The internet mystery that has the world baffled

Welcome to the world of Cicada 3301

By Chris Bell

One evening in January last year, Joel Eriksson, a 34-year-old computer analyst from Uppsala in Sweden, was trawling the web, looking for distraction, when he came across a message on an internet forum. The message was in stark white type, against a black background.

“Hello,” it said. “We are looking for highly intelligent individuals. To find them, we have devised a test. There is a message hidden in this image. Find it, and it will lead you on the road to finding us. We look forward to meeting the few that will make it all the way through. Good luck.”

The message was signed: "3301”.

A self-confessed IT security "freak” and a skilled cryptographer, Eriksson’s interest was immediately piqued. This was – he knew – an example of digital steganography: the concealment of secret information within a digital file. Most often seen in conjunction with image files, a recipient who can work out the code – for example, to alter the colour of every 100th pixel – can retrieve an entirely different image from the randomised background "noise”.

It’s a technique more commonly associated with nefarious ends, such as concealing child pornography. In 2002 it was suggested that al-Qaeda operatives had planned the September 11 attacks via the auction site eBay, by encrypting messages inside digital photographs.

Sleepily – it was late, and he had work in the morning – Eriksson thought he’d try his luck decoding the message from "3301”. After only a few minutes work he’d got somewhere: a reference to "Tiberius Claudius Caesar” and a line of meaningless letters. Joel deduced it might be an embedded "Caesar cipher” – an encryption technique named after Julius Caesar, who used it in private correspondence. It replaces characters by a letter a certain number of positions down the alphabet. As Claudius was the fourth emperor, it suggested "four” might be important – and lo, within minutes, Eriksson found another web address buried in the image’s code.

Feeling satisfied, he clicked the link.

It was a picture of a duck with the message: "Woops! Just decoys this way. Looks like you can’t guess how to get the message out.”

"If something is too easy or too routine, I quickly lose interest,” says Eriksson. "But it seemed like the challenge was a bit harder than a Caesar cipher after all. I was hooked.”

Eriksson didn’t realise it then, but he was embarking on one of the internet’s most enduring puzzles; a scavenger hunt that has led thousands of competitors across the web, down telephone lines, out to several physical locations around the globe, and into unchartered areas of the "darknet”. So far, the hunt has required a knowledge of number theory, philosophy and classical music. An interest in both cyberpunk literature and the Victorian occult has also come in handy as has an understanding of Mayan numerology.

It has also featured a poem, a tuneless guitar ditty, a femme fatale called "Wind” who may, or may not, exist in real life, and a clue on a lamp post in Hawaii. Only one thing is certain: as it stands, no one is entirely sure what the challenge – known as Cicada 3301 – is all about or who is behind it. Depending on who you listen to, it’s either a mysterious secret society, a statement by a new political think tank, or an arcane recruitment drive by some quasi-military body. Which means, of course, everyone thinks it’s the CIA.

For some, it’s just a fun game, like a more complicated Sudoku; for others, it has become an obsession. Almost two years on, Eriksson is still trying to work out what it means for him. "It is, ultimately, a battle of the brains,” he says. "And I have always had a hard time resisting a challenge.”

On the night of January 5 2012, after reading the "decoy” message from the duck, Eriksson began to tinker with other variables.

Taking the duck’s mockery as a literal clue, Eriksson decided to run it through a decryption program called OutGuess. Success: another hidden message, this time linking to another messageboard on the massively popular news forum Reddit. Here, encrypted lines from a book were being posted every few hours. But there were also strange symbols comprising of several lines and dots – Mayan numbers, Eriksson realised. And duly translated, they led to another cipher.

Up until now, Eriksson would admit, none of the puzzles had really required any advanced skills, or suggested anything other than a single anonymous riddle-poser having some fun. "But then it all changed,” says Eriksson. "And things started getting interesting.”

Suddenly, the encryption techniques jumped up a gear. And the puzzles themselves mutated in several different directions: hexadecimal characters, reverse-engineering, prime numbers. Pictures of the cicada insect – reminiscent of the moth imagery in Thomas Harris’s The Silence of the Lambs – became a common motif.

