ELI40

Who is Cicada 3301?

Page 5: Global - Entering the real world

The previous clue deciphered to a phone number in Texas. Back in 2012, anybody who called that phone number received a recorded message:

Very good. You have done well. There are three prime numbers associated with the original final.jpg image. 3301 is one of them. You will have to find the other two. Multiply all three of these numbers together and add a .com on the end to find the next step. Good luck. Goodbye.



Find our symbol at the location nearest you:
52.216802,21.018334
48.85057059876962,2.406892329454422
48.85030144151387,2.407538741827011
47.664196,-122.313301
47.637520,-122.346277
47.622993,-122.312576
37.577070, 126.813122
37.5196666666667,126.995
36.0665472222222,-94.1726416666667
33.966808,-117.650488
29.909098706850486-89.99312818050384
25.684702,-80.441289
21.584069,-158.104211
-33.90281,151.18421

A replica of the website from the phone message: 845145127.com

This clue is easy. The dimensions of the original image are 509 x 503. Those are both prime numbers. That's an awfully big coincidence for an image that could have been any size. Multiplying all three primes together we get 845,145,127.

Don't bother going to 845145127.com now, it has long since been deactivated. If you had visited the site in early January 2012 you would have found an image of a cicada and a countdown timer. Running Outguess on the cicada picture revealed yet another digitally signed message:

You have done well to come this far.

Patience is a virtue.

Check back at 17:00 on Monday, 9 January 2012 UTC.

3301

The original image that started it all was posted to 4chan on Wednesday, 4 January 2012. The countdown timer on this website expired on the following Monday, 9 January 2012. The five-day gap between the two events included a weekend. Presumably this delay was designed to give people a chance to discover the puzzle and latecomers a chance to catch up. After all, most people don't cruise 4chan/b on a daily basis, some people have jobs and families and stuff.

The countdown timer expired at 17:00 UTC which is 11am in Texas. That seems like a perfectly reasonable time for a college sophomore on Christmas break to roll out of bed and restart the puzzle. This fits well with our previous assumption that Cicada 3301 is a small group of young adults in the United States but as we're about to see, that assumption couldn't be more wrong.

cicada 3301 map
  • Oleandrów 6, 01-001 Warsaw, Poland
  • 89-91 Rue de la Plaine, 75020 Paris, France
  • 36 Rue des Maraîchers, 75020 Paris, France
  • 4739 University Way NE, Seattle, WA 98105, USA
  • 514 Crockett St, Seattle, WA 98109, USA
  • 428 15th Ave E, Seattle, WA 98112, USA
  • South Korea, Seoul, Gangseo-gu, Banghwa-dong, 830-8
  • South Korea, Seoul, Yongsan-gu, Seobinggo-dong, 287-1
  • 853-899 W Dickson St, Fayetteville, AR 72701, USA
  • 15717-15735 Euclid Ave, Chino, CA 91708, USA
  • State Highway 407, New Orleans, LA 70131, USA
  • 8718-8798 SW 152nd Ave, Miami, FL 33193, USA
  • 66-420 Kamehameha Hwy, Haleiwa, HI 96712, USA
  • 143 George St, Erskineville NSW 2043, Australia

cicada 3301 poster

When the countdown timer reached zero, it was replaced by a list of 14 GPS coordinates. Mapping the coordinates shows that they are spread across the planet. Eight are in the U.S. but the other six are not. Other than always being in a major city, there's no obvious pattern. At least there was no pattern until people started to visit the locations in person.

Each location had a flimsy paper poster with a printed image of a cicada and a QR code. These posters were in public locations, such as taped to utility poles. The temporary nature of such posters means the puzzle's creators must have visited every location recently, like maybe over the weekend. While it's theoretically possible that a small group with a big budget could travel to all these locations, doing so successfully would be exceedingly difficult. It's more likely that Cicada 3301 has an agent, for lack of a better term, at each of the locations.

