Over the past month or so, a person or persons unknown have posted three messages on the popular Craigslist web site with telephone numbers which, when called, played automated recordings of long strings of numbers reminiscent of numbers stations which had been heard on shortwave radio for decades.
Many amateur cryptanalysts have tried their hand at cracking the code in these messages, and since they seem to be stumbling all over each other and missing things, I’m going to try to gather what I think is the best available information here.
First, I should note that the professional cryptanalysts have been here and downloaded the three messages as well. I’m also fairly sure that the cipher in use is simple enough that they would have cracked the messages days ago. Unfortunately, they can’t really tell us what’s in the messages, even if it did turn out to be a prank or viral marketing scheme, which I rate as highly unlikely.
If you haven’t seen or heard the actual messages yet, much of this won’t make sense, so you should probably go get copies of all three before reading: 212-796-0735, 415-704-0402, 678-248-2352.
Note also that none of the numbers are in service anymore. Each message pointed to a pre-paid VoIP account with an apparently different provider each time, and the curiosity generated by the publication of the numbers quickly overwhelmed the fairly small balance on each of the accounts. This is why I’ve preserved an archival recording of each number as it was heard. The message on each remained the same throughout the short lifetime of each number.
Some people think that waveform analysis would be useful in finding any hidden data streams in the message, but I personally think this is a waste of time, as each message has been transcoded several times from its original recording by whoever sent the message, through its transmission across the Internet, and its recording here. I used the asterisk softswitch to record the calls, and it recorded them in 8KHz GSM format. They have been upsampled to 22KHz MP3 as a transcoded 8KHz MP3 was completely unintelligible. This is why I think no useful information will be found by this method: it would be completely trashed by numerous transcodings before it ever hit my PBX, and garbled again when I transcoded it to archive it here. (Feel free to keep at it, though; those lines are pretty to look at.)
There was initial speculation, after the second message appeared, that the “Group” number in the message referred to the area code of the city in which the next message would appear, as the first two matched such a pattern. However, the third message did not follow this pattern. It also has some differences from the first two, which are noted below. The actual significance of the Group number, if any, is not yet known.
The numbers themselves were read in groups of five digits, twice for clarity, as is customary with this type of message delivery. Several people noticed, however, that a clear pattern emerged when the numbers were broken into groups of three: They all fell within the range of 0 through 125. This range can be represented within seven bits. Many numbers within that range appear to be entirely unused in any of the three messages, and across the three, only 73 unique numbers appear.
To date, however, people’s attempts to apply such ciphers to these messages have not taken this into account. If the messages use a weak cipher, such as a Vignère, four-square or straddling checkerboard cipher, then it would likely be a variant of such a cipher which uses a range of 0 through 125 (or 127), rather than a range of A through Z, or whatever other range. Further work along these lines should take this into account.
Most people are convinced that the number 0 (or 000) is a terminator of some kind (e.g. a full stop). I am not at all convinced of this, and I believe analysis should take into account the possibility that it is not a terminator. If there are such terminators in the messages, they could be any of the numbers.
Several people have suggested that the messages might use some sort of stream cipher. This seems fairly unlikely due to the frequency of the numbers seen, but it could be possible.
Frequency analysis of each of the messages suggests that the cipher being used is not at all strong by today’s standards, and is probably in fact very simple. However, the frequencies are somewhat different for each of the three messages, suggesting that each has a different key. What the key is and how it is applied remains unknown.
It’s not solved yet, but it looks like progress is being made. I personally think the best line of attack for now is to create variants of known classical ciphers which operate in the range of 0-127 rather than A-Z, apply attacks appropriate for each type of cipher, and see if anything comes up.
On a somewhat related note, both 2600 Magazine/Off The Hook/Hackers On Planet Earth and Blinkenlights have denied any knowledge of or involvement in these messages.
While I’d love to get deeper into this mystery myself, time constraints prohibit me from doing so. However, I am monitoring every single city on Craigslist, and if another valid message appears, I will post again. Several fake messages have appeared, with numbers ranging from the Fremont (Calif.) Police Department to the Federal Reserve Bank of Boston to some guy’s cell phone. And he’s going to have one hell of a bill next month. If you see another message on Craigslist, you should assume it is fake and not call the number. Unless, of course, you know how to verify that it’s a pre-paid VoIP account without calling the number and possibly running some other person’s cell phone bill into the stratosphere. (After spending years working for various phone companies, and years more before that doing things I can’t tell you about, I do know how to do this.) If a real message appears, I’ll post it within 24 hours.
If you solve one or more of the messages, and they appear to contain sensitive information that should not be immediately made public, do not post the solution here. Instead, forward the solution along with your cryptanalysis to your nearest Federal Bureau of Investigation field office. (If you are outside the U.S., contact the Legal Attaché at your nearest American embassy or consulate instead.) Or just use their nice online form. If you post a decrypted message that appears to contain sensitive information, it will be removed and forwarded to the FBI anyway.
On the other hand, if the message shows cryptographers writing love notes to each other, Congressmen arranging for prostitutes, a promotion for a television show, or the location of the buried Volvo, then by all means post it here for everyone to enjoy.
(No Ratings Yet)
Loading ...
Karl Marx would love the popular moves among politicians in various state governments and the federal government to ban so-called "junk" food in schools, and to "put healthy food in" convenience stores and on the tables of those they define as poor. It's a very elitist and arrogant mindset that promotes this ideology, and it needs to be addressed.
Ultimately, the war supporters in Congress prevailed in the vote on the resolution. Still, the vote was significant because it places every member of Congress on the record as supporting or not supporting the unconstitutional, costly, violent occupation of a country that never attacked us. This vote should serve as an important reminder to the American people of where their representatives really stand when it comes to policing the world, empire building, and war.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Michael Hampton
Jun 16, 2006
Something I forgot to mention for those of you outside the U.S. that you might not know: In the U.S., most people with mobile phones have to pay for incoming calls as well as outgoing calls. In most other countries, mobile phone users pay only for outgoing calls. So be careful when calling people over here. :)
Johan Louwers
Jun 16, 2006
Meaning homelandstupidity.us wants us to continue the online collaboration to continue on this page? Fine by me ;-) however a question remains, how did you find out the NSA checked your site? Meaning you are sniffing your log files to see if they are looking at your page?
Johan Louwers
Jun 16, 2006
When someone starts writing some code to decipher those messages it would be wise to check the following site: http://www.testdrive.hp.com/current.shtml
You can use those systems for free, register a account and run your software on one of those machines. You can, for example, use the td178.testdrive.hp.com a box using 16 Itanium II, 1.5 GHz processors
f
Jun 16, 2006
I was actually wondering if the NSA had looked here.. How much have they visited? Did they just drop in and get the messages, or do they pop up form time to time to see how we’re all doing?
Michael Hampton
Jun 16, 2006
But of course I looked at the log files! I can also tell you that various military intelligence agencies visited here and got the messages as well. Just about everybody who’s anybody in the intelligence community came by, in fact. Even a few people in the White House.
They haven’t been by much since, though I suspect they don’t really need to. :)
f
Jun 16, 2006
If the govt has been here, then maybe they’ve told Craig to keep quiet for reasons of National Security =P
SKYWALKER107
Jun 16, 2006
Who knows. I still think something is coming monday. And I am willing to bet that it will either be a ket to unlocking this or a total switch up from what we have seen/heard up to this point. One other thing about this.
What Gov. agency listens to this F***ing trance music.
Johan Louwers
Jun 16, 2006
It also could be that they have requested Craig to remove the postings and they possibly could have shutdown the numbers even do they did not yet run out of credits.
Michael, could you post more information on the secret services, who and when they have visited the Homeland Stupidity website to download the MP3 or check the conversation. It would be nice to know because if they downloaded the message this was most likely due to an order to investigate. I do not think such an order would have been given if they are the agency who is broadcasting the message.
Also it would be interesting to see the reaction time of the several agencies to check this website to get some more information.
Michael Hampton
Jun 16, 2006
Hm, I’ll have to re-run the logs (and the log is near a gigabyte!). But I recall that virtually all of them came over from slashdot.org.
And the only person from the government I’ve heard from lately is former FEMA head Michael Brown, but that’s a whole other story. :)
CodeAc
Jun 16, 2006
I have to say I’m really enjoying these threads. its actually getting me interested in learning more about cryptology. any suggestions on where I can’t get some good articles for crypto newbies such as myself.