"I knew cicadas only emerge every prime number of years – 13, or 17 – to avoid synchronising with the life cycles of their predators,” says Eriksson. "It was all starting to fit together.” The references became more arcane too. The book, for example, turned out to be "The Lady of the Fountain”, a poem about King Arthur taken from The Mabinogion, a collection of pre-Christian medieval Welsh manuscripts.

Later, the puzzle would lead him to the cyberpunk writer William Gibson – specifically his 1992 poem "Agrippa” (a book of the dead), infamous for the fact that it was only published on a 3.5in floppy disk, andwas programmed to erase itself after being read once. But as word spread across the web, thousands of amateur codebreakers joined the hunt for clues. Armies of users of 4chan, the anarchic internet forum where the first Cicada message is thought to have appeared, pooled their collective intelligence – and endless free time – to crack the puzzles.

Within hours they’d decoded "The Lady of the Fountain”. The new message, however, was another surprise: "Call us,” it read, "at telephone number 214-390-9608”. By this point, only a few days after the original image was posted, Eriksson had taken time off work to join the pursuit full time.

"This was definitely an unexpected turn,” he recalls. "And the first hint that this might not just be the work of a random internet troll.” Although now disconnected, the phone line was based in Texas, and led to an answering machine. There, a robotic voice told them to find the prime numbers in the original image. By multiplying them together, the solvers found a new prime and a new website: 845145127.com. A countdown clock and a huge picture of a cicada confirmed they were on the right path.

"It was thrilling, breathtaking by now,” says Eriksson. "This shared feeling of discovery was immense. But the plot was about to thicken even more.” Once the countdown reached zero, at 5pm GMT on January 9, it showed 14 GPS coordinates around the world: locations in Warsaw, Paris, Seattle, Seoul, Arizona, California, New Orleans, Miami, Hawaii and Sydney. Sat in Sweden, Eriksson waited as, around the globe, amateur solvers left their apartments to investigate. And, one by one reported what they’d found: a poster, attached to a lamp post, bearing the cicada image and a QR code (the black-and-white bar code often seen on adverts these days and designed to take you to a website via your smartphone).

"It was exhilarating,” said Eriksson. "I was suddenly aware of how much effort they must have been putting into creating this kind of challenge.” For the growing Cicada community, it was explosive – proof this wasn’t merely some clever neckbeard in a basement winding people up, but actually a global organisation of talented people. But who?

Speculation had been rife since the image first appeared. Some thought Cicada might merely be a PR stunt; a particularly labyrinthine Alternate Reality Game (ARG) built by a corporation to ultimately – and disappointingly – promote a new movie or car.

Microsoft, for example, had enjoyed huge success with their critically acclaimed "I Love Bees” ARG campaign. Designed to promote the Xbox game Halo 2 in 2004, it used random payphones worldwide to broadcast a War of the Worlds-style radio drama that players would have to solve.

But there were complicating factors to Cicada. For one, the organisers were actively working against the participants. One "solver”, a female known only as Wind from Michigan, contributed to the quest on several messageboards before the community spotted she was deliberately disseminating false clues. Other interference was more pointed. One long, cautionary diatribe, left anonymously on the website Pastebin, claimed to be from an ex-Cicada member – a non-English military officer recruited to the organisation "by a superior”. Cicada, he said, "was a Left-Hand Path religion disguised as a progressive scientific organisation” – comprising of "military officers, diplomats, and academics who were dissatisfied with the direction of the world”. Their plan, the writer claimed, was to transform humanity into the Nietzschen Übermensch.

"This is a dangerous organisation,” he concluded, "their ways are nefarious.” With no other clues, it was also asssumed by many to be a recruitment drive by the CIA, MI6 or America’s National Security Agency (NSA), as part of a search for highly talented cryptologists. It wouldn’t have been the first time such tactics had been used.

Back in 2010, for example, Air Force Cyber Command – the United States’ hacking defence force, based at Fort Meade in Maryland – secretly embedded a complex hexadecimal code in their new logo. Cybercom head Lt Gen Keith Alexander then challenged the world’s amateur analysts to crack it (it took them three hours). And in September this year,GCHQ launched the "Can You Find It?” initiative – a series of cryptic codes designed to root out the best British cryptographers. As GCHQ’s head of resourcing Jane Jones said at the time, "It’s a puzzle but it’s also a serious test – the jobs on offer here are vital to protecting national security.”

