Interviews

White powder copycats

by Mark Rowe

Copycat hoaxers are addressed by Oliver Morton, Operations Manager, SecureBio, pictured.

The migrating threat of terrorism has been extensively studied and closely monitored by security professionals from around the globe; it is widely understood that violent attacks and associated tactics seen in the Middle-East and central Asia will often migrate, or attempt to migrate, to the West some 12 to 18 months later.

A similar trend can be seen with less violent but widely reported incidents and crimes. In 2008 there was a spike of chemical suicides in Japan, this trend was then seen 6 months later in the United States, and then migrated to the United Kingdom in 2009. The same threat migration can seen with the reporting of letters containing anthrax, ricin or unknown substances intended to mimic biological agents.

Due to cultural similarities, deep routed connectivity and shared media, it is believed that the threat migration between the United States and the United Kingdom for this biological threat is significantly shorter than with other (non-English speaking) nations, typically 0 – 6 months.

Amerithrax. Attacks using letters containing biological agents, collectively referred to as white powder incidents, are not new and have been around since at least the 1990’s but in 2001 their use grew exponentially. The white powder threat can usually be attributed to one of the following perpetrators terrorists, extremist organisations, hate groups, disgruntled (former) employees or dissatisfied customers; albeit with differing intended outcomes ranging from the loss of life to business disruption or the generation of paralysing fear etc.

The first widely publicised white powder attacks occurred in September 2001, when there was a sudden spike in credible white powder attacks across the east coast of the USA. These attacks were attributed to an individual, believed to be Bruce Ivins but remains unproven, who successfully weaponised Anthrax spores and sent them to a number of media agencies and 2 Senators. The attacks, dubbed Amerithrax, resulted in 5 deaths, between 17 and 22 infected employees and a clean up cost, estimated by the FBI, to be in the region of $1Bn.

Prior to Amerithrax, it was estimated that global white powder incidents were in the low hundreds per annum however, following the Amerithrax attacks they rapidly gained notoriety and several thousand copycat (hoax) incidents ensued. The FBI’s Donald Alway, from the WMD Directorate, estimated that there were 50,000 incidents in the United States between September 2001 and August 2002.

Over the subsequent 6 months, the notoriety of Amerithax prompted a sudden surge in white powder incidents in the United Kingdom, a previously unseen threat. At the time the police were ill equipped to respond to these incidents, often responding with drug identification kits and military chemical detection equipment. By 2003 the number of white powder incidents had stablised at an estimated 5 – 10 per week, driving the Metropolitan Police Service to establish a permanent Dedicated Chemical, Biological, Radiological and Nuclear Unit (DCU).

17th April 2013. Since the initial spike of white powder attacks in 2001, the number of incidents has plateaued, estimates varying from 800 incidents per annum through to the United States Postal Service claiming to investigate 2000-3000 suspicious substance incidents per annum. However, it should be noted that, since 2001 all of these incidents have been classed as a hoax, until April 2013.

On the 17th April 2013 an envelope, addressed to President Obama, was successfully intercepted by a Federal mail screening facility; the envelope tested positive for the biological toxin Ricin, a highly toxic waste product, from commercially available castor beans.

This credible threat and the subsequent investigation rapidly gained traction with the US media, resulting in spikes across the country and most recently a second round of viable Ricin letters; the letters sent to Mayor Bloomberg were post marked 20th May 2013 and again tested positive for the toxin Ricin. With the growing traction and notoriety of the US Ricin letters, it is likely that this threat will migrate to the United Kingdom over the next 0 – 6 months.

Figure 2. Copycat Incidents Across The US Apr & May 2013.

The response. Historically UK commercial organisations have faced a series of very difficult decisions on how to respond to this threat. Responses vary, depending on available police assets, corporate security budgets and perceived threats.

In the UK, it is widely assumed that the emergency services have the capability to respond to and effectively deal with white powder incidents and this is true, to some degree, provided the incident occurs inside the M25 and the few specialist responders aren’t already tasked with other incidents or public events; the Metropolitan Police Service are the only UK force with dedicated and specialist trained officers, albeit only 30 of them.

The small number or lack of specially trained police officers, across the UK, has meant that most white powder incidents are dealt with by Fire & Rescue. The response is effective at dealing with the white powder but will do little for business interruption, staff confidence or maintaining corporate image and reputation.

Most biological threat agents are survivable but only if medical treatment is rapidly sought however, UK emergency responders currently lack the capability to conduct onsite identification of common biological threat agents, which can introduces delays of 24 – 36 hours, before the threat can be positively identified. University research has indicated that recovery rates for Anthrax are time critical, survival rates are in the high 90% provided appropriate treatment is sought in the first 12hrs however, this rapidly drops to approximately 60% within 36hrs, the time it may take to identify the threat.

So what can we do about it? Until recently, commercial organisations have had three options:

1. Do nothing. Having assessed the threat to the organisation, reviewed the statistics concerning the number of hoax attacks and looked deep into the corporate coffers, most commercial organisations have elected to take no action and rely on the emergency services to act swiftly.

2. Outsource mail-screening procedures. Some commercial organisations have implemented mail-screening protocols, but due to cost elected to outsource this. Outsourcing will afford a degree of security, if done appropriately but is likely to introduce lengthy delays in receiving mail and may also be very expensive, over time.

3. Introduce mail-screening procedures. The third and most complete solution is to implement in-house mail-screening, at considerable expense. However, current mail-screening techniques are usually focussed on detecting and countering the explosive threat, and may not be optimised or even capable of detecting biological threats.

There is now a fourth and financially viable option, developed for small businesses, large corporations and high net-worth individuals deemed to be at risk to white powder incidents. The solution is the Biological Immediate Action Service (BIAS), which equips a non-specialist user, with a rapid, in-house and user-friendly biological identification system, supported by a 24/7 advice line. BIAS is complimentary to existing mail-screening procedures and law enforcement but critically delivers a positive (or negative) result in 10 to 15 minutes, ensuring minimal disruption to business activities and priorities staff well-being.

Contact: For further information about white powder incidents, BIAS or to discuss available options contact SecureBio at [email protected].

Related News

  • Interviews

    Cyber predictions

    by Mark Rowe

    Malcolm Marshall, UK and Global Leader of KPMG’s Information Protection and Business Resilience team says there are clear trends emerging and the…

  • Interviews

    Cyber view of 2017

    by Mark Rowe

    Expect threats to the cloud and the Internet of Things (IoT), says Intel Security in its McAfee Labs 2017 Threats Predictions Report.…

  • Interviews

    Bonfire Night aware

    by Mark Rowe

    Your home’s never more likely to be burgled than on Bonfire Night, it’s claimed. While everyone is out watching firework displays and…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing