At least seven million customers of San Francisco-based DNA company, 23andMe, are now seeing their confidential and highly personal genetic data up for sale on the internet. The hackers are also offering the millions of victims’ personal email addresses for good measure and to best assist potential blackmailers and fraudsters.
A cyber-criminal going by the alias “Golem” last week posted an ad, which has now been taken down, on the BreachForums website offering “raw data profiles,” “tailored ethnic groupings,” “individualized data sets” and more to online buyers with enough ready cash to take advantage of the offer. According to “Golem”, the millions of individual DNA profiles now on offer include those of some of the world’s top business magnates.
The ad offered prices starting at US$1,000 for 100 individual profiles, rising to US$100,000 for 100,000 profiles, making the stolen haul potentially worth upwards of US$7 million. On the face of it, the potential value of 23a2ndME’s stolen data would appear to mark out the hacker(s) responsible for the theft as small fry compared to leading ransomware groups like LockBit whose revenues match those of major legitimate corporations.
However, the highly personal content of DNA data marks the theft as a dangerous precedent in the digital world of the 21st Century. Until now, the most damaging personal data exposed on Dark Web forums has been individuals’ credit details of compromising messages and images.
Stolen DNA can be used for cross-species experiments
The theft of an individual’s DNA data represents a far greater personal intrusion than illegal access to their bank account. For example, new medical technologies enable the splicing of an individual’s DNA, complete with genetic and personality traits, into another human body or even that of an animal such as a pig or rat. While experimenting with such human/animal abominations is absolutely forbidden legally and morally in North America and Europe, this is not always true in geographies such as Asia.
In addition to Japan, where human-animal embryo experiments were legalized four years ago, there are also unconfirmed reports of laboratories inside mainland China already conducting inhumane experiments to create part-human, part-animal cross-species, possibly for future use as a form of slave labor. Once the digital code of an individual’s DNA is released into the digital wild, there is absolutely no knowing where it might up – a truly horrifying thought for anyone who suspects they may have had their DNA code nicked.
According to some cybersecurity sources, the breach may not have been the work of a highly skilled group of hackers boring through 23andMe’s cyber defenses, but simply the result of a 23andMe employee going rogue. A current cybercrime trend is to bypass expensive and highly effective cyber defenses by simply bribing or blackmailing a disgruntled member of the target’s staff to release confidential data.
It is either ironic or deeply sinister, given the horrific events taking place in Israel over the last few days, that the cyber-criminals alias of “Golem” refers to a terrifying mythical monster from Jewish folklore, leading some security sources to quietly speculate that the cybercriminal(s) responsible might be an anti-Israeli group seeking funding for arms and based outside the US.
