back to article Brits' DNA data sent to military base after 'foreign' hack attacks – report

An ambitious project to map the DNA of a million Brits has experienced such sustained hack attacks that officials have had to shift the data to a Ministry of Defence (MoD) facility in Wiltshire. Genomics England was probably hoping for a day of cheery PR after telling the world it had completed the "100,000 Genomes Project" …

"100,000 Genomes Project is secure, insists chair"...

... Well he would say that wouldn't he. </Mandy Rice-Davis>

The reality is, he doesn't know.

15
0

Re: "100,000 Genomes Project is secure, insists chair"...

After over 70 years I'd guess that my medical records could be matched to me even if ‘anonymised’. Only the radical pruning out of such details as time and place might prevent this.

The data may be 'safe' in a bunker, but it's only going to be useful in the hands of researchers. And they will be in universities and big pharma research labs all round the world. Granted, many will only have a subset of the whole, but they certainly won't be in bunkers. I wonder what kind of security conditions will be imposed, and how well those conditions will be policed?

In any case, since expertise is needed to make any sense of the medical data it is probably easier for big national or commercial interests to employ that same expertise to craft really good research applications, obtain the data legitimately, and then feel free pass it on to any dark-side entity with which they might have a quiet understanding. Again, I wonder what kind of security conditions can be imposed, and how on Earth those conditions could be policed?

5
0
Anonymous Coward

Re: "100,000 Genomes Project is secure, insists chair"...

After over 70 years I'd guess that my medical records could be matched to me even if ‘anonymised’.

Which regular commentard am I?

You have an easy problem: there are only a few tens of us to choose from, and our writing patterns surely have less entropy than the genome. Identifying me from this post must be at least a few million times easier than identifying you from a genetic database.

3
2
Silver badge

Re: "100,000 Genomes Project is secure, insists chair"...

Are you me?

2
0
Silver badge

Re: "100,000 Genomes Project is secure, insists chair"...

Are you me?

Nope... I am the walrus.. Goo goo g'joob…

2
0
Silver badge

Re: "100,000 Genomes Project is secure, insists chair"...

"Which regular commentard am I?"

I don't think you're Bob. One down....

2
0
Anonymous Coward

Re: "100,000 Genomes Project is secure, insists chair"...

"Which regular commentard am I?" not a problem when the legal system allows you to read the last page of the book.

0
0
RDW

Re: "100,000 Genomes Project is secure, insists chair"...

"The data may be 'safe' in a bunker, but it's only going to be useful in the hands of researchers. And they will be in universities and big pharma research labs all round the world. Granted, many will only have a subset of the whole, but they certainly won't be in bunkers. I wonder what kind of security conditions will be imposed, and how well those conditions will be policed?"

https://www.genomicsengland.co.uk/understanding-genomics/data/current-research/

0
0
Bronze badge

Re: "100,000 Genomes Project is secure, insists chair"...

You are number 2

0
0
Anonymous Coward

Strange

Went to a lecture from this Project at a New Scientist event in London

The data collected by this project is almost exclusively from families suffering from genetically inherited illnesses, and you get included via referral by a consultant, so while it might be of interest to foreign intelligence services, (because no data is worthless), it's probably of more value to big pharma.

As far as I'm aware the data is anonymized but I guess that doesn't matter, such a large sample would have a lot of value to some companies in this sphere.

3
0

Re: Strange

I think it's of value because it took so much time, knowledge and expense to complete. Any country getting hold of it would cut that whole part out, academic data is always being pilfered.

7
1
Silver badge
Big Brother

Re: Strange

"the data is anonymized"

But, it's DNA. And, partly thanks to the Mormons* and other credulous numpties, there's open source genealogy and DNA all over the internets. So, it's not beyond the wit of man to see it's possible to link the DNA in this database to gullible family members. Ask the Golden State Killer.

https://motherboard.vice.com/en_us/article/gyma7m/dont-sequence-your-dna-golden-state-killer

*LDS members like to baptise dead relatives. So, they love ancestry.com and ancestryDNA. The fact that these companies are based in Utah is blind coincidence.

https://www.theguardian.com/world/2017/dec/21/mormons-holocaust-victims-baptism-lds-church

https://en.wikipedia.org/wiki/Ancestry.com

p.s. I'm not making this up.

