Attribution and Biological Forensics
The Amerithrax investigation took seven years, cost over $100 million, and ended with the prime suspect’s suicide before trial. Questions remain. This is attribution’s challenge: we can often identify the pathogen strain and sometimes infer production methods, but proving intent from biological evidence alone is nearly impossible. Without credible attribution, biosecurity deterrence is hollow.
- Explain why attribution is foundational to deterrence and response in biosecurity
- Describe the science and methods of microbial forensics
- Recognize the biological, technical, and investigative challenges that make attribution difficult
- Analyze key case studies in biological attribution (Amerithrax, Rajneeshee, COVID-19 origins)
- Evaluate international frameworks and their limitations for attribution
- Identify improvements needed in attribution capabilities
Introduction: The Whodunit Problem
In October 2001, letters containing anthrax spores were mailed to news media offices and two US Senators. Five people died. Seventeen others were infected.
The FBI investigation that followed - code-named “Amerithrax” - would become the most expensive and complex investigation in the Bureau’s history. It took seven years, cost over $100 million, involved novel scientific methods, and ended with the suicide of the primary suspect before trial.
Even now, questions remain.
Amerithrax illustrates a fundamental challenge in biosecurity: attribution is extraordinarily difficult. And this difficulty has profound implications for everything from deterrence to international relations to pandemic response.
This chapter examines why attribution matters, how microbial forensics works, what makes biological attribution so challenging, and what improvements are needed.
Attribution is simultaneously: - Essential for deterrence (threats must be credible) - Essential for response (justice requires knowing who acted) - Extremely difficult with biological evidence - Politically consequential (wrong attribution can cause wars)
This paradox means attribution works best as a deterrent when potential attackers believe they will be caught, even if the actual capability is limited.
Why Attribution Matters
Deterrence
The foundation of biosecurity deterrence is the belief that perpetrators will be identified and held accountable.
In nuclear deterrence, we rely on “Mutually Assured Destruction.” This works because if a missile launches from a silo, satellites see the heat bloom instantly. We know exactly who did it.
In biosecurity, we have no heat bloom. If a new respiratory virus appears in a major city tomorrow, is it a natural spillover? An accidental leak? A deliberate release? Without Attribution, there is no Deterrence.
Consider the incentive structure: - If a state or non-state actor believes they can conduct a biological attack anonymously, the perceived cost of attack decreases - If they believe sophisticated forensic capabilities will identify them, the perceived cost increases - Deterrence depends on this calculation
A RAND report on biological weapons attribution argues that credible attribution capabilities can deter state use by increasing the likelihood of exposure, deter non-state actors by enabling prosecution, and reduce the appeal of “false flag” operations.
The challenge is that biological attacks are inherently more deniable than nuclear or large-scale conventional attacks. A disease outbreak could be natural, accidental, or deliberate. Separating these possibilities requires investigation.
Response and Justice
Attribution enables multiple response options:
Criminal prosecution: Both domestic and international law require proof of responsibility. The Biological Weapons Convention prohibits development and use of biological weapons, but enforcement requires attribution.
State responsibility: If a nation-state is responsible, responses range from diplomatic pressure to sanctions to military action. But mistaken attribution could trigger unjustified conflict.
Public health response: Knowing whether an outbreak is natural or deliberate affects response strategy. Deliberate releases may have different epidemiological patterns and require different interventions.
Geopolitical Stability
Attribution claims carry enormous weight in international relations.
False accusations: If a country wrongly accuses another of a biological attack, the consequences could include war.
Conspiracy theories: Without credible attribution capability, conspiracy theories fill the vacuum. The COVID-19 origins debate demonstrates how uncertainty enables competing narratives that align with preexisting geopolitical tensions.
Strategic stability: The ability to distinguish natural, accidental, and deliberate outbreaks is essential. Without it, every outbreak becomes a potential flashpoint.
The Science of Microbial Forensics
Microbial forensics is the scientific discipline that analyzes biological evidence to identify the source of a pathogen, its production method, and potentially its creator.
Genomic Analysis
The revolution in DNA sequencing has transformed microbial forensics:
Whole genome sequencing: Pathogens can be sequenced completely, revealing their genetic fingerprint. This allows comparison against reference strains to identify the specific variant used.
Phylogenetic analysis: By comparing sequences across known isolates, investigators can construct evolutionary trees showing how closely related the attack strain is to other known samples. This can narrow the source.
Mutation analysis: Pathogens accumulate mutations over time. The pattern of mutations can indicate whether a strain was recently grown (few mutations) or is an older isolate (more mutations).
Single nucleotide polymorphisms (SNPs): Even closely related strains differ at specific positions. These SNPs can serve as identifying markers.
The Amerithrax investigation pioneered forensic genomics. Investigators identified four distinct morphological variants in the attack spores. By screening the FBI’s repository of Bacillus anthracis samples, they linked the attack strain (RMR-1029) to a specific flask at the US Army Medical Research Institute of Infectious Diseases (USAMRIID).
This was groundbreaking science - but it identified the flask, not definitively the person who used it. The circumstantial case against Dr. Bruce Ivins relied on additional evidence beyond genomics.
The Morphotype Breakthrough: Scientists did not just sequence the anthrax; they grew it on petri dishes. They noticed that a tiny fraction of the colonies looked “weird” (different shapes/textures). These were morphotypes. Geneticists sequenced these specific variants and found 4 distinct mutations. They then screened the FBI’s repository of 1,000+ anthrax samples. Only one flask contained all 4 mutations: Flask RMR-1029, which sat in Dr. Bruce Ivins’ lab at USAMRIID.
Non-Genomic Approaches
Genomics alone often cannot provide complete attribution. Complementary methods include:
Isotope analysis: Stable isotope ratios (carbon, nitrogen, oxygen, hydrogen) in biological materials reflect the geographic origin of growth media ingredients. A pathogen grown in different locations will have different isotopic signatures.
Chemical analysis: Growth conditions leave chemical traces. Media components, processing residues, and contaminants can indicate production methods.
Physical analysis: The physical form of biological agents (powder characteristics, particle size, additives) can indicate production sophistication and potentially narrow the list of capable producers.
Traditional forensics: Chain of custody, fingerprints, document analysis, and conventional investigation remain essential. The biological evidence is one piece of a larger puzzle.
The National Bioforensic Analysis Center
The US maintains the National Bioforensic Analysis Center (NBFAC) as the primary federal facility for bioforensic analysis. Established after the 2001 anthrax attacks, NBFAC:
- Conducts forensic analysis of biological threats
- Develops new forensic methods
- Maintains reference collections
- Supports criminal investigations
Similar capabilities exist in other countries, though global coverage is uneven.
Challenges in Attribution
Biological Challenges
Biology itself makes attribution difficult:
Rapid mutation: Pathogens, especially RNA viruses, mutate quickly. A virus passaged through multiple hosts may look quite different from its starting point.
Evidence degradation: Biological samples degrade. Without proper preservation, critical evidence is lost.
Natural variation: Wild populations of pathogens show natural genetic diversity. Distinguishing engineered changes from natural variation requires extensive reference libraries.
Wide distribution: Many dangerous pathogens exist in nature or in laboratories worldwide. Proving a specific source is challenging when many potential sources exist.
Technical Limitations
Engineering signatures: Traditional genetic engineering left recognizable markers (restriction enzyme sites, antibiotic resistance genes). Modern synthetic biology techniques can produce constructs with no obvious engineering signatures.
AI-designed sequences: As AI-Enabled Pathogen Design discussed, AI can design novel proteins or modify existing ones. These AI-designed sequences may not match anything in databases, complicating identification.
Production methods: Determining how a pathogen was produced (fermentation conditions, purification methods, storage) requires specialized analysis that may not be conclusive.
Investigative Challenges
The intent problem: Biological evidence can demonstrate what pathogen was used and sometimes how it was produced. But proving intent typically requires additional evidence.
Intelligence vs. evidence: Intelligence agencies may have information about a suspect’s activities, but this information may not be admissible in court or releasable publicly.
Access: Investigations require access to suspects, facilities, and records. International investigations face sovereignty constraints.
Imagine you receive a suspicious powder and need to determine: 1. What is it? (Usually achievable) 2. Where did it come from? (Sometimes achievable) 3. Who made it? (Difficult) 4. Why did they make it? (Very difficult from biological evidence alone) 5. Can we prove it in court? (The highest bar)
Forensic science can often answer (1) and sometimes (2). Answers to (3), (4), and (5) typically require traditional investigation, intelligence, and circumstantial evidence beyond what the sample itself reveals.
Case Studies in Attribution
The Amerithrax Investigation (2001)
The anthrax letter attacks killed five people and infected seventeen others. The investigation:
Timeline: Letters mailed September-October 2001; investigation concluded August 2008 with suicide of primary suspect Dr. Bruce Ivins.
Methods: Novel forensic genomics; traditional FBI investigation; behavioral analysis.
Outcome: FBI concluded Ivins was solely responsible. Case closed after his death without trial.
Controversies: Independent reviews by the National Academy of Sciences found the scientific case was consistent with the FBI’s conclusions but did not definitively prove them. Questions remain about whether Ivins had the capability to produce the sophisticated attack material.
Lessons: - Genomic forensics can narrow suspects but may not prove identity - Seven years and $100M still produced an incomplete case - The suspect died before the evidence could be tested in court
The Rajneeshee Bioterror Attack (1984)
In 1984, followers of Bhagwan Shree Rajneesh contaminated salad bars in The Dalles, Oregon with Salmonella typhimurium. 751 people became ill.
Timeline: Attack in September-October 1984; attribution in 1985 after confession by cult members.
Initial response: Public health officials initially assumed a natural outbreak. The deliberate contamination was not suspected.
Attribution: Came from confession and subsequent investigation, not forensic analysis. The Salmonella strain matched cultures found in the cult’s laboratory.
Lessons: - Deliberate biological events can be misidentified as natural outbreaks - Attribution may depend on intelligence, confession, or traditional investigation rather than forensics - The first biological terror attack in the US was not recognized for what it was until someone talked
COVID-19 Origins Investigation
The investigation into SARS-CoV-2 origins illustrates the challenges of international biological attribution:
Competing hypotheses: - Natural spillover from animals (via intermediate host or direct from bats) - Laboratory-associated incident (from research at Wuhan Institute of Virology or elsewhere)
Investigation efforts: - WHO-China joint study (2021): Limited access, inconclusive results - ODNI unclassified assessment (2021): Agencies split between hypotheses with low confidence - CIA assessment (2025): Lab-related origin “more likely” but still low confidence - WHO expert group (2025): Zoonotic transmission remains most plausible scientific hypothesis but data gaps prevent ruling out lab origin
Challenges: - Limited access to original samples and records - Geopolitical tensions affecting cooperation - Time elapsed before investigation began - Genuine scientific uncertainty about spillover vs. lab origin - Competing narratives used for geopolitical purposes
Current status: No consensus has emerged. Both natural and laboratory-associated origins remain plausible. This may never be definitively resolved.
Regardless of what actually happened, the COVID-19 origins debate demonstrates:
- Attribution is politically charged: Claims align with geopolitical interests
- Access is essential: Without cooperation from the country where an outbreak begins, investigation is severely constrained
- Time matters: The longer investigation is delayed, the more evidence degrades
- Uncertainty persists: Even with global scientific attention, definitive answers may be unachievable
Comparison: Novichok Chemical Attribution
The 2018 Novichok poisoning of Sergei and Yulia Skripal in the UK provides a useful comparison:
Similarities to biological attribution: - Required identifying a specific agent - Involved state responsibility claims - Had geopolitical consequences
Key differences: - Chemical agents are synthetic, not naturally occurring - Production of Novichok requires specific state-level capabilities - The agent itself pointed to a small number of possible sources
OPCW Confirmation: The UK requested technical assistance from the Organisation for the Prohibition of Chemical Weapons (OPCW). OPCW laboratories independently confirmed the identity of the toxic chemical, providing international backing for the UK’s findings. This illustrates the value of an independent technical organization that can validate national claims.
Outcome: UK attributed the attack to Russian military intelligence (GRU). In 2025, a UK public inquiry concluded that Putin must have authorized the operation. Novichok’s rarity and OPCW confirmation made attribution more straightforward than for biological agents.
International Frameworks
BWC and Attribution
The Biological Weapons Convention prohibits biological weapons but has no formal attribution mechanism.
Compare to the chemical sphere: The Chemical Weapons Convention established the Organisation for the Prohibition of Chemical Weapons (OPCW), which can investigate alleged use. The BWC has no equivalent body.
Efforts to strengthen BWC verification and attribution have repeatedly failed, blocked by disagreements among state parties about intrusiveness and sovereignty.
UN Secretary-General’s Mechanism (UNSGM)
The UN Secretary-General’s Mechanism allows the Secretary-General to investigate alleged use of chemical or biological weapons. It has been used for chemical allegations (Syria) but never for biological allegations.
Limitations: - Requires state consent or Security Council action - Limited permanent capacity - Relies on voluntary expert roster - Political constraints on activation
Building Capacity: Training exercises, such as a 2022 capstone exercise led by the Robert Koch Institute, aim to build readiness for future UNSGM investigations. These exercises test procedures, coordination, and analytical capabilities.
The Geopolitics of Attribution
Making Attribution Claims
Attribution claims are inherently political acts:
Who makes claims: National governments, intelligence agencies, international organizations, independent researchers
Standards of proof: Range from “high confidence” intelligence assessments to courtroom evidentiary standards to peer-reviewed scientific consensus
Timing: Rapid attribution may be needed for response but risks error; careful investigation takes time
Presentation: How claims are communicated affects credibility and response
Consequences of Attribution
Attribution claims trigger consequences:
Correct attribution: Enables appropriate response, reinforces deterrence, provides justice
Incorrect attribution: Can cause wrongful punishment, diplomatic crises, even war
Non-attribution: May enable impunity, weaken deterrence, feed conspiracy theories
The False Attribution Risk
The potential for false attribution is serious:
- A natural outbreak could be wrongly attributed to a state actor
- A state could fabricate evidence to implicate an adversary
- Genuine uncertainty allows motivated reasoning
The consequences of false attribution in the biological sphere could include: - Unjustified military action - Breaking of diplomatic relations - Economic sanctions on innocent parties - Escalation spirals
Digital Forensics Integration
Complementary Evidence
Biological attribution increasingly requires integration with digital forensics:
Email and communications: The Amerithrax investigation traced letters through postal systems and investigated communication patterns.
Purchase records: Acquisition of equipment, materials, and expertise leaves digital traces.
Travel records: Physical access to laboratories or outbreak sites can be verified.
Social media: Open-source intelligence can reveal capabilities, intentions, and connections.
Cybersecurity: Laboratory computer systems may contain relevant evidence.
The Digital Future of Attribution: As biology becomes digital, attribution will rely increasingly on digital forensics:
| Evidence Type | Example | Value |
|---|---|---|
| Server Logs | Cloud Lab API logs showing who ordered which sequences | Links design to identity |
| Model Fingerprints | Did the design come from GPT-4 or a proprietary model? | Traces AI involvement |
| Purchase Records | DNA synthesis orders, equipment receipts | Establishes capability |
| Timestamps | When protocols were written vs. when cultures were grown | Establishes timeline |
Digital attribution implies surveillance. It suggests a world where every biological experiment is logged. The biosecurity community is debating how to balance privacy for legitimate scientists against traceability for stopping threats. There are no easy answers.
AI-Generated Threats (Future Challenge)
As AI capabilities advance (AI as a Biosecurity Risk Amplifier), new attribution challenges emerge:
- AI-designed sequences may not match anything in databases
- AI could potentially help adversaries design evasion strategies
- Conversely, AI could enhance forensic analysis and pattern recognition
The intersection of AI and attribution is an emerging area requiring investment.
Improving Attribution Capabilities
Technical Investments
Reference databases: Broader, more comprehensive databases of pathogen strains, production signatures, and genetic diversity improve the ability to trace sources.
Faster sequencing: Rapid genomic analysis enables quicker narrowing of possibilities.
Synthetic biology signatures: Research into detecting markers of synthetic biology, even when traditional signatures are absent.
AI-enhanced analysis: Machine learning to identify patterns in complex forensic data.
Institutional Improvements
International network: Building forensic capacity globally, not just in wealthy nations.
Standard protocols: Agreed international standards for evidence collection, chain of custody, and analysis.
Exercise and training: Regular exercises to test and improve attribution capabilities.
Policy Frameworks
Clearer investigation authority: Establish mechanisms for rapid international access when needed.
Pre-negotiated agreements: Bilateral or multilateral agreements on cooperation during investigations.
Information sharing: Mechanisms to share relevant evidence while protecting sources and methods.
If you work in biosecurity, public health, or related fields:
- Preserve evidence: In outbreak response, consider forensic needs alongside medical response
- Document carefully: Chain of custody and documentation enable later analysis
- Know your contacts: Relationships with forensic labs and law enforcement before an incident matter
- Advocate for investment: Attribution capability requires sustained funding, not just post-incident attention
Why is attribution so important in biosecurity?
Attribution enables deterrence, justice, and geopolitical stability. Without credible attribution, threats are not believable, perpetrators cannot be prosecuted, and conspiracy theories fill the vacuum.
What methods are used in microbial forensics?
Key methods include whole genome sequencing to identify strain fingerprints, phylogenetic analysis to trace origins, isotope signatures revealing geographic production locations, chemical analysis of growth media, and traditional forensics like chain of custody and fingerprints.
What made the Amerithrax investigation so difficult?
Despite taking 7 years and costing over $100 million, the investigation could identify the source flask but not definitively prove who used it. The suspect died before trial, leaving questions unresolved. Genomic forensics narrowed suspects but could not prove identity alone.
Why are COVID-19 origins still unresolved?
Limited access to original samples and records, geopolitical tensions affecting cooperation, time elapsed before investigation began, and genuine scientific uncertainty about spillover versus lab origin all contributed. Both natural and laboratory-associated origins remain plausible, and this may never be definitively resolved.
This chapter is part of The Biosecurity Handbook. For case studies in biosecurity, see also the companion chapter on biosecurity failures and successes.