StMU Research Scholars

Featuring Scholarly Research, Writing, and Media at St. Mary's University
First message posted on 4chan by Cicada 3301 | Courtesy of 4chan

On January 5th, 2012, a simple image of white text on a black background was posted on 4chan’s /x/ – Paranormal board, a site that hosts a place to post pictures and messages on various topics. This seemingly innocuous message would go on to spark a worldwide cyber expedition to get to the bottom of the rabbit hole, a puzzle that only got more complicated and harder the deeper you went. The first message that started it all was simply signed “3301” at the bottom. The puzzles and their creator(s) have since become known as Cicada 3301. The true identity of the creator(s) of the puzzles remains unknown. Initial speculations about the source behind the name at the time of the launching of the first puzzle covered a broad range of opinions, ranging from the NSA, the Illuminati, various cyber government agencies, and all the way to rogue hackers, but no one knows for sure.1 One thing however, was clear. This was a recruitment test of some sort, meant to identify those smart enough to get all the way to the end. And so cyber enthusiasts, hackers, and internet security specialists alike set off to crack the code and make it to the finish line.

This was no minor challenge. The completion of the first puzzle took the erstwhile detectives on a whirlwind journey, ultimately involving various internet sites, the deep web, several different ciphers and codes, Mayan numerals, works of literature, a phone number in Texas, and several real-world locations scattered around the globe. The first clue was hidden within the picture of the initial message, and it was only revealed once the image was moved into a text-editing application, allowing the seekers to see a string of numbers and letters, which followed the words “TIBERIVS CLAVDIVS CAESAR”. The reference to Caesar indicated the use of a Caesar cipher, which means you shift a letter of the alphabet ‘down’ a certain number of spaces to get a new letter. Once this was run through a decoder, the list of numbers and letters turned into a URL, one that when entered into a web browser took you to a new image of a duck.2

Duck decoy image | Courtesy of Imgur and Cicada 3301

This held up the hunt for awhile, until it was realized that two of the words in the message to the right, ‘guess’ and ‘out’ referred to a program called OutGuess, which was used to hide and find messages within images. This in turn revealed a short message talking about a book cipher, a reddit link, and some numbers. Said reddit page contained a header across the table with pictograms, a lot of encrypted text in the subreddit, and two pictures, one of a welcome mat, and another of what appeared to be several tapestries combined into one picture, each of them seeming to show the Holy Grail from the Arthurian legend. Each of those images, when viewed through OutGuess, showed a new message. The welcome mat, accurately enough, gave a welcoming message, along with a note that all further messages from Cicada 3301 would be cryptographically signed with a certain signature to ensure authenticity. The other image, on the other hand, contained a message saying the next clue was right in front of the eyes of the searchers, that is wasn’t as difficult as the quest for the Holy Grail, and to stop overthinking things.

A piece of art depicting the Knights of the Round Table and the Holy Grail | Courtesy of Wikimedia Commons

Going back to the pictograms across the top of the page, it was found that the pictograms were Mayan numbers, and when translated correctly, formed a string of numbers that, when assuming that 0=A, 1=B, etc, turned the numbers back into letters.3 Then, using a cipher, with the new string of letters as the key, the puzzle solvers were able to translate the encrypted text of the subreddit. The text now was an excerpt of a legend of King Arthur and the Knights of the Round Table, from a well known collection of stories and legends of the Middle Ages, Arthurian times, and Greek and Roman myths, the book Mythology by Thomas Bullfinch.

Now that they had the text from a book, the next step was to go back to the message that directed them to the reddit page and use the numbers from there on the text. Successfully solving this step revealed a phone number in Texas and instructions to call the number. The number has since been deactivated, but the voicemail message was as follows – “Very good. You have done well. There are three prime numbers associated with the original final .jpg image. 3301 is one of them. You will have to find the other two. Multiply all three of these numbers together and add a .com to find the next step. Good luck. Goodbye.”4 Solving this riddle lead to another URL, that when followed resulted in a webpage with a picture of a cicada and a clock counting down, with a hidden message congratulating the seekers on getting that far.

Poster in Warsaw, Poland | Courtesy of Cicada 3301 (what seems to be a fan account or puzzle solver account) on Facebook

It also contained a mention of a timegate set for a few days later, four days from the start of the puzzle. When the appointed time arrived, the image on the website changed, now showing what looked like coordinates spread around the world. Locations including cities in Poland, South Korea, Australia, Russia, Japan, Hawaii, and more.5 Visiting those locations in person revealed the next step. What was at each set of coordinates, however, was exactly the same at every location, consisting of a poster containing a cicada with a QR code beneath it. The QR codes led to two different messages, with two different clues, as well as the same message, warning solvers to work individually and not in groups. The message indicated for solvers working together, only the first individual who solved the puzzle would get the prize.

