300 N. Washington St.
Suite B-100
Alexandria, VA 22314

GlobalSecurity.org: National Security Notes

National Security Notes

February 6, 2004

THE FASCINATION WITH RICIN: Common details overlooked  


Twelve years ago Crypt Newsletter came into being, inspired by a need to have something interesting to convey about the Michelangelo computer virus. Through the second half of February of 1992, computer magazines and, more interestingly, daily newspapers were filled with news about the computer virus poised to destroy data on March 6.

Michelangelo was "a mugger hiding in the closet" read one, a claim that was generally representative of the wisdom on the subject.  When March 6 arrived, the mugger turned out to be a mouse. Computers did crash due to Michelangelo infection but not so many that it in any way mandated worldwide media notice.

"Some of us in the press were suckered," admitted one wire service editor after the dust cleared.

Searching for Michelangelo, Crypt Newsletter delved into the dark world of computer viruses and security. As hard as it is to imagine now, computer viruses did not arrive by the clump in your electronic mailbox every day. They were hoarded by anti-virus software developers and teenagers who fancied themselves dangerous techno-wizards.  It actually took a little bit of leg work to build up a good collection of them, unlike today when a decent sampling is hand-delivered to your door in cyberspace.

A few tried to make money off the relative scarcity of computer viruses by selling compact discs filled with them. Advertised as cyber-weapons, prospective buyers were drawn in by claims that Michelangelo and its brethren were such damaging examples of high technology that they might possibly be banned by the U.S. government. Get your electronic terror tools before they're illegal to possess!

Fast-forward to February 2004 and the MyDoom virus as well as a couple of others are in your face if your electronic mail address is public. Two weeks earlier it was the Beagle/Bagel virus and a different assortment.

Computer viruses did not develop into an unceasing rain overnight. A decade plus a couple  is a decent amount of time in which to learn from mistakes and make changes. And there were many opportunities to take forks in the road that would have lessened their presence. Computer viruses could never have been eliminated but -- by the same token -- the electronic infrastructure in which they flourish did not have to built so ignorantly and haphazardly that hundreds of thousands of computers can easily be infected in moments.     

Bad intentions, apathy, ignorance and business expedience always won. Virus-writers, overwhelmingly young men then and now, create them simply because they can, because it is a simple-minded activity, not because they have some special magical knowledge of the ways of computing. That most grow out of the habit makes no difference since there are always an equal number of younger ones growing into it.

Although few remember, at one point computer viruses could not be embedded in your electronic mail. Remarkably, a text message was just that. But Microsoft, by default, fixed it so that it is elementary to send malicious code to strangers, where it can always be expected to activate frequently and unexpectedly.

In a similar vein, there was no compelling reason in the mid-90's why documents made in word processors had to be made fertile for computer viruses.  Security researchers implored Microsoft and the makers of software, in general, not to put useless features into their products which served this purpose. And they were ignored because it was viewed as impedimenta to more business and effective marketing.       The result? On the evening news, the best advice the commentator can offer is to update your anti-virus software. Part in parcel but left unspoken with this "good" advice is the glum fact that, by definition, your updated anti-virus software will fail just as soon as the newest virus hits it. And this has been the regular state of affairs for over a decade.

More "good" advice is the wishful belief that more education will be of benefit. There has never been a failure of education on computer viruses or security problems vis-a-vis computers. As long as this writer can remember, many good people worked tirelessly and often for free, to provide education on the subject. What no one wants to hear is that there is always a significant core of computer users who cannot be reached by any means. Education does nothing to change this; the people who must know about computer viruses to manage the worldwide networks have the knowledge they need. There is no shortage of the resource. In fact, some education could even be curtailed, since it is just a sham for the selling of software or a certification in some process of busy work.

Even more "good" advice comes in the guise of the Department of Homeland Security's "new" bulletins warning of computer trouble. Again, this twists the real world into a pretend one, where everyone is supposed to believe there has been no such thing in the past. For over a decade, once again, there have been a variety of government institutions making bulletins of warning  on computer troubles, viruses and ways to cope with such things.

Paradoxically, the people who write the bulletins have long known, too, they always lose the foot race, arriving in the mailbox behind several copies of the newest mass viruses expounded upon.

In 1992, Crypt Newsletter came into possession of a program called the "Virus Creation Laboratory."  It exported code for mean and simple computer viruses which could be quickly assembled on any home computer. I called one of the stock viruses it produced, "Heevahava," a Pennsylvania Dutch insult used to refer to a dolt or stupid fellow. More vulgarly, it was the name given the person with the job of holding the stud bull's pizzle during semen extraction.

