card information and passwords to social networks?



maxpixel
MyHeritage is an Israeli Internet platform and the largest social network dedicated to genealogy. In addition, MyHeritage offers its own DNA test, through which you can find out "unique information about the geographical regions from which your ancestors originated, and your ethnicity." Not surprisingly, such valuable information has become the target of unknown hackers.

In June, the security of the service found that the project’s database was hacked. The cybercriminals have got access to electronic addresses and encrypted passwords of about 92 million users of the website.

According to the security service, there is no reason to believe that hackers have access to the results of the DNA research, but it is clear that such attacks will be repeated. This is particularly dangerous now, when genetic tests and analyzes became available to a wide range of consumers.

Why do hackers need information about someone's DNA? Professor Giovanni Vigna from the University of California at Santa Barbara believes that these data can be used for extorting money.

The attackers may threaten to put classified information in the public domain. A similar situation occurred in a hospital in Indiana in January 2017. The hackers blocked data on patients, and the institution had to pay criminals a ransom of $ 55 thousand to keep medical secrecy.

The database can contain information about genetic diseases of the clients, results of DNA tests for paternity, just suspicious coincidences of DNA, as well as reveal family ties with formally strangers. These data can be monetized by reselling them to interested persons.

There are quite legal organizations ready to pay good money for genetic information about a person. Professor Vigna offered the following example: a person applies for a long-term loan, but he is refused, because the system has data on the borrower’s predisposition to Alzheimer's disease. It is not profitable for a credit institution to give him money, because there is a possibility that he will die, not having enough time to repay the loan.

In fact, there are many institutions that are interested in the DNA information. Researchers want to conduct experiments, insurance companies would use it to calculate the cost of their services, and police need to catch criminals. Thus, the websites that store results of deciphering DNA tests are a treasure and extremely useful information.

Since there is no perfect protection against hackers at the moment, any genetic information that has emerges online is in danger. "If the data exists, then there will certainly be ways to use it," said Natalie Ram, an assistant professor of law at Baltimore University.

Of course, the police and insurance companies are unlikely to cooperate directly with hackers. It is impossible to exclude emergence of special "black markets", selling genetic information. In this case, the origin of this data will not be traceable.

There is another big problem, connected with the leakage of the results of DNA tests. Any hacker attack is serious and dangerous, but if the data of bank cards, phone numbers and even addresses can be changed, the genetic information remains untouched throughout the life of a person.

In other words, if it gets on the Internet, it will forever be associated with a specific person.

In addition, sometimes this information is shared without the user’s consent, for example, if the tests were downloaded by his close relatives. Thus, it is possible to find a person with genetic material of his family. Recently, a similar situation happened in the US. The police caught a killer after 30 years of searching thanks to the fact that his relatives used the website to create a genealogical tree. 

source: theverge.com