Dr Jim Gillogly, former president of the American Cryptogram Association, has been cracking similar codes for years and says it’s a tried and tested recruitment tactic.

"During the Second World War, the top-secret Government Code and Cypher School used crossword puzzles printed in The Daily Telegraph to identify good candidates for Bletchley Park,” he says. "But I’m not sure the CIA or NSA is behind Cicada. Both are careful with security, the recent Snowden case notwithstanding. And starting the puzzle on [the anarchic internet forum] 4chan might attract people with less respect for authority than they would want working inside.”

But that doesn’t rule out other organisations. "Computer and data security is more important than ever today,” says Dr Gillogly. The proliferation of wireless devices, mobile telephones, e-commerce websites like Amazon and chip-and-pin machines, means the demand for cryptologists has never been higher. (Something the UK government acknowledged last year when it announced it was setting up 11 academic "centres of excellence” in cyber security research.)

"One of the more important components of security systems is the efficacy of the cryptography being used,” says Dr Gillogly. "Which means cryptanalysts are in higher demand than ever before - no longer just with the intelligence services. It could just as easily be a bank or software company [behind Cicada].”

Eriksson himself agrees. As a regular speaker at Black Hat Briefings – the secretive computer security conferences where government agencies and corporations get advice from hackers – he knows certain organisations occasionally go "fishing” for new recruits like this. But to him the signs point to a recruitment drive by a hacker group like Anonymous.

"I can’t help but notice,” he says, "that the locations in question are all places with some of the most talented hackers and IT security researchers in the world.” Either way, their identity would prove irrelevant. When the QR codes left on the lamp posts were decoded, a hidden message pointed the solvers towards a TOR address. TOR, short for The Onion Router, is an obscure routing network that allows anonymous access to the "darknet” – the vast, murky portion of the internet that cannot be indexed by standard search engines. Estimated to be 5,000 times larger that the "surface" web, it’s in these recesses where you’ll find human-trafficking rings, black market drug markets and terrorist networks. And it’s here where the Cicada path ended.

After a designated number of solvers visited the address, the website shut down with a terse message: "We want the best, not the followers." The chosen few received personal emails – detailing what, none have said, although one solver heard they were now being asked to solve puzzles in private. Eriksson, however, was not among them. "It was my biggest anticlimax – when I was too late to register my email at the TOR hidden service," he says. "If my sleep-wake cycle had been different, I believe I would have been among the first." Regardless, a few weeks later, a new message from Cicada was posted on Reddit. It read: "Hello. We have now found the individuals we sought. Thus our month-long journey ends. For now." All too abruptly for thousands of intrigued solvers, it had gone quiet.

Except no. On January 4 this year, something new. A fresh image, with a new message in the same white text: "Hello again. Our search for intelligent individuals now continues." Analysis of the image would reveal another poem – this time from the book Liber Al Vel Legis, a religious doctrine by the English occultist and magician Aleister Crowley. From there, the solvers downloaded a 130Mb file containing thousands of prime numbers. And also an MP3 file: a song called The Instar Emergence by the artist 3301, which begins with the sound of – guess what – cicadas.

Analysis of that has since led to a Twitter account pumping out random numbers, which in turn produced a "gematria": an ancient Hebrew code table, but this time based on Anglo-Saxon runes. This pointed the solvers back into the darknet, where they found seven new physical locations, from Dallas to Moscow to Okinawa, and more clues. But that’s where, once again, the trail has gone cold. Another select group of "first solvers" have been accepted into a new "private" puzzle – this time, say reports, a kind of Myers-Briggs multiple-choice personality test.

But still, we are no closer to knowing the source, or fundamental purpose, of Cicada 3301. "That’s the beauty of it though," says Eriksson. "It is impossible to know for sure until you have solved it all." That is why for him, and thousands of other hooked enthusiasts, January 4 2014 is so important: that’s when the next set of riddles is due to begin again. "Maybe all will be revealed then," he grins. "But somehow, I doubt it.