Additionally, I was able to make variants of the virus containing or displaying the message, "Only Heevahava's get [the computer virus]." 

Old Heevahava perfectly symbolizes our road to 2004, a networked world in which we are all stuck holding something we would much rather not be holding at all.    ============

So it's time for a change of direction and some new clothes.  Your old Crypt Newsletter has been rechristened National Security Notes. It's not as clever or unusual sounding but it more accurately reflects its area of interest -- myths, memes, developments and dilemmas in various aspects of national security as they pertain to the war on terror. 

And rather than spend space describing the nature of what NSN will be covering, I thought it would be better to just get down to it.


THE FASCINATION WITH RICIN: Common details overlooked  

There goes the ricin patrol. You've seen them on the front pages of the news, men in plastic suits and respirators, trooping into the Senate building, facing uncertain threats on the new chemical and bioterror battlefield.

Someone has been sending ricin to Senator Bill Frist, the President and the FBI. Ricin is a poison and the mailing of it indicates malice with desire to inflict great harm. It is certainly a matter for authorities to investigate aggressively.

In every news story, we are informed there is no cure for ricin poisoning and that it is one of the deadliest substances known.


However, what you have not been generally told is that ricin has been with human civilization about as long as there has been even semi-organized agriculture.

Ricin is present in the castor bean, the seed of the castor plant. It is estimated that 1 million tons of castor beans are processed every year worldwide for the production of castor oil and related products. Castor oil is a renewable resource which is used as or in lubricants, perfumes, fragrant oils, polymers and many other materials. Crushed castor bean cake, treated to degrade ricin, is used as a fertilizer and agricultural animal feed extender. Untreated castor bean cake is also employed as a feed extender, mixed with another seed meal containing compounds which form complexes with ricin, inactivating it.

Castor beans for the growing of castor plants can be purchased, ten per pack, for about three dollars. Castor beans are thought to contain approximately five percent ricin. By comparison, their oil content is 50 percent.

The consumption of a small number (there is no hard and fast number in the literature) of chewed castor beans -- they must be broken up or the seeds pass through the digestive system intact -- is thought to be enough for a fatal dose in adults. However, according to the Centers for Disease Control, "500 micrograms  of ricin could be enough to kill an adult. A 500-microgram dose of ricin would be about the size of the head of a pin. A greater amount would likely be needed to kill people if the ricin were swallowed." A microgram is one millionth of a gram.

A castor bean weighs between 3.0 and 3.5 grams.  Assuming the smaller number, there are 150,000 micrograms of ricin in one bean. That is enough, according to the CDC figure, to kill three hundred people -- a figure that would be titillating and terrifying in the mainstream news. However, National Security Notes will flatly state it is impossible to make a weapon of mass destruction from one castor bean. 

These numbers are important because while the concentration of ricin in castor beans is significant it is also clear that consumption or exposure to the raw material, castor bean pulp containing ricin, is not at all efficient in producing a poisoning.

If it where, one might expect to have seen a great deal of sickness and fatality associated with the industrial and agricultural milling -- a process which creates dust and rubble from castor plants and beans.  But there is no such footprint. Castor bean mills, however, run throughout the world and have also existed in the United States. For illustrative example, the processing of  one million tons of castor beans would be expected to pass about 45 billion grams of ricin through castor plant mills.

Paradoxically, bioterror test kits used to detect ricin and in use by the government and the military are sensitive enough to detect ricin in one castor seed smashed on a countertop.

Potentially, this makes every facility or person that possesses castor beans or the rubble of them, a positive in the current determinations of bioterror.

Coupled with the fact that their is no knowledge of the actual concentration of ricin identified in news stories, conclusions on the gravity of the problem become difficult. Risk is impossible to assess. The news lends itself only to lurid and worst case scenario descriptions.

Al Qaeda suspects arrested in Britain were said to have ricin. A man from the Pacific Northwest who was accused of wishing to kill his wife was said to possess ricin. Two twentysomething lesbians arrested near San Diego for shoplifting were said to have a bag of ricin, intended for use in murdering the boyfriend of one of them. Another al Qaeda group in Iraq, dispersed by the U.S. military, is alleged to have been making ricin. And ricin was bandied about as one of Saddam Hussein's weapons of mass destruction, part of a package of lore that tripped the invasion of Iraq.

