, , , , , , , , ,


I’ve finally got round to finishing the post some of my readers have been waiting for. This is essentially just a rewriting of some notes I made the other weekend, so there’s very little here that’s not already known. Hopefully I’m presenting it in a new way.
Other than that, I’ve found sporadic bits of evidence after playing with the Internet routing system, and I received very cryptic email from someone claming to be 3301 – I was hoping to post about these, but it’s too patchy to definitively comment on how they fit the wider picture. Solving the mystery involves finding scraps of information that often lead to dead ends.

The Background
Each year, since January 2012, there’s a challenge that becomes an elaborate Easter egg hunt. The trail starts on 4Chan, one puzzle leads to another, and things get weird (even creepy) along the way. Cicada 3301 is a recruiting campaign for ‘intelligent individuals’, although the tests are mainly of cryptographic and steganographic ability. The identity of whoever’s behind it is still a mystery. In fact it’s one of the biggest unsolved mysteries of the Internet.

For a while it was thought Cicada 3301 was a highly-intelligent individual who simply liked playing games. Obviously the messages were posted by someone unusually well-read in classic and esoteric literature, had a very high level of expertise in cryptology and the hiding of information, and had an obsession with prime numbers. That’s what we do know about Cicada 3301.

Then it became evident Cicada 3301 was an international group, when clues were left at physical locations around the world – in the United States, Spain, Poland, Korea, to name a few. Since no such group could have a global presence without being known, it’s highly likely Cicada 3301 is an online community we’re already familiar with by a different name.
The challenges became more elaborate, with clues to be uncovered by running a custom Linux distribution. Another challenge revealed a pseudo-occult text yet to be fully deciphered called the ‘Liber Primus’. The occult material and symbolism isn’t something an intellignce service would want associated with them, so this makes the NSA/GCHQ hypothesis unlikely.

The Most Basic Question
Given what’s currently known about Cicada 3301, the next question is why such a group would recruit specifically from 4Chan? I guess the answer has more to do with Anonymous, as that’s probably what 4Chan is best known for, and Cicada 3301 appeared after Anonymous became a real movement. The timing and the target audience are factors too significant to ignore. Both also shared a similar philosophy, and I think it’s sifting 4Chan for the most intelligent, attempting to make contact with whoever was influencing Anonymous.

The Most Valuable Clues
Later you’ll see why the following are perhaps the biggest clues to the identity of Cicada 3301. Obviously the name itself is very important – the Cicada is an insect that emerges after 13 or 17 years underground, which could indicate a relationship with events that happened around 1993 or 1994. The name also relates to the obsession with prime numbers, particularly in the context of cryptology. Cicada 3301 might well have been involved in the ‘Crypto Wars’ – hold this thought.

Cicada 3301 surfaced around six months before we tried resurrecting the Cypherpunk movement as the CryptoParty with Asher Wolf as the figurehead – at the time it was simply assumed she was the founder. This gets more interesting when we discover who else was actually behind it.

The pet name given to Cicada 3301’s very own Linux distribution released as part of the 2013 challenge. This was based on TinyCore. When booted, it prints out a set of prime numbers then restarts. The /tmp directory contains two encrypted files called ‘folly‘ and ‘wisdom‘, and the ISO file contains an MP3 that’s XORed with another file to produce a hidden message.


By the way, it’s possible to interrupt the boot script and get the command line, and from there use the TCE package manager to build Cicada OS into a proper installation. Because I’m good at this shit, I tried other command line trickery to learn more about 3301’s identity, but haven’t met with success beyond what others already found.

The Liber Primus
Something I think is worth mentioning is the interesting material posted by Cicada 3301 named ‘Liber Primus’ during the 2012 challenge, because it’s a real work of art and cryptology in itself. It’s hard to know quite what to make of it, but the title is a play on John Dee’s Mysteriorum Liber Primus and another book by Carl Jung, and outlines a fairly clear philosophy.

The surface content of Liber Primus could be a distraction. People assume it’s the secret because of its appearance, when the authors might have used steganography to conceal something mundane like a .onion address or password.

UC Berkeley and the Old Cypherpunks
Earlier I made a reference to the CryptoParty. At the time, before the CCC dispute, everyone it was founded by Asher Wolf. It transpired the CryptoParty was actually founded by at least one of the original Cypherpunks working behind the scenes. Jake Applebaum also played a huge role.

Now here’s the interesting bit: Someone else on the Uncovering Cicada wiki noticed the original Cypherpunks mailing list used cicada.berkeley.edu, and the subdomain was used until 1994 – 20 years ago. Today it uses the instar.berkeley.edu subdomain for its mechanical engineering project. UC Berkeley also gave us BSD UNIX and many of the core Internet and cryptographic technologies we use today (sometimes through Sun Microsystems’ involvement in RFC submissions). There’s also an interesting hypothesis that Cicada 3301 is the work of former academics from this university. In that case, the creation of a custom Linux distribution could well have been a hint.

It begs the question of why anyone would bother going to such lengths, when they could simply join a digital rights group anyway, or join an open source project. Surely it’s that openness that makes a group successful. There are a couple of possible answers. Firstly, if Cicada 3301 involves government-funded Tor Project developers, they could potentially be recruiting on behalf of the Pentagon.
Another possible reason is such groups historically get sabotaged by infighting, celebrity and identity politics. Perhaps 3301 plays on peoples’ need to feel part of something exclusive. Perhaps the aim itself was simply to learn by undertaking the challenges.

Only time will tell whether the next challenge starts in January 2015, and what form it might take.