Johan Louwers
Jun 16, 2006
Michael,
Can you possibly do it? Can you re-run your logs? If not can you e-mail me a location where I can download them in a TAR so I can run them for you? When you can not run them yourself and let me do it I will send the results first to and let you post them because it is your date but that will go without saying I think.
f
Jun 16, 2006
Just thought of something.. I wonder if any of the NSA visits times correspond to those of certain anonymous “hints” left on the message board..
hmmmm..?
f
Jun 16, 2006
this site has quite a few utils
http://www.und.nodak.edu/org/crypto/crypto/solvers/
And this one looks particularly interesting
http://www.und.nodak.edu/org/crypto/crypto/solvers/wart/
as it has alot of ciphers built in
Johan Louwers
Jun 16, 2006
CodeAc,
There are a lot of places where you can’t get good information on crypto,… however there are also places where you can get good information. You can take a look at http://www.schneier.com/books.html and get one of the books mentioned there. However I will try to find some nice website’s where you can start reading CodeAc. ;-)
SKYWALKER107
Jun 16, 2006
I reviewed the logs from my server that was hosting the crypto.zip file with the army guide to crypto and i had about 35 downloads with 3 duplicates and the rest i did arin and ripe look ups on all the IP’s nothing from our spook friends. just your classic cable/dsl providers with 4 exceptions. The 4 exceptions are the French Aerontics research center, johnson control, sumtotal systems and ,bluefin robotics. Don’t think anything worth pursuing.
Michael Hampton
Jun 16, 2006
I checked the IPs of all the commenters (with far fewer unique addresses, it was much easier and faster) and while nobody from the intelligence agencies posted anything, it appears that you, f, are with a government agency. ;)
Dirk Rijmenants
Jun 16, 2006
If those messages are even a bit serious, it’s impossible to perform frequency analysis. Any good cipher will have both substitution as fractioning. The latter will make frequency analysis useless. It’s most likely that if we don’t know the type of encryption that was used, we will never solve these messages.
If these messages originate from numbers stations, these might well be messages that are enciphered with one-time-pad (OTP). If so, just forget it, because OTP is reallly unbreakable (unless you’re so stupid to use the OTP key twice, as the Russians did in WW2 ->see verona project)
More on OTP here: http://users.telenet.be/d.rijmenants/en/onetimepad.htm
Johan Louwers
Jun 16, 2006
Dirk,
Thanks for dropping in to the conversation. I found your website and tools very helpful even do it not gave a final answer it was a good source of information. Many thanks for putting in al this work and providing us with such a good resource of information.
Dirk Rijmenants
Jun 16, 2006
Btw, if you’re hooked on codes and ciphers, you might wanne join the codebreakers on the Enigma Challenge:
http://users.telenet.be/d.rijmenants/en/challenge.htm
You can still earn your place in the ‘All Time Table of Honor’, and the 10 messages are ‘crackable’. Lots of fun and some history lessons as well.
Johan Louwers
Jun 16, 2006
Aha ,… Working for the French government he ;-) Do the French tax payers know that there are paying there taxes so you can fiddle around on this website ;-)
f
Jun 16, 2006
yeah, i’m with them for another week. In the meantime, I might use their supercomputer cluster to run these auto decryption algorithms =P
shh..
Michael Hampton
Jun 16, 2006
Johan, I spot checked the log again, and it looks like virtually all of them came from slashdot.org and digg.com. A few seem to have bookmarked it and re-visited on occasion. But the odd part is that I can’t see that any of them actually downloaded the MP3 files. Perhaps they called the phone numbers themselves. :)
f
Jun 16, 2006
and I’m american.. so wasting their taxpayers money, noooo problem :)
Michael R
Jun 16, 2006
Something occurred to me while looking at the frequencies of the individual messages: if you divide the range 0-127 into four equal parts (0-31, 32-63, 64-95, 96-127), nearly all of the values fall in the first and third parts. I suppose this lends support to the idea of an underlying binary representation, but the frequencies within each of the four parts are far from uniform…
Michael Hampton
Jun 16, 2006
Hm, now all I need is to be slashdotted again, and maybe we’ll get this thing cracked. This time I think the server’s ready…
f
Jun 16, 2006
yes, which leads to the question – what if the 1st and 3rd parts are actually degenrate, and should be overlaid… as well as the 2nd and 4th?
so 64=0 65=1 66=2, etc…
just a thought
Dirk Rijmenants
Jun 16, 2006
Did you tried the ASCII table on them (64=A, 65=B, etc…)?
ipdb
Jun 16, 2006
Nice to see most of what I’ve posted has been taken into account.
