DNA testing is boosting in today's world and there are several online services which became popular over time. GEDMatch, MyHeritage and FamilyTreeDNA allowed the users to upload their genetic information, know about the genealogy and also find long lost relatives. But are your information is safe?
Recently, it was revealed that these services could be vulnerable to genetic hacking as the cybercriminals can target such a database with sensitive information to pose a digital threat.
DNA test vulnerability
Professor Graham Coop and postdoctoral researcher Michael "Doc" Edge at the University of California, Davis, Department of Evolution and Ecology has described the problems related to a DNA test in their newly launched research paper.
Coop stated that people are giving up more information than they think while uploading all DNA details in such sites and unlike credit card details they can't change or cancel their genome to get a new one. The online services allow a user to upload DNA sequences and people can also search for other users with the matching sequence.
Online DNA test platforms
The test sites use some software to compare DNA sequence uploaded by its users with sequences already in their database. It should be noted that DNA includes all kind of details from the ancestors. Both the researchers have found three approaches, IBS (identical by sequence) tiling, IBS probing and IBS baiting that yields far more information from a genome database than just some lost relatives.
How attackers can hack the genetic details?
As per the new study, in terms of IBS tiling, a hacker first uploads several genomes found in public research databases and then keeps track of the matches with other DNA details. If the attackers can get enough amount of matching tiles, they can put together most of someone's genome.
The attackers can use IBS probing to hunt for people who carry a specific genetic element, such as people with Alzheimer's disease. To make this work, hackers first creates a fake genome with a DNA sequence to match with a particular section that will match the gene of interest.
In terms of IBS baiting, researchers stated that it relies on tricking one class of algorithms used to identify similar ones. Both the authors mentioned that with as few as 100 uploaded DNA sequences, a hacker can use this method to collect most of the genomic information in a database.
Here it should be noted that in a different cyber threat case, last year Kentucky court convicted a US citizen who was the accused in hacking personal information of thousands of Singaporean people from Singapore's HIV registry and later threatened the government to leak the data if it did not release his jailed gay partner.
The 12 jury members announced their verdict against the culprit Mikhy Farrera Brochez. They found him guilty of 12 counts for transferring the registry's data to Kentucky from Singapore and emailing online links to blackmail Singapore government. The convict will be sentenced in September.
DNA vulnerability can be prevented
Coop and Edge stated that direct-to-consumer genetics services could take a step forward to block these attacks and they shared the idea with the relevant companies.
While providing such sensitive information on these kind of platforms, people should be more aware that exactly how much details they should provide to receive reports and what kind of information is sensitive and should not be given away.