Blog Post - Nuclear Security Matters

ICYMI: Anti-Doping Seals Can be Beaten

June 03, 2016

By Matthew Bunn

The sports world was recently in a tizzy over revelations by the former head of Russia’s anti-doping laboratory – who has now fled the country – that he helped run a massive doping operation and cover-up that contributed to Russia’s impressive haul of medals at the 2014 Olympics.  (Russian officials and athletes denied the charges.)

Many have expressed surprise that the special sealed urine bottles used for testing, believed to be “tamper-proof,” were not – Russian agencies were apparently able to open them and reseal them without the tampering being detected. They shouldn’t have been surprised.  In an article (subscription required) seven years ago, a team examined 23 allegedly tamper-resistant products for collecting urine for drug testing and showed that all could be defeated easily.  Tampering is especially possible when it isn’t the athlete alone trying to beat the system, but a concerted effort that includes insiders in the testing program, as in the alleged Russian case.

In fact, this is just one example of a much more widespread problem.  With sufficient creativity, most types of seals, or tamper-indicating devices (TIDs) can be hacked.  A study of 120 types of seals in common commercial and government use found that all 120 could be defeated in ways that would not be detected by the seal inspection protocols in use. Tampering was possible with materials available from any hardware store, and with defeat times averaging about five minutes.  (That was the time to actually implement the scheme for defeating the seal; the time to figure out a workable scheme was much longer.)  Seals and protocols for using them have improved since then, but the point remains: many seals are more vulnerable than people think, and the implications for nuclear security are even more important than the implications for keeping sports competitions fair.

Indeed, this excessive belief that TIDs are “tamper-proof” (there’s no such thing) is only one element of a still broader problem: putting too much faith in any one security measure always poses a risk.  This is item number five in the “Worst Practices Guide” to insider threats that Scott Sagan and I published in 2014.  Security systems should always be designed so that if any one element is defeated, other elements will still provide effective security.

Unfortunately for the Sochi Olympics, it appears there was a determined effort that defeated several layers of security at the same time, going well beyond the sealed bottles.  This is a reminder never to underestimate the creativity and determination adversaries might bring to bear to get at a high-value target – a sobering lesson for those of us worrying about protecting nuclear weapons and the materials that could be used to make them.

For more information on this publication: Belfer Communications Office
For Academic Citation: ICYMI: Anti-Doping Seals Can be Beaten.” Nuclear Security Matters, June 3, 2016,