This changes everything. No longer is this within the realm of the typical college sophomore or a neckbeard in Mommy's basement, this kind of global access requires a much larger organization, an international organization.

A government agency like the NSA could theoretically do this, as could any large corporation. That doesn't seem likely though. Getting budget approval for a billboard is one thing, it's something else entirely to get approval for visiting fourteen diverse locations across the globe for a single piece of an unorthodox recruitment puzzle.

Secretive agency or not, the NSA and FBI still have management hierarchies, budget constraints and endless meetings just like any other large bureaucracy. It seems unlikely that any conventional organization, government or private sector, would be using 4chan, Reddit, medieval folklore and copyrighted stereograms from a privately owned website as recruiting tools. I've held a military security clearance and worked for large corporations. In my experience, they couldn't do stuff like this even if they wanted to. It simply doesn't work that way.

neckbeard
Could Comic Book Guy from The Simpsons manage to coordinate a global group of hackers?

On the other hand, it's also difficult to imagine an individual or small group of friends pulling this off. Although, things start to look a little less impressive when inspecting the map more carefully. There are really only four distinct locations outside the U.S. and only six inside the U.S. Out of all those locations, most are suspiciously close to universities. In some cases, the posters could be watched from nearby dorm room windows.

Still, this is a lot of coordination for students who are just playing a game, almost too much coordination, even if it was during Christmas break. And if this is some kind of secret, multi-campus, nerd-club recruiting new members, then why aren't there more technical universities represented? The secret club has members in Sydney, Seoul and Warsaw but none at MIT, Cornell or Cambridge? Why is there a poster in Chino but nothing at Caltech or UCLA? Was the 45-minute bus ride to Pasadena too far? Does the secret club want to recruit "highly intelligent individuals" but not too intelligent? That doesn't make sense.

At this point it's safe to say that things are beyond the scope of typical hobbyists but not at the level of an established government agency or multinational corporation. What seems most likely is a multinational group of hackers. It's scary to imagine a coordinated group of hackers who operate on a global scale but such groups definitely exist.

Cicada 3301 isn't necessarily malicious hackers trying to break into your bank account. If they were, then drawing attention to themselves with a puzzle like this might not have been the wisest decision on their part. It's more likely that this is a group of enthusiasts. Maybe they're crypto-anarchists who have an interest in things like PGP encryption, Tor servers and Ubuntu steganography tools. Indeed, as we continue with the next clue we are led straight into what is commonly called the Darknet, a favorite playground of malicious criminals, harmless hacker types, and ordinary people looking for illegal drugs, obscure porn or free music.


Inspector Gadget
"This message will self-destruct in 30 seconds."

Undaunted by the prospect of the posted locations being under surveillance, or so eager they didn't care, intrepid puzzle solvers quickly explored the various areas. When they found the posters some of them took pictures and uploaded them to the Internet where they could be discussed and analyzed.

Each poster contained a QR code. A QR code is like a bar code except it can contain slightly more data. It's not enough data for a long message or even a decent sentence, it's just enough for a website URL. Indeed, the QR codes on the posters were links to images which, again, contained digitally signed messages. These messages were book codes, shown below, but this time the titles of the books needed to decode the messages were hidden in vague riddles.

The riddle about the 29 volume Mabinogion was traced to the collection of King Arthur stories that contain the "Lady of the Fountain" tale seen previously. The riddle about "fading death, named for a king" was traced to a poem called "Agrippa (A Book of the Dead)" by William Gibson. The Gibson poem was originally distributed in 1992 on floppy disks that were programmed to encrypt themselves after a single use. Maybe this is a hint that the next message is going to disappear soon. It's like Inspector Gadget's next assignment self-destructing after he reads it.

You've shared too much to this point. We want the best, not the followers. Thus, the first few there will receive the prize.
In twenty-nine volumes, knowledge was once contained.
How many lines of the code remained when the Mabinogion paused?
Go that far in from the beginning and find my first name.

1:29
6:46
the product of the first two primes
2:37
14:41
17:3
27:40
the first prime
2:33
1:1
7:45
17:29
21:31
12:17
the product of the first two primes
22:42
15:18
24:33
27:46
12:29
25:66
7:47

You've shared too much to this point. We want the best,
not the followers. Thus, the first few there will receive
the prize.

Good luck.

3301
A poem of fading death, named for a king
Meant to be read only once and vanish
Alas, it could not remain unseen.

1:5
152:24
the product of the first two primes
14:13
7:36
12:10
7:16
24:3
271:22
10:7
13:28
12:7
86:17
93:14
the product of the first two primes
16:7
96:4
19:13
47:2
71:22
75:9
77:4

You've shared too much to this point. We want the best,
not the followers. Thus, the first few there will receive
the prize.

Good luck.

3301

Decoding either book code led to a Tor link, sq6wmgv2zcsrix6t.onion, which provided a place to enter an email address and the following message:

Congratulations!

Please create a new email address with a public, free web-based service. One you've never used before, and enter it below. We recommend you do this while still using Tor, for anonymity.

We will email you a number within the next few days (in order in which you arrived at this page). Once you've received it, come back to this page and append a slash and then the number you received to this url.

3301

Visiting the .onion site isn't inherently dangerous. In many ways it's safer than visiting a typical, non-anonymous, public website. What using a Tor service does is set a precedent, the same way recommending a new, anonymous email sets a precedent. Switching to Tor and anonymous email implies that privacy is important.

Malicious hackers don't usually remind potential victims that they should protect themselves so it's probably safe to proceed. Still, that doesn't explain why privacy is suddenly important. Could this be leading to illegal activity? Is this is another test, a way of making sure that potential participants understand this part of the Internet? Is this some kind of moral statement? Or is this simply another way of building intrigue?

We may never know why anonymity was recommended because this is where the trail goes cold. The Tor site and the website with the GPS coordinates didn't stay active for long. After an undetermined number of email addresses were entered, both sites were taken down. Latecomers were no longer welcome.

Each person who has come this far has received a unique message encrypted with a unique key. You are not to collaborate. Sharing your message or key will result in not receiving the next step.

Up until this point, clues were being openly posted and discussed on public forums, IRC and message boards. As is common in such communities, a few individuals stood out as being more active than most. It seems likely that these individuals were the first to enter their emails at the Tor side but nobody knows for sure because they suddenly went silent. Not only did they stop contributing new ideas, they stopped posting altogether, as if they had disappeared completely.

There is some speculation that the next clue was hidden in a MIDI song but the details are sparse and confusing because nobody has ever come forward with clear, complete, verifiable evidence. This sudden silence makes it tempting to think that nobody made it to the end. That seemed to be the case until Cicada 3301 posted the Valēte message on their subreddit stating that they found the individuals they sought. If that's true then someone must have made it to the end. The question is, why haven't they said anything?

As mentioned previously, there are many possible explanations for the bizarre silence. Maybe the first rule of the secret club is to not talk about the secret club. More likely, some or all of the publicly active puzzle solvers were actually Cicada 3301 members in disguise. They would offer little nudges as necessary but once the puzzle turned private, they simply stopped posting. This is easy to do in IRC and online forums such as 4chan where anonymous users are constantly appearing, disappearing, and switching usernames to suit their mood.

Still, out of the actual puzzle solvers that made it to the end, why haven't any of them come forward to brag about their accomplishment? Several people have made claims about what happened next but they always remove the digital signatures so it's impossible to verify their claims. This would make sense if they were protecting their real-world identity but if they had used an anonymous email as advised then they should have nothing to fear. Even if Cicada 3301 knew which anonymous identity leaked the secret, why not wait until the puzzle was done then reveal everything? What did Cicada 3301 do to convince these people to stay quiet?

Even more intriguing is that this isn't the end, it is just the beginning.