You’ve seen the ads for DNA testing for a couple of hundred dollars, or so?

You know, just spit, and mail. Voila! Your DNA analysis comes back with all kinds of fun facts about your ancestry and your neighbour becomes your best buddy, or you stop slurping spaghetti and start chowing down on haggis. It’s made to be a life-changing event. How exciting! You discover one thousand of a gene snippet has a connection to some nationality you had never imagined.  On the negative side, you may be warned of a medical issue that you may not know you have, or of genetic predisposition for some genetic anomaly.

Wait.  Did you really just gave a piece of you away to complete strangers to study YOUR DNA?

Sure, they promise to protect your privacy, etc. And what the heck, huh?  Who’d want your DNA information, anyways?  You’re not a criminal and you also consider yourself to be nobody special…and you don’t have a lot of money, and you’re not running for public office. So, why’d anybody be interested in your DNA?

Surprise!!

“92 MILLION account details were recently STOLEN”… from a DNA tester. See End Note 1

So what good is your DNA if a hacker or a thief steals your DNA records? That question drove me to do a GOOGLE SEARCH to find out who’d be interested in someone else’s DNA. That is, who’d be interested, other than the police chasing down a wanted criminal? Answer: those who frequent the DARK WEB, of course! “DNA profiles are increasingly saleable on the black market.” See End Note 2 

Why?

“Criminals can collect the DNA sample to blackmail you later on, sell it on the Dark Web, or save it in an archive for future use.See End Note 3 You may wonder, what’s the big deal even if they do get your DNA, they can’t blackmail you for anything worthwhile. Maybe. But isn’t that the very premise of phishing scams, or the typical social engineering scam?

In phishing scams you may get a phone call or an email inviting you to provide or verify anything from your name, your address, passwords, to your official employment. A very popular email version of that is the official-looking email, on what looks like a legitimate company’s letterhead, such as your bank, the tax dep’t., or one of your social media sites telling you that your account has been accessed or hacked, or some such variant, and that you need to “click here” to verify your information or to change your password. Bingo!  Got ya!  From there the crime mushrooms into financial theft, identity theft, etc.

Social engineering is much the same but crooks do it with small bits of data. For example, your phone may ring and you may be asked something about your work colleague, or your neighbour, or a relative. The request for information or to verify something, may sound like the caller knows the targeted person, but the idea is to get you to add another small bit of information. After 25 or 50 such small bits of information, from as many sources and phone calls, the social engineering crook can stack up enough information to crack into corporate computer systems, or steal someone’s identity, etc.

One of the longest running scams is the technician from the windows company, or so they claim to be. They actually think people are stupid enough to give them online access to their computers to check it for bugs, or to improve its responsiveness. And, yes, people are stupid enough to turn control of their computers over to some no-name crook pretending to be online to help out.

Those hacker people are pretty darn smart, criminally smart. They have all kinds of tricks up their sleeves, all kinds of latest computer technology at their disposal, and they have all kinds of computer coding experiences.  Any piece of what I just mentioned is allegedly available on the dark web and even within small circles of hacker outside of the dark web or any other kind of web. When any of them lack a specific block of code required for their nefarious deeds, no problem. They just buy it from someone who has already posted it for sale on the dark web, or someone they can connect with within their circle of hackers. In a matter of minutes some despicable hacker genius somewhere in the world will be only too glad to oblige.

It doesn’t even require a phisher, social engineer, or hacker to disrupt your peace of mind. A few months before I wrote this Nugget, PRESIDENT DONALD TRUMP challenged Senator Warren, (USA),  about her claim that she had Native Indian heritage. She is alleged to have used that to leverage her career. At some point she had been unfairly negative towards Trump. In typical, “if attacked, push back twice as hard” style, Trump challenged Warren by calling her “Pochahontas” and staking huge dollars, his personal money, to the charity of her choice, if she produced a DNA test to prove her heritage. To my knowledge she decided to forego the offer.  Wonder why? Also, to my knowledge, this is the first time a DNA test result was asked for among debating politicians.

Hackers, phishers, and social engineers aside, some of those genetic testing firms may surprise you by having you sign an agreement in which, sometimes,  are terms of resale of your DNA buried deep in there amidst the other legalese and extensive boring jargon. The result?  Many customers simply assume their privacy is protected. After all, if word got out wouldn’t that crush their reliability and therefore their sales? Nope. Carefully read what you sign! Your genetic testing company also may be making big bucks by selling, or renting the use of, their customer lists on which your information and DNA results may be posted. Be very careful and read all the fine print to avoid any surprises.

Maybe, just maybe, this DNA stuff advertised for sale on TV may turn out to be a lot less fun than those happy ads would have you believe?

NOTE: If a doctor or hospital requires DNA testing for therapies such as identifying a specific DNA of a cancer for treatment, or your DNA is required to determine appropriate diseases, or for pharmaceuticals for treatment, then, yes, of course, that is not at issue in this Nugget.


END NOTE

  1. “DNA PROFILES STOLEN”, MAXIMUMPC, August, 2018. p.14.
  2. ibid.
  3. “Could hackers steal your DNA and sell it?” By John Brandon. Fox News. August 21, 2018. http://www.foxnews.com/tech/2018/08/21/could-hackers-steal-your-dna-and-sell-it.html