I still can’t believe people are trying to do complex ciphers with this… the numbers do not indicate complex ciphers or bit-shifting… or crazy algorithms… or encryption.
Dirk… ascii’s unlikely (I’ve explain a few reasons in a few of the three other threads)
Michael R… how do the numbers falling predominantly in those ranges.. indicate binary? It’d point to the first 5 bits and the 7 bit being more heavily used, but as I’ve explained… bit-shifting and alternate representations of these numbers detract from the pattern… so… hmmm?!?!?
Michael R
Jun 16, 2006
It suggests binary because the ranges are multiples of 32, and there are four of them. I agree that it’s almost certainly not a block cipher because of the non-uniform distribution, but it could (for example) be a pencil-and-paper cipher that involves powers of two.
Eri
Jun 16, 2006
Just FYI, it is not as simple as modding the triplet/doublet numbers by 26 and adding/subtracting 4,1,5. Worth trying I thought. Both of the first 2 messages break up into 3s, so I don’t think binary is the way to go. I have some more weird ideas I will try and keep you guys informed. Personally, I think trying to find “hope” in the messages is a good attack.
f
Jun 16, 2006
actualy, here is the ciphertool sourceforge site (looks way better than anything i could write
http://ciphertool.sourceforge.net/
I can’t manage to install it on my cluster, due to permisssions… can’t access a linux box either.
want to give it a shot Johan?
Johan Louwers
Jun 16, 2006
Hi f,
I will give it a shot. I will SSH into the cluster and try to run it during the night ;-)
Greg London
Jun 16, 2006
very odd
cybrpunk
Jun 16, 2006
hmmm. ipdb just gave me an idea… Suppose you have a message: “cybrpunk”. if a=0 and z=25, then in binary we have:
00010
11000
00001
10001
01111
10100
01101
01010
ok, so if you read down the vertical collumns, you get a new number. 7 bits would imply 7 characters per group. That would give me:
0101010 (32)
0100101 (37)
0000111 (7)
1000100 (68)
0011101 (29)
plus the last character (01010) left over.
assuming something like this has been done, the question becomes: how do they lay out the grid? How many big is the source alphabet? Maybe the group means something there?
Also, assuming this sort of thing was done, since the number of characters in the message is not always divisible by 7, what do they do with the extras? Pad it out with zeroes? send those last characters in the clear?
On a related note, I spoke to a co-worker who’s job is cryptography (he designs security protocols and whatnot, not code breaking), and he suggested I read “the handbook of applied cryptography”. in chapter 7, starting on page 237 it has a walk through of how many older ciphers are attacked using formal methods, as I understood it. I haven’t read it yet, but the book is online: www.cacr.uwaterloo.ca/hac
Sander
Jun 17, 2006
I read somewhere (in another discussion about all this) that the tune is from the song “Little Black Heart” by A-ha. Now I got curious whether this was correct and ran a search on Shareaza. There were all these strange files popping up: .wmv, .wma and .zip
All of them are between 150kb and 550kb. If you open the .wmv or .wma you are guided to “http://drm.ysbweb.com/v7.aspx” to get a license to play the file (DRM). This will however try to install “YourSiteBar”. And guess what the website says about itself: “YourSiteBar is an affiliate program that is offered to any individual or company that owns a web site.”
I don’t know to much about DRM, but if you open the .wma and .wmv files in Notepad, there is a lot stuff like: ” l x R 5 3 B i d U Q = = ” and it seems to differ in each file. Is this supposed to be there? Or did someone plant this and is our cipher in here somewhere?
Now this still can mean two things in my opinion:
1. This really is a marketing trick. But I really doubt this, since the people who will go after these voip-messages are smart enough to know not to install such crazy software.
2. This still could be some secret-service stuff. There’s more in the files, or the software trying to install itself, or there’s a backdoor on the website.
