2 min read

Malware: The Dangers of DNA Hacking

Richard Kahn January 30, 2019

Ad Fraud

It’s eerie how real-life can mimic a page out of a fictional novel. Look around, and much of what you see mirrors Aldous Huxley’s Dystopian novel: Brave New World.

Today, not only can you genetically modify food and animals, but you can even modify DNA. Deoxyribonucleic acid (DNA) is the carrier of genetic information, present in living organisms. It’s the building block of life, and now it's the latest avenue for scammers to carry out nefarious DNA hacking schemes.

Participate in Consumer DNA Testing? You’re at Risk

Consumer DNA testing has never been more popular. Simply purchase a kit (e.g. 23andMe or AncestryDNA), swab your cheek or spit in a tube, and mail to get your results. As you seal the kit, you probably don’t ponder the security risks; you just want to know if great aunt Margaret is really a descendant of the House of Windsor.

Now imagine your genetic material is stolen and sold on the dark web. Uh oh. It’s a terrifying thought that could soon become a reality. Hackers are always looking to make a quick buck and DNA is another way to make a lot of money.

dna-tests Source: SmarterHobby.com

But unlike getting a new credit card after it’s been stolen, you can’t get new DNA. Your DNA is permanent, and now you have to worry about what those scammers are going to do with your stolen DNA.

DNA-Based Exploit of a Computer System: It's Been Proven Possible

Individual DNA being stolen is just the tip of the iceberg. The potential for “biological malware” is also a major concern, especially since it’s already been proven possible.

At the University of Washington in Seattle, researchers Tadayoshi Kohno and Luis Ceze were able to carry out a hack involving malware encoded into a gene that was used to gain control over a computer.

First, they encoded malware into DNA they had purchased online. To encode malware into DNA, you convert computer binary code 1’s and 0’s into A, C, G, and T, which are the letters of DNA base types (e.g. adenine, cytosine, guanine, and thymine.)

Then they hacked a computer that tried to process the DNA after it was read by a DNA sequencing machine. And it’s not just DNA hacking you have to worry about. Kohno and Ceze warned hackers could also use fake blood or saliva samples to gain access to forensic labs and other sensitive material.

It’s important to note, that at this time, it’s just computers attached to DNA sequencing machines at risk, not personal at-home computers.

Synthetic DNA: The Next Pandora’s Box?

Not only do we have to worry about real DNA being modified, but synthetic DNA is also at risk. Now that DNA can now be engineered using software, you no longer need an existing DNA molecule to create new DNA molecules.

Like real DNA, synthetic DNA can also be used to carry malware capable of launching a cyber attack. A dangerous computer virus similar to Stuxnet, could be used to hack into digitally controlled machinery in critical facilities. And even more concerning, by using a computer to edit and write DNA sequences, you can design or reconstruct dangerous pathogens and weaponize them.

It’s Not Just DNA We Have to Worry About

DNA in the wrong hands can have serious ramifications. But the reality is, you could even have bacteria from your own skin carry a malware file, says Yaniv Erlich, professor at Columbia.

Fortunately, we have time to strengthen our defenses. Right now, it’s easier for scammers to send a corrupt email attachment, than to hack DNA.