On January 5th, 2012, a simple image of white text on a black background was posted on 4chan’s /x/ – Paranormal board, a site that hosts a place to post pictures and messages on various topics. This seemingly innocuous message would go on to spark a worldwide cyber expedition to get to the bottom of the rabbit hole, a puzzle that only got more complicated and harder the deeper you went. The first message that started it all was simply signed “3301” at the bottom. The puzzles and their creator(s) have since become known as Cicada 3301. The true identity of the creator(s) of the puzzles remains unknown. Initial speculations about the source behind the name at the time of the launching of the first puzzle covered a broad range of opinions, ranging from the NSA, the Illuminati, various cyber government agencies, and all the way to rogue hackers, but no one knows for sure.¹ One thing however, was clear. This was a recruitment test of some sort, meant to identify those smart enough to get all the way to the end. And so cyber enthusiasts, hackers, and internet security specialists alike set off to crack the code and make it to the finish line.

This was no minor challenge. The completion of the first puzzle took the erstwhile detectives on a whirlwind journey, ultimately involving various internet sites, the deep web, several different ciphers and codes, Mayan numerals, works of literature, a phone number in Texas, and several real-world locations scattered around the globe. The first clue was hidden within the picture of the initial message, and it was only revealed once the image was moved into a text-editing application, allowing the seekers to see a string of numbers and letters, which followed the words “TIBERIVS CLAVDIVS CAESAR”. The reference to Caesar indicated the use of a Caesar cipher, which means you shift a letter of the alphabet ‘down’ a certain number of spaces to get a new letter. Once this was run through a decoder, the list of numbers and letters turned into a URL, one that when entered into a web browser took you to a new image of a duck.²

This held up the hunt for awhile, until it was realized that two of the words in the message to the right, ‘guess’ and ‘out’ referred to a program called OutGuess, which was used to hide and find messages within images. This in turn revealed a short message talking about a book cipher, a reddit link, and some numbers. Said reddit page contained a header across the table with pictograms, a lot of encrypted text in the subreddit, and two pictures, one of a welcome mat, and another of what appeared to be several tapestries combined into one picture, each of them seeming to show the Holy Grail from the Arthurian legend. Each of those images, when viewed through OutGuess, showed a new message. The welcome mat, accurately enough, gave a welcoming message, along with a note that all further messages from Cicada 3301 would be cryptographically signed with a certain signature to ensure authenticity. The other image, on the other hand, contained a message saying the next clue was right in front of the eyes of the searchers, that is wasn’t as difficult as the quest for the Holy Grail, and to stop overthinking things.

Going back to the pictograms across the top of the page, it was found that the pictograms were Mayan numbers, and when translated correctly, formed a string of numbers that, when assuming that 0=A, 1=B, etc, turned the numbers back into letters.³ Then, using a cipher, with the new string of letters as the key, the puzzle solvers were able to translate the encrypted text of the subreddit. The text now was an excerpt of a legend of King Arthur and the Knights of the Round Table, from a well known collection of stories and legends of the Middle Ages, Arthurian times, and Greek and Roman myths, the book Mythology by Thomas Bullfinch.

Now that they had the text from a book, the next step was to go back to the message that directed them to the reddit page and use the numbers from there on the text. Successfully solving this step revealed a phone number in Texas and instructions to call the number. The number has since been deactivated, but the voicemail message was as follows – “Very good. You have done well. There are three prime numbers associated with the original final .jpg image. 3301 is one of them. You will have to find the other two. Multiply all three of these numbers together and add a .com to find the next step. Good luck. Goodbye.”⁴ Solving this riddle lead to another URL, that when followed resulted in a webpage with a picture of a cicada and a clock counting down, with a hidden message congratulating the seekers on getting that far.

It also contained a mention of a timegate set for a few days later, four days from the start of the puzzle. When the appointed time arrived, the image on the website changed, now showing what looked like coordinates spread around the world. Locations including cities in Poland, South Korea, Australia, Russia, Japan, Hawaii, and more.⁵ Visiting those locations in person revealed the next step. What was at each set of coordinates, however, was exactly the same at every location, consisting of a poster containing a cicada with a QR code beneath it. The QR codes led to two different messages, with two different clues, as well as the same message, warning solvers to work individually and not in groups. The message indicated for solvers working together, only the first individual who solved the puzzle would get the prize.

The first clue remained unsolved for a long time, before finally being discovered to be a specific edition and volume of the Encyclopedia Britannica. However, the second clue was broken first, and found to be text from the poem Agrippa, A Book of the Dead, by William Gibson. This poem came on a small floppy disk with the book, however, both the book and poem were notorious for being single use only. The book was treated with chemicals that would start to erase the words when exposed to light, and the floppy disk would automatically encrypt itself and render itself unusable after only one use.⁶

Reusing the book cipher from earlier on the poem that had been used on the King Arthur text revealed a URL that ended in .onion. Any sites ending in .onion indicate that it is located not on the normal internet, but instead on the deep web. The normal internet, that which is indexed and visible to all, is estimated to contain only about 10% of the actual internet. The other 90% is usually unseen and unindexed, meaning it can only be accessed if you know the exact address of where you are going. The deep web contains storage for files and information, but also provides a place for citizens to circumvent communication blocks, journalists to publish human rights reports, whistle blowers to stay anonymous, and more. The use of .onion means it is accessed through the Tor browser, which, in theory at least, allows for near perfect anonymity on the deep web.⁷ This is important, because that “is the right to say something online without being connected to your real identity, and [this is] important for maintaining the internet as a as a platform for free expression, especially for political or social dissenters or those who want to avoid harassment, imprisonment, or worse.”^{8 9} Accessing that site using Tor lead to a message telling you to create a brand new email that had no connections with you, while still using Tor, and then entering the email on the website. Once that happened, the message indicated a number would be sent to the first few people who had made it there over the next few days. And here, alas, was where the trail went cold. Everything up till here had been publicly accessible and documented, but nothing from this point on for the first puzzle is possible to verify. There have been some purported leaks, but it is impossible to prove if those stories are accurate. Every person who supposedly received the email from Cicada 3301 went dark and vanished from the internet.¹⁰  A month after that however, a new message was posted, back on the subreddit.

To this day, the status of Cicada 3301 remains murky. The identity of those behind the puzzles have not been discovered, and those who have communicated with them are not speaking. There are some theories by those who solved the first puzzle but were not in time to be one of the first few, and they tend to believe the masterminds behind Cicada 3301 are a private organization of some kind. Joel Eriksson, a crypto security expert from Sweden, shares those thoughts, saying “It is most likely an underground organization, not related to any government or intelligence agency. Based on the references in their challenges… …and their constant references to prime numbers and the like, they are likely intellectual, anti-establishment, ideologically driven and they seem to be valuing logical/analytical thinking highly. They seem to share a lot of ideology with the cryptoanarchy movement, and old-school hackers.”¹¹ In the end, Cicida 3301 released three total puzzles, one annually over a period of three years, from 2012-2014. Their last verified message came in 2017. While the identities of those behind this are still unknown, their creation remains notorious and mysterious, and there are many who even now are ready to drop everything on a moment’s notice to work on a puzzle should a new one ever be released.