Two years ago, a cryptic message started appearing on message boards across the Internet. Claiming to seek "highly intelligent individuals," the Cicada 3301 puzzle challenged visitors to find a secret message hidden in the image that accompanied it. Just what is Cicada 3301? And what happens to those that solve the puzzle? To find out, we talked to the man who solved it.
When it showed up on January 4, 2012 the mysterious image contained a simple message in white text on a black background:
“Hello. We are looking for highly intelligent individuals. To find them, we have devised a test. There is a message hidden in the image. Find it, and it will lead you on the road to finding us. We look forward to meeting the few who will make it all the way through. Good luck.”
It was signed “3301.”
And so began the hunt to solve the mysterious Cicada 3301 puzzle, one that recurs each year and has left cryptoanalysts and hackers scratching their heads.
Joel Eriksson is one of the few known people to have actually solved it since the first challenge appeared online.
“I stumbled upon it on one of the image boards the first image was posted to in 2012," says Eriksson, a 34-year-old cryptosecurity researcher and developer from Sweden. "Unfortunately, I didn't see it until some time after it was originally posted, and thus had some catching up to do,” Eriksson says. “Initially, I just thought it would be a nice little brainteaser. I've always been interested in anything that can challenge me, and I never give up. In the case of Cicada, the puzzle in question turned out to be a lot more than I thought it would be when I started it.”
Tackling the puzzle would lead Eriksson to rely on a host of skills from steganography to cryptography, to an understanding of ancient Mayan numerology and a familiarity with cyberpunk speculative fiction. As he worked his way from solving one piece of the puzzle to the next, the journey would lead him to discover that the answers lay not just in the digital domain, but in the real world: From clues left on the voicemail of a Texas telephone number to flyers taped to telephone poles in 14 cities around the world. The quest would ultimately return to the deepest layers of the digital world: the dark web.
To understand how hard Cicada is, one only needs to look at the complexity of each clue that leads to successive parts of the puzzle--all which need to be completed in order to solve the Cicada mystery.
From the first image that was posted, Eriksson used steganography software to extract a message encoded with a shift cipher, where each letter of the text actually corresponds to another letter. Once he decoded the cypher, it revealed a URL where another image of a duck was posted. Here, he used steganography tools to reveal a hidden book code of a list of two numbers separated by a colon. The book code led to a Reddit URL with Mayan numerals on the top of the page. Eriksson noticed that several posts by a user using a pseudonym seemed to consist of encoded text. This text was the “book” the book code could be used to decode. But to find the cypher he needed to find the key first, which he gleaned from translating the Mayan numerals.
The now decoded text of the anonymous Reddit user’s postings revealed two images, both of which Eriksson used steganography tools on to find hidden messages with riddles inside them. The answer to these riddles were strings of digits that was a phone number in Texas. Calling the phone number led to a voicemail that read, “Very good. You have done well. There are three prime numbers associated with the original final.jpg image. 3301 is one of them. You will have to find the other two. Multiply all three of these numbers together and add a .com to find the next step. Good luck. Goodbye.”
Looking at the metadata of the image that started it all, Eriksson thought its height and width dimensions could be the other two numbers. He did the math and landed at a URL which had another image of a cicada and a countdown that told him when to return to the site.
When the countdown was over, the cicada image was replaced with strings of digits that looked like GPS coordinates. The coordinates led to telephone poles in countries around the world, including in Spain, Russia, America, France, Japan, and Poland. Due to geographic limitations, Eriksson had to rely on other people on the Cicada 3301 trail in those parts of the world. What the locals found were physical posters with images of a cicada and a QR code.
Eriksson scanned the QR code, which lead to another two images, inside of which were more hidden text, including text from what Eriksson found was the William Gibson poem Agrippa. Noting that the text referenced prime numbers, Eriksson surmised that perhaps the book code he used on the text found on Reddit might reveal where to go next if he used it on the Gibson poem. It worked. He was directed to an address on the anonymous Tor network.
However, by the time he arrived, Cicada 3301 had put up a message stating that they were disappointed in the groups of people that had formed to share parts of the puzzles they discovered without any one member completing all the steps along the way, as Eriksson had done.
Had Eriksson seen the first image as soon as everyone else did, and having solved the Cicada 3301 puzzle on his own, he would today know what laid beyond the Tor site Cicada had set up.
“It was quite disappointing,” Eriksson says. “Especially considering that the people who registered in time were mostly ones that had not actually solved much of the puzzles themselves. People were sharing solutions and collaborating a bit too much.”
But for Eriksson the time and effort it took him to beat Cicada weren’t a total loss. He solved every step of the world’s most baffling Internet enigma in just under three weeks and in the process gleaned a lot of insight into who or what Cicada 3301 is.
Ericksson's impression of who might be behind the puzzle changed as he went along.