Is it biochemically pure ricin, like the fine chemical supplied by Sigma Pharmaceuticals at about $200 for 5 milligrams? Or is it some simple mixture of ground castor beans that tests positive for ricin in an oversensitive field assay? 

The distinctions are important because they lead to very different conclusions.  The possession of chemically pure ricin can indicate a technical capability -- or the knowledge on how to obtain the substance from a capable third partner -- and a desire for extreme malice -- toward individuals.  Possession of the waste product of castor plants indicates no capability and perhaps only a trivial knowledge of the material furnished by wisdoms passed on through the mass media.

The Fallen Angel, a ricin mailer of keen interest to the FBI, alleges he has access to castor pulp and will, if demands are not met, start "dumping," apparently a reference to the poison. But access to castor beans is not remarkable and the knowledge is not particularly interesting, except as an expression of extreme hostility, without knowing more of the exact nature of the ricin samples being mailed.

There are no calamities resulting from use of ricin as a weapon of mass destruction although it is lumped in with every other noxious thing listed as WMD in the war on terror. No deaths due to ricin inhalation can be found in common literature. No deaths due to eating of pure ricin can be pinpointed; even mishaps regarding handling of castor plant rubble are absent. Only one death, the assassination of Georgi Markov in 1978 -- a very special case, is attributed to pure ricin, injected intramuscularly.

However, the magnifying power of the mainstream media and its modern brevity, which truncate every story on the subject only to a general statement of pressing danger, that ricin is deadly and there is no cure, and that it is a weapon of terrorists, ensure that no frank and sophisticated assessments of the risks posed by it ever take place.      

A common wisdom is that recipes for the isolation of ricin are for anyone's taking on the Internet. It is oft repeated, sometimes with the more recent and very curious statement that ricin is "distilled" from castor beans. Ricin is not a distillate, it is a protein.

National Security Notes has seen no indication "recipes for ricin" downloaded from the Internet are good for much of anything that isn't already done during the agricultural and industrial processing of castor beans. The most linked to "recipe" is a simply an armchair chemist's crude saponification of the oil component of crushed castor beans and an uncomplicated drying procedure.

Scientific purification of ricin down to an electrophoretically uniform protein can be performed by affinity chromatography. This is never mentioned in alleged Internet "recipes for ricin."  Citations pointing to expert peer-reviewed papers on the isolation and characterization of ricin are not difficult to come by if a person knows where to look and knows what they are doing. Yet, none are present in Internet "recipes for ricin." 

Why? Is it because such recipes are provided by run-of-the-mill phonies who wish to appear menacing and knowledgeable about dangerous things which they actually know nothing about. Or is it all a clever disinformation campaign?

Outside the Internet, even formal fact sheets on ricin as a weapon of bioterror are plagued by laughers.

The "Ricin Smart Card" produced by the United States Air Force includes ludicrous information under "Infective Dose." Ricin is not alive and cannot infect anything, but leaving this aside for a moment, ricin's "infective dose" in "drinking water" is said to be 0.1 microgram per liter by the "Ricin Smart Card." A lethal dose requires the drinking of 15 liters of contaminated water, according to the USAF. Not only is the information not consistent with figures on ricin lethality published by the Centers for Disease Control, it asks the reader -- or the emergency responder -- to believe that absurdly drinking fifteen liters of ricin water might be a possibility.  The average person drinks five cups of fluids a day, or about 1.2 liters.

A great deal of current news and information on ricin and its relationship with bioterror falls firmly into the realm of junk.  If it is a tool of bioterror or a WMD, it is a political designation, not a scientific one. Indeed, ricin is terrorizing in that the regular drumbeat of wisdom on it has created an indelible impression of its menace.

The news should continue to be attentive to events concerning the alleged use of ricin. But it also has a responsibility to inform people of how ricin and the castor bean fit into the real world, not just the line of plastic-suited decon squadmen.

Notes: ===========

Ricin, erroneously called a distillate:

1. "Prosecutors suggested [the man] distilled the ricin from castor beans ..." from the Orlando Sentinel.

2. "Ricin (pronounced rye-sin) is readily distilled from castor beans ..." from The Washington Post.

3. "... ricin, a colorless, odorless poison that can be readily distilled ..." from China Daily News.


National Security Notes is edited by George Smith, Ph.D. Smith is a Senior Fellow at GlobalSecurity.org.

copyright 2004