, 18 tweets, 21 min read
My Authors
Read all threads
Updated version of @DocEdge85’s preprint on the potential for upload attacks on genetic genealogy databases, detailing various hacks. Big addition, we did a proof-of-concept demo of a simple method for obtaining peoples’ genotypes from GEDmatch 1/n
biorxiv.org/content/10.110…
@DocEdge85 GEDmatch seems to use long runs of compatible genotypes between individuals (kits) to call genetic relatedness, identity by state (phase-unaware IBS calling). These runs of IBS can broken by a single opposite-homozygous genotype, e.g see user videos 2/n
@DocEdge85 On this basis we knew that GEDmatch was likely open to an `IBS baiting’ attack, uploading 2 fake kits with opposite-homozygote genotypes at target SNP surrounded by regions of heterozygous SNPs (which will at least half-match all other genotypes). See 3/n
@DocEdge85 We alerted GEDmatch to this in July, as well as pointing out that their chromosome browser may also leak a lot of information via its SNP visualizations. @_peterney et al also contacted them at a similar time, and we both independently posted preprints in Oct (after 90 days). 4/n
@DocEdge85 @_peterney Late Nov we attempted mock IBS baiting hack. We used only artificial kits (for targets and baits) & restricted it to the `research’ branch of GEDmatch (so we never interacted w. other people’s data nor violated T&C). We also verified this plan with UC Davis IRB and GEDMatch 5/n
@DocEdge85 @_peterney Our bait kits (B1 & B2) had het. & missing genos around target to bait IBS caller. We could tell if target was homozy. by which bait it IBS matched (eg. T1=B1 but not B2), & if it was heterozy if matched both baits (T2 vs B1 & B2). Image compiled from GEDmatch browser 6/n
@DocEdge85 @_peterney This baiting worked easily across four targeted regions on chromosome 22. We set up our baits to not match outside these regions & we saw no other IBS in genome-wide. Baiting could likely easily be extended to extract more genotypes genome-wide 7/n
@DocEdge85 @_peterney Note that this only needs GEDmatch to return IBS locations to extract genotypes, & doesnt need images. The images reveal even more info. GEDmatch seems to have jittered SNP positions (trying to block @_peterney-style attack?) but incomp genos in our baits are still visible 8/n
@DocEdge85 @_peterney GEDmatch allows you to use their 1-to-1 IBS caller on any of their >1 million kits if you know the kit number. Kit numbers are open to scraping from their website, as are the (often real) names and emails of the people uploading kits. 9/n
@DocEdge85 @_peterney @_peterney’s et al’s paper (@uw_cse_seclab @TechPolicyLab @luisceze @yoshi_kohno) nicely, independently showed how GEDmatch’s visualization algorithm of IBS matches could be exploited 10/n
@DocEdge85 @_peterney @uw_cse_seclab @TechPolicyLab @luisceze @yoshi_kohno They also independently described a method very similar to IBS baiting in their section VII, showing that it worked in GEDmatch as of summer / early fall. So this attack isn't hard to come up with, once you realize that only opposite homozy block IBS runs 11/n
@DocEdge85 @_peterney @uw_cse_seclab @TechPolicyLab @luisceze @yoshi_kohno We redesigned our original attack slightly as GEDmatch had put in place some counter-measures in response to our & @_peterney et al's initial emails, but these were ultimately not too hard to surmount. 12/n
@DocEdge85 @_peterney @uw_cse_seclab @TechPolicyLab @luisceze @yoshi_kohno Also, the countermeasures that are in place appear to apply only as blocks of new uploads. This means that previously uploaded kits designed for baiting-style attacks may be grandfathered in as potential backdoors 13/n
@DocEdge85 @_peterney @uw_cse_seclab @TechPolicyLab @luisceze @yoshi_kohno GEDmatch has now put in place reCaptcha to try & block bots on some of their form pages, which may prevent a large-scale attack to obtain many profiles. But they haven’t implemented simple measures, eg only returning long IBS, that would also improve their genealogy service. 14/n
@DocEdge85 @_peterney @uw_cse_seclab @TechPolicyLab @luisceze @yoshi_kohno GEDmatch returns much shorter IBS than users need. Also folks don't need a SNP-level view of other peoples' genomes for genetic genealogy (especially for any random user in the database). These issues make it far too easy to obtain other peoples' genotypes. 15/n
@DocEdge85 @_peterney @uw_cse_seclab @TechPolicyLab @luisceze @yoshi_kohno Our last successful attempt to upload and analyze bait kits worked as of Dec 15th, i.e. after @VerogenBio took over GEDmatch. 16/n
@DocEdge85 @_peterney @uw_cse_seclab @TechPolicyLab @luisceze @yoshi_kohno @VerogenBio .@DocEdge85's original thread outlining the concepts behind these potential privacy attacks on genetic genealogy databases 17/n
@DocEdge85 @_peterney @uw_cse_seclab @TechPolicyLab @luisceze @yoshi_kohno @VerogenBio & @DocEdge85's previous thread discussing why GEDmatch seemed particularly vulnerable to these attacks on genetic privacy. 18/n
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Graham Coop

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!