It’s Thursday, June 20, 2024 and 75°F in Austin, Texas

GEDmatch Used to Snare Golden Gate Killer - Hackers Get MyHeritage Data

NO court order was required to access GEDmatch's huge database of genetic material. Hackers?  MyHeritage's 92,283,889 people database has been breached!

Danger Beware of DNADid you know that As you have probably read it has been extensively reported that Golden Gate Killer was found using data from GEDmatch. It's an amazing story.  I will quote from ars technica:

"According to the East Bay Times, which first reported the connection to GEDmatch late Thursday evening, California investigators caught a huge break in the case when they matched DNA from some of the original crime scenes with genetic data that had already been uploaded to GEDmatch. This familial link eventually led authorities to Joseph James DeAngelo, the man authorities have named the chief suspect in the case. To confirm the genetic match, Citrus Heights police physically surveilled him and captured DNA off of something that he had discarded.

The former police officer was arrested Tuesday at his home in suburban Sacramento, having eluded law enforcement for decades. DeAngelo is expected to be arraigned Friday in Sacramento County Superior Court.

The Yolo County District Attorney said Thursday that DeAngelo "is suspected of committing over 50 rapes and a dozen murders across 10 different Northern, Central, and Southern California counties between 1976 and 1986."

Paul Holes, a retired Contra Costa County District Attorney inspector, told the East Bay Times that the investigation’s "biggest tool was GEDmatch, a Florida-based website that pools raw genetic profiles that people share publicly. No court order was needed to access that site’s large database of genetic blueprints."

On Friday morning, GEDmatch co-founder Curtis Rogers emailed Ars, underscoring the implications of uploading one's genetic profile to a database such as his. He published a statement, saying that he only learned of his site's connection to the California investigation through the media.

"Although we were not approached by law enforcement or anyone else about this case or about the DNA, it has always been GEDmatch's policy to inform users that the database could be used for other uses, as set forth in the Site Policy," he wrote. "While the database was created for genealogical research, it is important that GEDmatch participants understand the possible uses of their DNA, including information of relatives that have committed crimes or were victims of crimes. if you are concerned about non-genealogical uses of your DNA, you should not upload your DNA to the database and/or you should remove DNA that has already been uploaded."

The question is should we be worried about the implications of your DNA data being accessed without your permission?  Well as you can read you have already given your permission to GEDmatch and the cat is out of the bag, so to speak.  I expect, although I don't know for sure, that 23andMe and all of the companies who process DNA tests and provide information back to you relating to potential inclinations to illnesses  and diseases; help you find relatives all have releases so they can use your information anyway they want.  According to Genevieve Rajewski of

"The companies offering these tests largely make their money not from doing the tests, but from selling the genetic information to other companies interested in having access to large genetic databases. Almost 50 percent of the firms that sell you your ancestry information turn around and sell your genetic information to some other company."

"Often these are pharmaceutical companies trying to understand how variations in certain sections of the human genome may be useful in drug development. (Certain drugs may not function as well in a person carrying certain mutations, so the companies want to find the frequency of these mutations in the population.) Only about 10 percent of the companies that offer ancestry tests destroy your original sample; the vast majority hold onto your sample or sell it. So it’s not just the data, but your actual your saliva, that’s being shopped around."

"The companies offering testing services often go up for sale, and their privacy policies typically indicate that they bear no responsibility for your privacy once the company is sold—anything you signed is not reliable anymore. Many of the companies have privacy policies that state they can be changed at any time without notifying previous signers. In effect, you need to keep in contact with the company and keep yourself up-to-date on its policy. How many people are going to do that"

"There’s also a lot of concern that even though your name is not listed on the database, when the data is sold to somebody, the records can be de-anonymized. It has happened before—people have been able to take genetic information with no name on it and, through other databases, find the name associated with that genetic material.""

So, in my opinion, there is nothing that can be done to get your DNA info back - you can't extract it from the vast databases it is in already.  Your DNA information has probably been sold many times over by the time you are reading this.  Think of the number of Chinese companies who probably have it.  The question is will that information be misused?  The answer is, it probably already has been.  Eventually the authorities, people with power over us whether we like it or not - whoever those might be - Russian oligarchs and North Korean hackers - drug  companies - will be able to connect to you and enter your genome, accessing your DNA and monitoring or manipulating it.

Did you know that 23andMe and Ancestry are being investigated by the Federal Trade Commission over their policies for handling personal info and genetic data and how they share that info with third parties?  How concerned should you be about hackers getting access to your results?  MyHeritage is an Israeli-based company (I didn't know that they were Israeli - I assumed it was an American company) that recently reported its 92 million test results database had been hacked - 92,283,889 people! Their entire database was discovered on a private server.  How did it get there?  MyHeritage says the hackers did not get access their DNA databases, but how do they know? They didn't know that they had been hacked to begin with; a "security researcher" - whatever that is - told them that the breech had occurred in October 2017.

Will that mean an end to most diseases, will it help us live longer or healthier?  OR - will societies decide to stop people from reproducing who have traits that the majority doesn't approve of.  We have seen that happen before, what the German government did to mentally ill people and people with physical defects when they were given the power to do so.  The German people handed over power to the Nazis in democratic elections.  Incredibly stupid people can be manipulated to elect monsters in democracies, as we have recently seen.

Could a version of Westworld become a reality?  Who knows what the future will be, but it's scary, isn't it.

Bob Atchison

GEDmatch DNA Genealogy