The first clue remained unsolved for a long time, before finally being discovered to be a specific edition and volume of the Encyclopedia Britannica. However, the second clue was broken first, and found to be text from the poem Agrippa, A Book of the Dead, by William Gibson. This poem came on a small floppy disk with the book, however, both the book and poem were notorious for being single use only. The book was treated with chemicals that would start to erase the words when exposed to light, and the floppy disk would automatically encrypt itself and render itself unusable after only one use.6

Reusing the book cipher from earlier on the poem that had been used on the King Arthur text revealed a URL that ended in .onion. Any sites ending in .onion indicate that it is located not on the normal internet, but instead on the deep web. The normal internet, that which is indexed and visible to all, is estimated to contain only about 10% of the actual internet. The other 90% is usually unseen and unindexed, meaning it can only be accessed if you know the exact address of where you are going. The deep web contains storage for files and information, but also provides a place for citizens to circumvent communication blocks, journalists to publish human rights reports, whistle blowers to stay anonymous, and more. The use of .onion means it is accessed through the Tor browser, which, in theory at least, allows for near perfect anonymity on the deep web.7 This is important, because that “is the right to say something online without being connected to your real identity, and [this is] important for maintaining the internet as a as a platform for free expression, especially for political or social dissenters or those who want to avoid harassment, imprisonment, or worse.”8 9 Accessing that site using Tor lead to a message telling you to create a brand new email that had no connections with you, while still using Tor, and then entering the email on the website. Once that happened, the message indicated a number would be sent to the first few people who had made it there over the next few days. And here, alas, was where the trail went cold. Everything up till here had been publicly accessible and documented, but nothing from this point on for the first puzzle is possible to verify. There have been some purported leaks, but it is impossible to prove if those stories are accurate. Every person who supposedly received the email from Cicada 3301 went dark and vanished from the internet.10  A month after that however, a new message was posted, back on the subreddit.

Final message for the first puzzle posted on the subreddit | Courtesy of Reddit

 

To this day, the status of Cicada 3301 remains murky. The identity of those behind the puzzles have not been discovered, and those who have communicated with them are not speaking. There are some theories by those who solved the first puzzle but were not in time to be one of the first few, and they tend to believe the masterminds behind Cicada 3301 are a private organization of some kind. Joel Eriksson, a crypto security expert from Sweden, shares those thoughts, saying “It is most likely an underground organization, not related to any government or intelligence agency. Based on the references in their challenges… …and their constant references to prime numbers and the like, they are likely intellectual, anti-establishment, ideologically driven and they seem to be valuing logical/analytical thinking highly. They seem to share a lot of ideology with the cryptoanarchy movement, and old-school hackers.”11 In the end, Cicida 3301 released three total puzzles, one annually over a period of three years, from 2012-2014. Their last verified message came in 2017. While the identities of those behind this are still unknown, their creation remains notorious and mysterious, and there are many who even now are ready to drop everything on a moment’s notice to work on a puzzle should a new one ever be released.

  1. Shelly Barclay, “Unexplained Mysteries – What is Cicada 3301”, Historic Mysteries, 2014, https://www.historicmysteries.com/cicada-3301/.
  2. “The Internet Mystery That’s Baffled the World: Is Cicada 3301 a Puzzle, a Treasure Hunt, or Some ‘Nefarious’ Recruitment Test?” The Telegraph, The National Post, November 27, 2013, https://nationalpost.com/news/the-internet-mystery-thats-baffled-the-world-is-cicada-3301-a-puzzle-a-treasure-hunt-or-some-nefarious-recruitment-test.
  3. “Cicada 3301 First Puzzle Walkthrough.” Boxentriq, Boxentriq.com, Accessed 10/2/2020, https://www.boxentriq.com/code-breaking/cicada-3301-first-puzzle-walkthrough.
  4. “Cicada 3301 First Puzzle Walkthrough”, Boxentriq, Boxentriq.com, Accessed 10/2/2020, https://www.boxentriq.com/code-breaking/cicada-3301-first-puzzle-walkthrough.
  5. Michael Grothaus, “Meet the Man Who Solved the Mysterious Cicada 3301 Puzzle”, Fast Company, Fastcompany.com, November 25, 2014, https://www.fastcompany.com/3025785/meet-the-man-who-solved-the-mysterious-cicada-3301-puzzle.
  6. Matthew Kirschenbaum, “Textual Studies and First Generation Electronic Objects”, Text: An Interdisciplinary Annual of Textual Studies, (Ann Arbor: University of Michigan Press 2002), 14,15,16.
  7. Steve Symanovich, “How to Safely Access the Deep and Dark Webs”, Norton.com, https://us.norton.com/internetsecurity-how-to-how-can-i-access-the-deep-web.html.
  8. Carolina Rossi and Natalie Green, “Cybersecurity and Human Rights”, Public Knowledge, June, 2015, https://www.gp-digital.org/wp-content/uploads/2015/06/GCCS2015-Webinar-Series-Introductory-Text.pdf.
  9. Bill of Rights Institute. “Bill of Rights.” Accessed November 5, 2020. https://billofrightsinstitute.org/founding-documents/bill-of-rights/.
  10. “What Happened Part 1 (2012)”, Uncovering Cicada Wiki, Fandom.com, Accessed 10/2/2020, https://uncovering-cicada.fandom.com/wiki/What_Happened_Part_1_(2012).
  11. Michael Grothaus, “Meet the Man Who Solved the Mysterious Cicada 3301 Puzzle”, Fast Company, Fastcompany.com, November 25, 2014. https://www.fastcompany.com/3025785/meet-the-man-who-solved-the-mysterious-cicada-3301-puzzle.