I think this is a strange twist, if it would mean anything at all, and I’d like to hear your thoughts on this. If you’d like, I can make a .zip file with all the strange files I’ve downloaded plus some IP’s.
ipdb
Jun 17, 2006
Are you guys STILL trying to manipulate the numbers?
Brad
Jun 17, 2006
Sure…what would YOU suggest?
Q
Jun 17, 2006
I took this:
13 5 6 51 12 79 46 6 5 1 93 82 3 9 13 94 69 12 7 81 8 17 28 17 6 9 22 73 38 14 1 7 15 15 73 4 2 68 12 13 1251 54 4 91 14 1 3 15 86 22 96 8 1 66 2 82 55 7 2 22 8 3 29 8 22 12 4 71 13 65 27 9 4 19 29 14 22 8 2 11 83 73 3 26 19 7 86 61 7 8 2 21 85 6 1 3 69 6 79 12 1 5 24 7 6 16 1 7 69 95 17 2 4 5 14 24 9 8 7 22 67 89 74 1 82 1 86 78 1 3 24 4 16 27 7 3 13 15 6 93 6 9112 2 84 21 3 7 31 7 6 49 65 23 27 6 7 7 16 12 1 7 3 3 2 79 87 22 2 5 15 75 31 65 1 11 67 27 66 7 9 64 21 79 21 7 9 72 18 65 1 6 12 8 68 1 9 18 15 88 31 8 4 73 29 24 25 6 76 79 13 11 7 7 95 7 71 18 6 9 7
This is the grouping of all three messages (doubles removed) once all of the zeroes have been taken out.
Applied a base64 conversion with ascii and got this:
DQUGMwxPLgYFAV1SAwkNXkUMB1EIERwRBgkWSSYOAQcPD0kEAkQMDeM2BFsOAQMPVhZgCAFCAlI3BwIWCAMdCBYMBEcNQRsJBBMdDhYIAgtTSQMaEwdWPQcIAhVVBgEDRQZPDAEFGAcGEAEHRV8RAgQFDhgJCAcWQ1lKAVIBVk4BAxgEEBsHAw0PBl0GmAJUFQMHHwcGMUEXGwYHBxAMAQcDAwJPVxYCBQ9LH0EBC0MbQgcJQBVPFQcJSBJBAQYMCEQBCRIPWB8IBEkdGBkGTE8NCwcHXwdHEgYJBw==
Q
Jun 17, 2006
(easier to look at)
DQUG Mwx PLgY FAV 1 SAw kNX kUM B1EIER wRBgkWSSY OAQcPD0kEAk QMDeM 2B FsOAQMP VhZgCAFCA lI3BwIWCAMd CBYMBEcNQRs JBBMdDhYIAgt TSQMaEwd WPQc I AhVV BgEDRQ ZPDAEF GAc GEAEH RV8 RAg QFDhg JCAc WQ1lKAVIB Vk4BAx gEEB sHAw 0PBl0G mAJUF QMHHwc GMUEXG wYHBx AMAQcD AwJPV xYCBQ9 LH0EBC0M bQgc JQBVPF QcJSB JBAQY MCEQ BCRIP WB8IBE kdGBkG TE8NC wcHXwdHEgY JBw==
SteveJabs
Jun 17, 2006
some words seem to come out of that one. it looks like you can get:
(from the beginning)
Doug
Play
Fav (short for favorite?)
have (the AhVV in line 3)
saw (sHAw in line 4)
and some others if you sort of sound out the jumble. all of those could just be coincidence though, which i believe is what it is.
CodeAc
Jun 17, 2006
wait I have it its a promo The Sopranos.
Doug Play your Favorite Sinatra song as loud as you can to drown out the screams, I have the saw.
LOL
Khate
Jun 17, 2006
As a spy number radio fan (I have squillions of recordings, and sample many in my own music), this story naturally piqued my interest. As soon as I heard the recording, something about the sounds in the song seemed familiar.
Compare the synth-like melody from the recording with G16 “Alpha Uniform”, the last recording on this page:
http://www.simonmason.karoo.net/Mistakes.htm
Not the same exact tune, but I KNEW that sound seemed familiar. I listened to a high-quality mp3 of the A-Ha song, and the sound they’re using has the same sound, warble and all, as the spy station. It doesn’t match the fidelity at all (esp. for a track from 2000); my bet is it’s a sample.
