Lately, services that allow people to discover their ancestral tree and find the origin of their ancestors, through their DNA, have become very popular. However when one lists his genetic information in one online database, exposes this information to a new threat.
According to a study conducted by the University of California, Davis, these services may be vulnerable to certain variants of genetic hacking. When users upload DNA sequences to databases, hackers they can steal the genomes of many people, or even identify certain individuals, from specific genetic variants, such as those presented by Alzheimer's.
According to Professor Graham Coop, users expose much more than they think when uploading their genetic data. As he comments, the genome is not stolen credit card, that you can just cancel it and order a new one.
It is worth noting that vulnerabilities they do not affect speculative services, in which the user sends a DNA sample and receives a code that allows him to see the results on his pedigree tree. Those at risk are those who simply provide an online database in which one can go in and see if their genetic material fits in with another.
As the research team discovered, there are three types of attacks: IBS Tiling, IBS Probing and IBS Baiting.
IBS Tiling: A hacker could acquire genomes from one database and see what corresponds to other genomes within it. If enough bits are identified, a person's genome could potentially be revealed.
IBS Probing: This approach could be used to find people who carry a particular genetic variant. The study used an Alzheimer's gene as an example. In this approach, a fake DNA genome will be created that is unlikely to match anyone except a small portion of the sequence that matches the gene of interest. Any matches in a public database for this falsified genome will reveal people with this particular gene.
IBS Baiting: This strategy fools a class of algorithms used to locate relatives in certain public databases. A hacker could find almost all the genetic information stored in an entire database.
All three strategies could possibly be implemented by a person with both information technology as much as genetics, as a postgraduate student.
Anyone who uses these services should know the potential risks, and how much of his information could be stolen by hackers.