Monday, January 13, 2014

Cicada 3301 is Back (Updated and bumped)

The Register reports:
Appearing each year since 2012, these strange series of challenges have stumped clever netizens the world over. By solving the riddles, it appears you eventually get in touch with the quizmasters, who are no doubt interested in people with your skills. 
Now 2014's puzzle is underway after this image was linked to by this Twitter feed, which has been spewing raw data in tweets for the past few days. The picture shows this text: "Hello. Epiphany is upon you. Your pilgrimage has begun. Enlightenment awaits. Good luck. 3301." 
If you fiddle with the image to enhance the shadows, it reveals a winged cicada insectthat featured in last year's contest. But that's just a distraction. If you run the original JPEG through steganography analysis tool OutGuess, you get a quote from theessay Self-Reliance by Ralph Waldo Emerson – plus a sequence of numbers separated by colons and a cryptographic signature generated by the PGP key used in the past by the Cicada 3301 team. 
Each line of those numbers hidden in the JPEG file refers to a paragraph, sentence, word and letter in that Emerson text, which is used to gradually build up a URL. So, for instance, 1:2:3:1 means take paragraph 1, sentence 2, word 3, letter 1, which is an 'a'.
The whole sequence constructs the URL auqgnxjtvdbll3pv.onion which refers to a web server running within the Tor network. That hands out another graphic that again uses steganography to hide a "good luck" message, RSA encrypted data and cipher variables that are needed to crack the encryption key to move on to the next part.
The article notes that some code-cracker are documenting their efforts online.

Update (1/13/2013): Alex Hern writes at the Guardian about his attempt to crack this year's puzzle, as well as publishing an email that may explain who or what is Cicada:
There's only been one trustworthy piece of information as to who lies behind Cicada. It comes from an email, leaked by one of the 'winners' of the 2012 challenge. It's impossible to verify fully, because the leaker was forced to remove the signature to keep their identity secret, but others who received the same email indicated that the contents were legitimate.

"You have all wondered who we are," it reads in part, "and so we shall now tell you. We are an international group. We have no name. We have no symbol. We have no membership rosters. We do not have a public website and we do not advertise ourselves. We are a group of individuals who have proven ourselves, much like you have, by completing this recruitment contest, and we are drawn together by common beliefs. A careful reading of the texts used in the contest would have revealed some of these beliefs: that tyranny and oppression of any kind must end, that censorship is wrong and that privacy is an inalienable right."
... Cicada must be the work of more than one person, with some hefty resources. So far, physical artefacts from the group have appeared in 8 nations and 11 US states; it has bought phone numbers; paid for server up time; and offered something to the winners which has earned their silence.

No comments:

Post a Comment