This article was co-published with The Washington Post and the Texas Tribune.
The clandestine group’s goal was clear: Obtain the building blocks of a so-called radioactive “dirty bomb” – capable of poisoning a major city for a year or more – by openly purchasing the raw ingredients from authorized sellers inside the United States.
It should have been hard. The purchase of lethal radioactive materials – even modestly dangerous ones – requires a license from the Nuclear Regulatory Commission, a measure meant to keep them away from terrorists. Applicants must demonstrate they have a legitimate need and understand the NRC’s safety standards, and pass an on-site inspection of their equipment and storage.
But this secret group of fewer than 10 people – formed in April 2014 in North Dakota, Texas, and Michigan – discovered that getting a license and then ordering enough materials to make a “dirty bomb” was strikingly simple in one of their three tries. Sellers were preparing shipments that together were enough to poison a city center when the operation was shut down.
The team’s members could have been anyone – a terrorist outfit, emissaries of a rival government, domestic extremists. In fact, they were undercover bureaucrats with the investigative arm of Congress. And they’d pulled off the same stunt nine years before. Their fresh success has set off new alarms among some lawmakers and officials in Washington about risks that terrorists inside the United States could undertake a “dirty bomb” attack.
Here’s how they did it: In Dallas, Texas, they incorporated a shell company they never intended to run and rented office space in a nondescript industrial park, merely to create an address for the license application. In a spot on the form where they were supposed to identify their safety officer, they made up a name and attached a fake resume. They claimed to need the material to power an industrial gauge used in oil and gas exploration.
Last year, their application was sent not to Washington but to Texas regulators, who had been deputized by the NRC to grant licenses without federal review. When the state’s inspector visited the fake office, he saw it was empty and had no security precautions. But members of the group assured him that once they had a license, they would be able to make the security and safety improvements.
So the inspector, who always carried licenses with him, handed them one on the spot.
The two-page Texas document authorized the company to buy the sealed radioactive material in an amount smaller than needed for any nefarious purpose. But no copies were required to be kept in a readily-accessible, government database. So after using the license to place one order, the team simply made a digital copy and changed the permitted quantities, enabling it to place a new order with another seller for twice the original amount.
“I wouldn’t call what we did very sophisticated,” Ned Woodward, the mastermind of the Government Accountability Office’s plot, said in a phone interview with the Center for Public Integrity. “There was nothing we had done to improve that site to make it appear as if it were an ongoing business.”
In 2007, Woodward’s colleagues in the GAO similarly set up fake businesses, got licenses to purchase low-level radioactive material and altered them to buy larger quantities. The NRC promised “immediate action to address the weaknesses we identified,” according to the GAO’s report on that incident.
The auditors’ aim this time around was to see if the government had cleaned up its act, and taken steps to close some simple gateways to obtaining the ingredients for a dirty bomb.
It turns out, the government had not.