Stephen Talik

Howdy. I'm Stephen Talik, a native Texan born in College Station, and an Eagle Scout. I find history - especially the World Wars, Cold War, and the espionage world - fascinating. I also enjoy learning about the newest and coolest gadgets for technological use and internet security, and watching sports. I have also interned in the Washington D.C. office of a member of Congress, and I am a Political Science Senior at St. Mary's University.

Author Portfolio Page

Recent Comments

19 comments

  • Ian Poll

    Something I find interesting about puzzles on the internet like the ones Cicada released are the balance between it being challenging and being too arbitrary that only the creator/creators would be able to solve it. Internet puzzles like Cicada 3301 or ARGs similar to it, like ilovebees, which was made as a type of marketing tool for the video game Halo 2, need to have creative strategies to how data can be found, and I find it really cool how data can hide inside of data.

  • Alex Trevino

    I for one was incredibly invested in the story of Cicada 3301 a few years back, and I found it to be a very interesting and exceptional story. It is great to finally see someone take an interest in this and spread the word of it as well. Cicada 3301 is an incredible story and the way this article is written sums it up perfectly, the use of explanatory terms in order to reach a wider audience is what really sells this, allowing it to be viewed and understood by almost anyone. Excellent work.

  • Evangelina Villegas

    This is a great article and I had a fun time reading it. I have always been interested in internet mysteries and reading about this Cicada 3301 was really cool. I have never heard of Cicada 3301 before now, but reading this article about how mysterious the identity of who they are, along with their puzzles show how interesting and scary they are. Overall, this article was well-written and was informative and descriptive to make it easy to follow along on how the puzzle worked.

  • Trenton Boudreaux

    Glad to see a piece of internet history being preserved through a written article. I have heard about Cicada before, but this was a nice refresher. I did not expect to find an article like this on a website, so this was a very nice surprise. What was interesting to me is how relatively easy it is to get onto the deep web if you have the exact address as I always thought the deep web was harder to access.

  • Allison Grijalva

    This was a great article about Cicada 3301, and something that I had never heard too much about before. I did not know a lot about coding or anything like that but this was a great thing to read about given that I am very interested in mystery. It is unsettling how hacking works and affects so many people’s’ lives everyday, even without them knowing. Thank you for writing this and bringing light to an important situation!

  • Victor Rodriguez

    Wow I loved this article. I only have a small amount of knowledge when it came to coding and hacking but this article helped me understand the complexity and development the tech industry can have on our current society. It is important understand the significance of the internet and comprehend that there are many risks that we must be aware of. Therefore, we must be cautious about the way we go about and continue to use our technological tools in the best possible way.

  • Shriji Lalji

    A very interesting mystery piece. This reminded me a lot of the movie Ready Player One. I had not heard about Cicada 3301 but Im glad I did because it is a modern day real life Sherlock Holmes type mystery. I would like to know the truth behind it but that would ruin the mystery. In my opinion I believe it is the illuminati.

  • Kayla Sultemeier

    This article about Cicada 3301 was very interesting and for some reason a little scary! The internet is such a wide portal into information and unknown individuals, we will truly never know what to expect or where it could be coming from. This reminds me of Anonymous and their unknown members and whereabouts across the world. It amazes me how people are able to attack such confidential information, nothing that we share online is private in any way.

  • Erin Vento

    This article was so interesting! I literally know next to nothing about coding and hacking, so reading about Cicada 3301 was wild for me, but this article was really well written and was easy to understand even for people like me who might get confused with some of the concepts. It’s really crazy to me nobody was able to figure out who (or they) were.

  • Caroline Bush

    Great article! I remember hearing something about this story when I was listening to creepy conspiracy theory videos on YouTube. It’s amazing to think that something like this occurred in the real world and had so many people trying to figure it out. This article was very informative about a topic that not many people know much about, I can tell a lot of research and time went into this great job.

Leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.