I’ll throw the two files side-by-side in CoolEdit and see if I can’t match the A-Ha sound to a cut loop from that station. Could be they’re using a different recording, so I’m on the hunt for more recordings of this particlular station.
So you’ve got a number code mystery transmission using a song that samples a spy station. There’s a grand inside joke (or a piece of conceptual internet art, perhaps?) here… or a spy with a sense of history and humor!
Khate
Jun 17, 2006
p.s.—
Goodness, there’s alot of G16 recordings, all with differing tone sequences:
http://www.simonmason.karoo.net/page74.html
Makes my task of finding the original sample a bit daunting!
Brad
Jun 17, 2006
I don’t know if they have any significance or not, but here are the lyrics to the A-Ha song “LIttle Black Heart” if you’re interested in speculating. I’m way out of school here but perhaps the song lyrics might be used as some sort of key?
I never saw sunlight
Burn as bright
I never felt darkness
The way I feel it tonight
You say it’s getting better
You say it’s allright
But I never felt darkness
Like I feel it tonight
Little black heart
Raindrops on my window
I can’t tell them apart
Like the few things forgiven
In my little black heart
You say it’s getting better
We just never got it right
But I never felt darkness
The way I feel it tonight
Little black heart
Some day we will shine
Like the moon in the morning
Like the sun when it’s dawning
Yes the sun when it’s dawning
The sun
Some day we will shine
Like the moon in the morning
Like the sun when it’s dawning
Yes the sun when it’s dawning
The sun
Raindrops on my window
I can’t tell them apart
Like a few things forgotten
And a few things ignored
You say it’s getting better
You say it’s allright
But I never felt darkness
The way I feel it tonight
Little black heart
My little black heart
Brad
Jun 17, 2006
Also, the lyrics to this song contain every letter in the alphabet except Q, X, and Z. Traditional telephone handsets also omitted Q and Z, though they used X. Not sure if this is relevant, but thought I’d throw it out there.
Dan
Jun 17, 2006
After listening to those messages only a couple of times, I woke up with that &^%& song playing in my head – all staticky and distorted. Good times!
I’m sure nightmares about guys with accents yelling out numbers aren’t far behind.
thebleedingtruth
Jun 17, 2006
Ok, so after reading through this, I thought about the numbers having been cleansed of zeroes, and then run through the cipher, but maybe you should look at the numbers in relation to a touch tone phone. Try to overlay the numbers into a phone keypad, (i.e.: a,b,c=2; d,e,f=3, etc). With that kind of thinking however, maybe the zeroes ARE necessary, and act as a guide to how many pressed each key gets, like the tap method in a text message or something.
Dib
Jun 18, 2006
Some random parsing of Q’s base 64 conversion results:
original:
DQUG Mwx PLgY FAV 1 SAw kNX kUM B1EIER wRBgkWSSY OAQcPD0kEAk QMDeM 2B FsOAQMP VhZgCAFCA lI3BwIWCAMd CBYMBEcNQRs JBBMdDhYIAgt TSQMaEwd WPQc I AhVV BgEDRQ ZPDAEF GAc GEAEH RV8 RAg QFDhg JCAc WQ1lKAVIB Vk4BAx gEEB sHAw 0PBl0G mAJUF QMHHwc GMUEXG wYHBx AMAQcD AwJPV xYCBQ9 LH0EBC0M bQgc JQBVPF QcJSB JBAQY MCEQ BCRIP WB8IBE kdGBkG TE8NC wcHXwdHEgY JBw==
lower case letters only:
wx g w w gk c e s g w c s gt a wd c h g c g hg c xg sw m wc w x c w x b gc c wc wd g w
Removed lower case:
DQUG MPLY FAV 1 SA NX UM B1EIER RBWSSY OAQPD0EA QMDM 2B FOAQMP VZCAFCA lI3BIWCAM CBYMBENQR JBBMDYIA TSQME WPQ I AVV BEDRQ ZPDAEF GA GEAEH RV8 RA QFD JCA WQ1lKAVIB V4BA EEB HA 0PBl0G AJUF QMHH GMUEXG YHB AMAQD AJPV YCBQ9 LH0EBC0M Q JQBVPF QJSB JBAQY MCEQ BCRIP WB8IBE GBG TE8NC HXHEY JB==
numbers only:
1 1 0 2 3 8 1 4 0 1 0 9 0 0 8 8
message with removed numbers and removed lower case:
DQUG MPLY FAV SA NX UM BEIER RBWSSY OAQPDEA QMDM B FOAQMP VZCAFCA lIBIWCAM CBYMBENQR JBBMDYIA TSQME WPQ I AVV BEDRQ ZPDAEF GA GEAEH RV RA QFD JCA WQKAVIB VBA EEB HA PBG AJUF QMHH GMUEXG YHB AMAQD AJPV YCBQ LHEBCM Q JQBVPF QJSB JBAQY MCEQ BCRIP WBIBE GBG TENC HXHEY JB==
Q
Jun 18, 2006
it could be in reverse, or be in something like a ROT-13 rotation.