“Getting a phone number to call after solving one of the pieces of the puzzle was the first hint that this might not just be the work of a random Internet troll. This was definitely an unexpected turn,” Eriksson says. “The plot thickened even more when receiving a number of GPS coordinates. I also can't help but to notice that the locations in question--USA, Poland, France, South Korea, and Australia--are all places with some of the most talented hackers and IT security researchers in the world.”
Cicada's identity is one of the most hotly debated topics among people who try to solve the group’s now annual puzzles. Theories range from global banks that might be trying to set up new digital currencies to political think tanks to nefarious groups of hackers with anarchy on their minds. The most popular assumption, however, is a government intelligence agency like the CIA, NSA, and MI6 that may be trying to recruit talented cryptoanalysts like Eriksson--something Eriksson doesn’t think is likely.
“It is actually quite common for intelligence agencies and similar organizations to use non-traditional forms of recruitment, but in those cases they usually announce it officially rather than hiding their identity. One such example was the GCHQ challenge "Can you crack it?" a few years ago. It required deeper technical skills than the Cicada 3301 challenge, but the scope was much smaller and it required a lot less time to solve. If intelligence agencies used something like the Cicada 3301 puzzles to find people to recruit, they would probably end up with a lot of people that are not really interested in working for an organization such as theirs.”
So if it’s not an intelligence agency, who does Eriksson believe is behind it?
“It is most likely an underground organization, not related to any government or intelligence agency,” he says. “Based on the references in their challenges--the Agrippa poem by William Gibson, The Marriage of Heaven and Hell by William Blake, The Book of The Law by Aleister Crowley--and their constant references to prime numbers and the like, they are likely intellectual, anti-establishment, ideologically driven and they seem to be valuing logical/analytical thinking highly. They seem to share a lot of ideology with the cryptoanarchy movement, and old-school hackers.”
As for the complexity of the puzzles, Eriksson says that Cicada wouldn’t even need to be that large of a group. “It really only takes one dedicated person to plan it all, but if I had to guess I would say it's probably three to five with one of them being the main driving force. They probably spend about one to two months on setting everything up before each year's puzzle. I think it's possible to set up similar challenges in a much shorter amount of time as well, but not with as great attention to detail as Cicada 3301.”
What’s most interesting is that, though Eriksson didn’t make it in time to be allowed through the last door, presumably a few select others did. This begs the question: Why aren’t those people talking? After all, if you’re smart enough to crack the Cicada puzzle, wouldn’t you want to brag about it and become the hero of the hacker world by revealing who’s behind it?
Eriksson says there have been some leaks, with people claiming that they are or have been part of Cicada 3301--but the problem is that none of them can be confirmed. However, he doesn’t think the identity of who’s behind Cicada will ever be revealed--even by a bona fide winner.
“I don't think that Cicada 3301 would reveal everything about themselves directly--or at all," he says. "They would probably only reveal their purpose or their ideology, and what they expect from you as a part of the group, and then use anonymous means of communication to keep their identity hidden."
“Regarding the desire to tell the world, I think that it depends on how you're wired and what drives you. In my work as a security researcher for some very secretive and sensitive clients, I'm used to keeping secrets. If you are working for a cause you truly believe in, I don't think keeping your mouth shut is that hard. The challenge for Cicada 3301 is to figure out which ones that truly believe in their cause.”
This year’s Cicada 3301 puzzle is currently going on, having revealed its start to interested puzzle solvers with an image of a cicada that read: “Hello. Epiphany is upon you. Your pilgrimage has begun. Enlightenment awaits. Good luck. 3301.”
As no one is yet known to have solved the 2014 puzzle, the current Cicada hopefuls out there could learn a thing or two from Eriksson, who says he is not working on this year’s puzzle.
Though you don’t have to be a cryptoanalist savant, it doesn’t hurt to have years of logical and analytical training. “Logical and analytical reasoning has always come naturally for me,” Eriksson says. “I started reading when I was four years old, I started programming when I was seven. My parents knew nothing about computers, so I had to learn everything by myself.”
Eriksson says that due to his background in IT security, the cryptography and steganography related parts were actually quite easy. But when it came to the more esoteric references to poetry, literature, prime numbers, and number theory, “I believe my general interest in brain teasers and puzzles have been quite helpful,” he says. “Also, in a lot of cases, I felt that Cicada 3301 and me seem to have a very similar way of thinking. There is something much deeper going on than just the puzzles per se.”
As for his advice for this year’s a future Cicada cyber sleuths?
“Make sure that you have a good understanding of every part of the previous Cicada 3301 puzzles. If there is a subject you are not already well acquainted with, take your time to read and learn more about it. Try to solve as much as possible of the earlier puzzles by yourself rather than just reading through a write-up. For parts you do read, make sure you understand each step completely and try to think about how you would have arrived at the same conclusions by yourself."
"Last but not least, enjoy the ride.”