back to article Brits' DNA data sent to military base after 'foreign' hack attacks – report

An ambitious project to map the DNA of a million Brits has experienced such sustained hack attacks that officials have had to shift the data to a Ministry of Defence (MoD) facility in Wiltshire. Genomics England was probably hoping for a day of cheery PR after telling the world it had completed the "100,000 Genomes Project" …

  1. CAPS LOCK

    "100,000 Genomes Project is secure, insists chair"...

    ... Well he would say that wouldn't he. </Mandy Rice-Davis>

    The reality is, he doesn't know.

    1. Threlkeld

      Re: "100,000 Genomes Project is secure, insists chair"...

      After over 70 years I'd guess that my medical records could be matched to me even if ‘anonymised’. Only the radical pruning out of such details as time and place might prevent this.

      The data may be 'safe' in a bunker, but it's only going to be useful in the hands of researchers. And they will be in universities and big pharma research labs all round the world. Granted, many will only have a subset of the whole, but they certainly won't be in bunkers. I wonder what kind of security conditions will be imposed, and how well those conditions will be policed?

      In any case, since expertise is needed to make any sense of the medical data it is probably easier for big national or commercial interests to employ that same expertise to craft really good research applications, obtain the data legitimately, and then feel free pass it on to any dark-side entity with which they might have a quiet understanding. Again, I wonder what kind of security conditions can be imposed, and how on Earth those conditions could be policed?

      1. Anonymous Coward
        Anonymous Coward

        Re: "100,000 Genomes Project is secure, insists chair"...

        After over 70 years I'd guess that my medical records could be matched to me even if ‘anonymised’.

        Which regular commentard am I?

        You have an easy problem: there are only a few tens of us to choose from, and our writing patterns surely have less entropy than the genome. Identifying me from this post must be at least a few million times easier than identifying you from a genetic database.

        1. Jamie Jones Silver badge

          Re: "100,000 Genomes Project is secure, insists chair"...

          Are you me?

          1. Mark 85

            Re: "100,000 Genomes Project is secure, insists chair"...

            Are you me?

            Nope... I am the walrus.. Goo goo g'joob…

        2. Doctor Syntax Silver badge

          Re: "100,000 Genomes Project is secure, insists chair"...

          "Which regular commentard am I?"

          I don't think you're Bob. One down....

        3. Anonymous Coward
          Anonymous Coward

          Re: "100,000 Genomes Project is secure, insists chair"...

          "Which regular commentard am I?" not a problem when the legal system allows you to read the last page of the book.

        4. FlamingDeath Silver badge

          Re: "100,000 Genomes Project is secure, insists chair"...

          You are number 2

      2. RDW

        Re: "100,000 Genomes Project is secure, insists chair"...

        "The data may be 'safe' in a bunker, but it's only going to be useful in the hands of researchers. And they will be in universities and big pharma research labs all round the world. Granted, many will only have a subset of the whole, but they certainly won't be in bunkers. I wonder what kind of security conditions will be imposed, and how well those conditions will be policed?"

        https://www.genomicsengland.co.uk/understanding-genomics/data/current-research/

  2. Anonymous Coward
    Anonymous Coward

    Strange

    Went to a lecture from this Project at a New Scientist event in London

    The data collected by this project is almost exclusively from families suffering from genetically inherited illnesses, and you get included via referral by a consultant, so while it might be of interest to foreign intelligence services, (because no data is worthless), it's probably of more value to big pharma.

    As far as I'm aware the data is anonymized but I guess that doesn't matter, such a large sample would have a lot of value to some companies in this sphere.

    1. Valeyard

      Re: Strange

      I think it's of value because it took so much time, knowledge and expense to complete. Any country getting hold of it would cut that whole part out, academic data is always being pilfered.

    2. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Re: Strange

        "p.s. I'm not making this up."

        Yep known about the Mormons for years, weird concept to forcibly baptise someone without their knowledge or consent.