8
1
Anonymous Coward

Re: Strange

"p.s. I'm not making this up."

Yep known about the Mormons for years, weird concept to forcibly baptise someone without their knowledge or consent.

The problem is the fact this technology and data hasn't been around that long, it takes time before people realise the ways it can be misused and exploited.

With the matching of DNA and biometrics mistakes can easily be made, as they don't tend to match on all the data just significant points, same as happens with fingerprints and shoe prints, it's not unknown to get false positive matches, and people have gone to jail on the strength of this.

5
1

Re: Strange

It would take less than a day to identify someone to within 2nd cousin levels of accuracy by using only online database information. A bit longer, and you could identify to one or two individuals. https://www.livescience.com/63818-easy-identify-people-genetic-databases.html

1
0
Anonymous Coward

Weaponised?

Can the army use this to create bioweapons sophisticated enough to distinguish real Brits from EU queue jumpers then attack the alien DNA?

5
2
Anonymous Coward

Re: Weaponised?

You mean the place they're keeping the more sensitive data now is at Porton Down is that in Wiltshire? Ultra right wing conspiracy nuts might go so far as to suggest they're looking at using DNA targeting bioweapons for population control using the pretence of weeding out all genetic diseases...

2
2
Anonymous Coward

Re: Weaponised?

It's not that far from Corsham to Porton Down …

2
1

Re: Weaponised?

shush.

2
0

Re: Weaponised? - British X-Men?

C'mon. We all know what is happening here. We are developing British X-Men with mutant superpowers to defend Britain from the corrupt EUSSR after Brexit.

I for one welcome our new laser-eyed, telekinetic, psychic protectors

5
0

Re: Weaponised?

ISS Corsham to Porton Down is thirty miles as the crow flies. [1] That's too far for a Sekrit MOD Tunnel under Salisbury Plain, and besides you aren't allowed to tunnel just anywhere, because of the 6,000 year old archaeology. Oh, crap.

[1] It is well known that crows follow great circle routes.[citation needed]

4
0
Silver badge
Thumb Up

What is so striking about this story, is that they actually implemented and maintain strong security, rather than waiting unti after a breach. This has to be a first ?

10
0
Silver badge

But in the last paragraph, they toss the gauntlet... The group's chief scientist added that it pays an outside company – which it did not identify – to conduct pentests, and so far it hasn't managed to get into its systems. "None of the well-known viral attacks have succeeded in causing any dysfunction in Genomics England," said Chisholm.

Sounds almost like a challenge for someone who might seek notoriety or to make a name for themselves in Pen Testing.

2
0
Silver badge

"This has to be a first ?"

No. The ones you hear about being breached are the ones who didn't build in security from the first.

2
0
Silver badge

Have the military finished migrating their internet-facing machines away from Windows XP yet?

2
0
Silver badge
Boffin

@Mycho

Have the military finished migrating their internet-facing machines away from Windows XP yet?

I suspect that they have to get to XP first.

Some new kit will have gone directly to Raspberry Pi!

2
0

Subject to viral attack?

Only to be expected for DNA.

5
0
Silver badge

IP?

Is anonymity the real issue here?

Fully-anonymised data on this scale must have considerable commercial value to pharma research interested in such things as the prevalence of genetic patterns. If it's explicitly in the public domain, that's fine. If not, then industrial espionage becomes an obvious issue.

IP companies specialising in patents could be a prime suspect here.

5
0
Silver badge

Counting

Did you say that 100,000 Genomes is one million?

1
0
Silver badge

Re: Counting

Reading comprehension is hard. They have completed stage 1 which was 100k, now they will do 1m.

2
0

"None of the well-known viral attacks have succeeded in causing any dysfunction in Genomics England," said Chisholm

And what about the ones they did not detect?

4
0
Bronze badge

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018