Scientists Discuss Forensic Process Used To Track Down Anthrax Strain In 2001 Letter Attacks

It took nearly a decade before University of Maryland researchers were allowed to talk about their work identifying the anthrax strain used in the 2001 deadly letter attacks. But now, they and the other key members of the high-powered science team have published the first account of the pioneering work, which launched the new field of “microbial forensics” and gave bioterrorism investigators a way to “fingerprint” bacteria.

The current online Early Edition of the Proceedings of National Academy of Sciences (PNAS) details the multi-institutional research that the FBI ultimately used to track anthrax-laden letters back to test tube number RMR-1029 at a lab in Fort Detrick, Maryland.

University of Maryland bioinformatics experts co-authored the article and conducted the computational analysis that detected four genetic mutations that together comprised a unique signature of a particular colony of anthrax bacteria. The FBI subsequently determined this colony was found only in that Ft. Detrick test tube.

The Maryland researchers have since developed their work into a genetic ‘fingerprinting’ tool that is available online to law enforcement seeking to track down other microbial suspects.

“We found unique bio-markers to help investigators track down the source of the anthrax,” said Steven Salzberg, director of the University of Maryland Center for Bioinformatics and Computational Biology (CBCB). “At first the tiny mutations were elusive. We thought we’d pieced together the ‘jigsaw puzzle’ of data very neatly, until we ended up with a few oddball bits left over. When we looked more closely, we found an extra copy of a critical gene.”

“Fortunately, anthrax bacteria mutate relatively slowly, so the material in this colony developed these small distinctive mutations that resulted in physically distinct characteristics,” said Mihai Pop, Salzberg’s CBCB colleague and article co-author. “If you isolate a colony of bacteria in a test tube, they’ll slowly accumulate random mutations that make them distinct from any other samples of the same type of bacteria.”

“Our colleagues at the University of Maryland School of Medicine’s Institute for Genome Sciences sequenced the DNA of the bacterial samples provided by the FBI. Then, using computational analysis, we identified four tiny changes in the DNA structure that the FBI could use as a fingerprint in their investigation.”

Working on a sensitive, high-profile project involving national security turned out to be nothing like Salzberg expected. It was 2001, several letters with anthrax powder had been sent to Capitol Hill and various media outlets. Five people had died and 19 more were sickened. The FBI asked Salzberg, Pop and their colleagues to analyze samples of the powdered anthrax in the letters.

“We mainly got blind samples -- most of the time we had no idea of the material’s origin,” Salzberg said. “Our job was to comb through the DNA sequence data and puzzle out the genetic structure. When we’d done it, we handed our report to the FBI, and they simply said, ‘Thank you. You’ve been a great help.’ We heard almost nothing for five years, which was frustrating at times. We wanted to ask, ‘How did this help?’”

Subsequently, the FBI concluded that only anthrax samples from test tube RMR-1029 at Ft. Detrick had the identical genetic structure with the anthrax powder sent through the U.S. mail. These samples shared the four quirks identified by the University of Maryland computational biology team.

Last month, a team of top scientists assembled by the National Research Council reviewed the FBI’s investigation -- at the FBI’s request. The report found no fault with the science. However, it did challenge the FBI’s interpretation and use of it, concluding, “The scientific link between the letter material and flask RMR-1029 is not as conclusive as stated in the Department of Justice Investigative summary.”

The researchers’ 2001 work, in effect, launched a new field of microbial forensics, the study reports.

“Before the anthrax letter attacks of 2001, the developing field of microbial forensics relied on microbial genotyping schemes based on a small portion of a genome sequence. Amerithrax, the investigation into the anthrax letter attacks, applied high-resolution whole-genome sequencing and comparative genomics….This study demonstrates the forensic value of systematic microbiological analysis combined with whole-genome sequencing and comparative genomics,” according to the PNAS article.

“Ten years ago, the team broke new ground, and in the intervening years we’ve developed this into a standard tool that law enforcement and anti-terror agencies can use on their own,” Salzberg said. “We recently finished a project for the U.S. Department of Homeland Security, producing an online, open-source tool that agencies can download and use to fingerprint microbes used in attacks.”

The tool Salzberg’s team created is called Insignia and is located on the CBCB site to give agencies easy access: http://insignia.cbcb.umd.edu/

The University of Maryland Center for Bioinformatics and Computational Biology is a multidisciplinary center dedicated to research on questions arising from the genome revolution. CBCB brings together scientists and engineers from many fields, including computer science, molecular biology, genomics, genetics, mathematics, statistics, and physics -- and works with many other institutions, including the National Institutes of Health, the University of Maryland Medical School and John's Hopkins University, all sharing a common interest in gaining a better understanding of how life works.

The Center for Bioinformatics and Computational Biology is organized as a center within the University of Maryland Institute for Advanced Computer Studies (UMIACS), an interdisciplinary research institute supporting high-performance computing research across the College Park campus.

Featured

  • CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month

    The Cybersecurity and Infrastructure Security Agency (CISA) recently announced the kickoff of the 20th Cybersecurity Awareness Month. Throughout October, CISA and the National Cybersecurity Alliance (NCA) will focus on ways to “Secure Our World” by educating the public on how to stay safe online. Read Now

  • Cybersecurity Awareness Month: Top Five Action Items to Elevate Your Data Security Posture Management and Secure Your Data

    October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum. Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • XS4 Original+

    XS4 Original+

    The SALTO XS4 Original+ design is based on the same proven housing and mechanical mechanisms of the XS4 Original. The XS4 Original+, however, is embedded with SALTO’s BLUEnet real-time functionality and SVN-Flex capability that enables SALTO stand-alone smart XS4 Original+ locks to update user credentials directly at the door. Compatible with the array of SALTO platform solutions including SALTO Space data-on-card, SALTO KS Keys as a Service cloud-based access solution, and SALTO’s JustIn Mobile technology for digital keys. The XS4 Original+ also includes RFID Mifare DESFire, Bluetooth LE and NFC technology functionality. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3