        The problem is the fact this technology and data hasn't been around that long, it takes time before people realise the ways it can be misused and exploited.

        With the matching of DNA and biometrics mistakes can easily be made, as they don't tend to match on all the data just significant points, same as happens with fingerprints and shoe prints, it's not unknown to get false positive matches, and people have gone to jail on the strength of this.

      2. Intractable Potsherd

        Re: Strange

        It would take less than a day to identify someone to within 2nd cousin levels of accuracy by using only online database information. A bit longer, and you could identify to one or two individuals. https://www.livescience.com/63818-easy-identify-people-genetic-databases.html

  3. Anonymous Coward
    Anonymous Coward

    Weaponised?

    Can the army use this to create bioweapons sophisticated enough to distinguish real Brits from EU queue jumpers then attack the alien DNA?

    1. Anonymous Coward
      Anonymous Coward

      Re: Weaponised?

      You mean the place they're keeping the more sensitive data now is at Porton Down is that in Wiltshire? Ultra right wing conspiracy nuts might go so far as to suggest they're looking at using DNA targeting bioweapons for population control using the pretence of weeding out all genetic diseases...

    2. Anonymous Coward
      Anonymous Coward

      Re: Weaponised?

      It's not that far from Corsham to Porton Down …

      1. Jonathan Richards 1

        Re: Weaponised?

        ISS Corsham to Porton Down is thirty miles as the crow flies. [1] That's too far for a Sekrit MOD Tunnel under Salisbury Plain, and besides you aren't allowed to tunnel just anywhere, because of the 6,000 year old archaeology. Oh, crap.

        [1] It is well known that crows follow great circle routes.[citation needed]

    3. RAMstein

      Re: Weaponised?

      shush.

      1. The JP

        Re: Weaponised? - British X-Men?

        C'mon. We all know what is happening here. We are developing British X-Men with mutant superpowers to defend Britain from the corrupt EUSSR after Brexit.

        I for one welcome our new laser-eyed, telekinetic, psychic protectors

  4. Wolfclaw
    Thumb Up

    What is so striking about this story, is that they actually implemented and maintain strong security, rather than waiting unti after a breach. This has to be a first ?

    1. Mark 85

      But in the last paragraph, they toss the gauntlet... The group's chief scientist added that it pays an outside company – which it did not identify – to conduct pentests, and so far it hasn't managed to get into its systems. "None of the well-known viral attacks have succeeded in causing any dysfunction in Genomics England," said Chisholm.

      Sounds almost like a challenge for someone who might seek notoriety or to make a name for themselves in Pen Testing.

    2. Doctor Syntax Silver badge

      "This has to be a first ?"

      No. The ones you hear about being breached are the ones who didn't build in security from the first.

  5. Anonymous Coward
    Anonymous Coward

    Have the military finished migrating their internet-facing machines away from Windows XP yet?

    1. Spanners Silver badge
      Boffin

      @Mycho

      Have the military finished migrating their internet-facing machines away from Windows XP yet?

      I suspect that they have to get to XP first.

      Some new kit will have gone directly to Raspberry Pi!

  6. Detective Emil

    Subject to viral attack?

    Only to be expected for DNA.

  7. Nick Kew

    IP?

    Is anonymity the real issue here?

    Fully-anonymised data on this scale must have considerable commercial value to pharma research interested in such things as the prevalence of genetic patterns. If it's explicitly in the public domain, that's fine. If not, then industrial espionage becomes an obvious issue.

    IP companies specialising in patents could be a prime suspect here.

  8. Robert Carnegie Silver badge

    Counting

    Did you say that 100,000 Genomes is one million?

    1. Spazturtle Silver badge

      Re: Counting

      Reading comprehension is hard. They have completed stage 1 which was 100k, now they will do 1m.

  9. Toilet Duk

    "None of the well-known viral attacks have succeeded in causing any dysfunction in Genomics England," said Chisholm

    And what about the ones they did not detect?

  10. FlamingDeath Silver badge

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon