ELI40

Who is Cicada 3301?

Page 6: Again - Another chance in 2013

Cicada 3301 2013

On January 5th 2013, another Cicada 3301 puzzle was started on 4chan. The image was similar to previous clues, requiring Outguess to extract a digitally signed message with a book code which used yet another obscure text. This time the sacred text was The Book of Law by Aleister Crowley.

At first glance, this book seems to be three chapters (a trinity) of babbling from a not-quite-sane zealot in Cairo in 1904. The author, Crowley, claimed the entire book was dictated to him between noon and 1pm on three consecutive days by a shadowy presence called Aiwass. Crowley then spent the rest of his life interpreting, developing, and teaching what had been revealed to him. He joined the German O.T.O. branch of Freemasons which he eventually reformed to his own beliefs.

Egyptian stele front Egyptian stele back
Crowley's epiphany started with this ancient Egyptian stele.

The Book of Law is categorized as New Age & Spirituality. This is appropriate since the book focuses on spiritual advice such as "Do what thou wilt shall be the whole of the Law" (AL I:40, greeting) and "Love is the law, love under will" (AL I:57, response). Some may consider the book incoherent babbling while others have found it to have great meaning. Crowley is considered the Prophet of the New Æon of Horus and founder of the spiritual philosophy known as Thelema which is a Greek word for "will" and a reflection of their primary tenant: "Do what thou wilt."

Over time it has become increasingly clear that Cicada 3301 and Thelema share some common beliefs. Both organizations value free will and individuality. Both organizations are against interfering with others. Both organizations value privacy to the point that members remain anonymous, even among other members. There is also a sense of self, similar to Nietzsche's Übermensch, that values knowledge and perspective as a way to achieve transcendence.

While it's possible that the organizations are linked, there is no hard evidence either way. Maybe this is just another literary reference, like the King Arthur story used in 2012. Even if these references were chosen for their ideology, understanding them is secondary because solving the Cicada 3301 puzzles relies more on technical skills than literary knowledge.

Deciphering the book code led to a Dropbox file that was a bootable ISO image. An ISO image is basically a copy of a CD or DVD. It is often used by IT professionals as a quick way of restoring backups or formatting identical computers. It's not that complicated but also not something the average person uses regularly. If Cicada 3301 was a bunch of auto mechanics, instead of using an ISO image this step might require a torque wrench, gear puller or compression gauge. They're all simple tools, if you're a mechanic.

Cicada 3301 gematria primus
This "secret decoder ring" is used to convert ancient Anglo-Saxon runes to letters and prime numbers.

The ISO image contained several clues, including a video with prime numbers and a guitar recording with another embedded riddle. The clues go on and on like this. Some of the steps are rather simple for anybody with technical experience, other steps seem utterly impossible until some random, anonymous person miraculously presents an answer.

For example, at one point everyone was stumped until someone spontaneously discovered twitter.com/1231507051321, a random Twitter account that was streaming hexadecimal numbers. Then everyone was stumped again until someone spontaneously decided to XOR the hexadecimal numbers from Twitter with the music file on the ISO image. These giant deductive leaps seem unlikely. It's more likely that Cicada provided anonymous hints when the public couldn't figure out their obscure clues.

Whatever the case, the XOR operation produced a .jpg file titled Gematria Primus which translates Anglo-Saxon runes to letters and corresponding prime numbers. This image, of course, also contained a digitally signed message extractable with Outguess. The message appeared blank but was actually spaces and tabs which could be translated to binary then to ASCII to reveal another .onion address.

The Tor site didn't do much until someone tried connecting to it with Telnet. If you've never used Telnet, you're not alone. It was more common back in the days before fancy things like the world wide web, color monitors and computer mice. Now Telnet is mostly used by network administrators when they need to remotely log into a server and use the command-line interface. The use of Telnet is a strong indicator of the type of expertise that created the Cicada 3301 puzzle and the type of expertise they're looking for.

The first Tor site led to a second Tor site but apparently that second Tor site wasn't quite ready yet. When someone logged into it with Telnet, it returned an error message with the VPS address. Even though Tor is supposed to be anonymous, mistakes like this can potentially reveal the site owner's true identity or allow hackers to break into the server. Shortly after the mistake was discovered, the Tor site went offline.

knock on the sky and listen to the sound

When the site eventually returned, the puzzle continued with a hint to ping the server. If you're a gamer or a network geek, you're probably familiar with the concept of a network ping. Basically, a ping is a way to poke a server and see if it responds. Most servers respond to a ping message way down at the L3 layer which means it's a good way to measure the network delay without needing any significant server resources. It's kind of like yelling "Marco" then listening for the automatic "Polo" response. It tells you if someone is there and roughly how far away they are.

Network pings normally contain only a generic reply. In this case, each ping also contained a tiny bit of data. Combining all this data created another "Well done. You have come far" message which led to yet another Tor site. This site returned seven latitude/longitude coordinates.

Cicada 3301 map
  • Portland, Oregon
  • Dallas, Texas
  • Little Rock, Arkansas
  • Columbus, Georgia
  • Annapolis, Maryland
  • Moscow, Russia
  • Okinawa, Japan

The Test

Imagine that it's early January 2013. You heard about the 2012 puzzle but you were too late to participate. This time, when the first clue appeared on 4chan, you immediately turned off your phone, locked your door and put on a pot of coffee. You've had very little sleep since then because you're determined to solve this year's puzzle for yourself.

Well, that was your original plan but solving the clues yourself has been frustratingly difficult. Several of the clues seemed impossible until someone else posted an answer on the Internet. You've managed to solve a couple of the easy clues yourself but as soon as you checked the Internet again, you discovered that others had solved the clue faster than you did and were zooming ahead.

Just like last year, this year's puzzle included some global coordinates. Unfortunately, you don't live near any of the coordinates. It feels so unfair that this clue is based on lucky geography rather than any kind of skill. With no other choice, you scour all the various message boards and IRC channels, hoping others will go to the locations and share what they find.

It takes awhile but eventually someone uploads a picture. Sure enough, they found a paper poster taped to a utility pole just like last year. This time though, instead of a QR code, the poster has a phone number and a two-letter access code. After wondering briefly if pay phones exist any more, you decide to risk it and call from your own phone.

Busy signal.

It takes a couple tries until you finally get though. Just like last year, it's a recorded message but this time it asks for the access code. No problem, you still have the picture up on your screen so you type in the two letter code. To your dismay, it doesn't work.

Last year, shortly after the global coordinates appeared, the entire puzzle switched to the private portion and latecomers were locked out. If you don't figure out this clue quickly, you might miss out. You frantically head back to the Internet where you discover that a few people in the chat rooms are claiming they got through. One of the claims is so ridiculous that it's obviously a young kid making up lies. Another claim looks real but doesn't offer much information. The alleged response is nothing but a bunch of hexadecimal numbers that don't make any sense.

As time goes on, more pictures are uploaded and it becomes obvious that each location's poster has a different phone number and access code. The phone numbers all end with 3301 or 1033. The area codes don't seem to have any correlation with their corresponding poster, the phone numbers are for random places around the U.S.

Imagine the effort it took to activate that many dedicated phone numbers. Setting up seven different phone numbers in seven different area codes couldn't have been easy. Someone exerted significant effort to do this. Creating phone numbers like this would cost money which means there might be traceable payment records somewhere. Unless of course this was done by a telephone company employee or someone with similar access. You wonder if *67 blocks caller id for everyone, including the phone company. If they have your phone number now, do they also have your name and address? Maybe calling from your own phone was a bad idea.

Eventually someone claims they figured out how to decrypt the various phone messages. Apparently, several of the phone messages needed to be called in order to piece together the next clue. The anonymous poster includes a brief, poorly written explanation and a Tor address. There's no time to try to figure out what in the heck he's talking about so instead of verifying the answer for yourself, you simply race off to the Tor site where you are asked for an email address.

Congratulations. You have done well to come this far.

You seem to have made it to the private portion of the puzzle. Whew, that was close. It turns out that you didn't need to be good at solving puzzles, you didn't need any esoteric technical skills and you didn't even need to know much about Cicada 3301. All you had to do was be at the right place at the right time.

2013 ended the same as 2012, with nobody knowing for sure what happened next. There are claims but most are clearly fraudulent. A few claims look credible but the digital signatures were removed so it's impossible to know for sure if they're authentic.

Why were the digital signatures removed from these claims? Between the use of Tor and anonymous emails, Cicada 3301 should have no way of connecting the leaked material with a real-world identity. So why is there no reliable information about what happened next?

If you had been there in January 2013, would you have entered your email address? If so, you can enter it below. What comes next may not be 100% accurate, since nobody knows for sure what happened, but it's probably close. Don't worry, I promise this won't summon any ninja-pirate-hackers or cause secret government agencies to come knocking at your door. I promise that entering your email will not install nefarious software that erases your hard drive or steals your bank account passwords. I also promise that I hate spam as much as you do, if not more, so your email is safe here. Of course Cicada 3301 made no such promises. If this next part bothers you, blame them, not me. What follows is a semi-accurate reacreation of the original puzzle, typos and all.

If you'd prefer to skip this particular rabbit hole, no problem, the story continues on the next page.