Dib
Jun 18, 2006
I’m wondering if the ///(number) that we’ve seen isn’t a clue to how to decrypt the message, in other words, move each character forward in the alphabet by three?
So far I’m only getting further gibberish trying it that way though.
alwyz
Jun 18, 2006
any chance the group tells you exactly *how* to group the numbers? i looked at this as a total novice, but for instance, look at the first series
Group 415
01305 60510 12079 04606 50100
omitting the zeroes, if you add the first 4 numbers together, then the next 1, then the next 5, you have a sequence that runs like this: 15, 5, 20, 21, then 1, then 25, 22, 4, 25, 18 and on and on… it does seem to end nicely in certain spots. not sure what “those” numbers relate to.
teamchristian
Jun 18, 2006
alwyz… I’ve been saying the same thing on the previous pages. I think of all things thats the most likely way of decoding this. If you happen to have all of the digits you ended up with written out I’d love to see them.
I think if the song were part of the key, it would contain lyrics or some distinct clue to figure out what song it actually was. Can you imagine an embarassed secret agent wandering into a record store singing 7 notes of a song and asking what they thought it was. Something tells me that can’t be relevant. If and when we ever figure this out and the song had anything to do with this, I’ll feel like an idiot.
alwyz
Jun 18, 2006
sure, i’ve only worked on the first set of codes – probably a bunch of useless information based on my “numerology” breakdown theory:
Group 415
1356 5 11279 = 15 5 20 = 6 5 2
4665 1 93823 = 21 1 25 = 3 1 7
9139 4 69127 = 22 4 25 = 4 4 7
8181 7 28176 = 18 7 24 = 9 7 6
9227 3 38141 = 20 3 17 = 2 3 8
7151 5 73426 = 14 5 22 = 5 5 4
8121 3 12515 = 12 3 14 = 3 3 5
4491 1 41315 = 18 1 14 = 9 1 5
8622 9 68166 = 18 9 25 = 9 9 7
2825 5 72228 = 17 5 21 = 8 5 3
3298 2 21247 = 22 2 16 = 4 2 7
1136 5 27941 = 11 5 23 = 2 5 5
9291 4 22821 = 21 4 15 = 3 4 6
1837 3 32619 = 19 3 21 = 1 3 3
extra bytes 7 8 6
or another theory i came up with is that using the grouping of 3, but using the “group 415″ as a way to lay them out, and reading them vertically as the actual correct order of bits, then you would have 013, 079, 046, and so on, has anyone tried this yet?
013 056 051 012
079
046 065 010 093 000
082 039 013 094
069
012 078 108 017 028
017 069 022 073
038
014 017 015 015 073
004 020 068 012
013
125 100 054 004 091
014 013 015 086
022
096 081 066 002 082
055 070 002 000
000
022 083 029 008 022
012 004 071 013
065
027 094 019 029 014
022 008 002 011
083
073 003 026 019 000
007 000 000 086
anyone with cipher software wanna try running them in that order?
Anonymous
Jun 18, 2006
meine Fraulein – m4w — Sat Jun 10
email: anon-170223139@craigslist.org
Meine Fraulein, I haven’t seen you in a long time. Won’t you meet me at Caps?
Posted Sat jun 10 in the Bellingham missed connections
Michael Hampton
Jun 18, 2006
Cute but pointless. I saw that last week and ignored it. :)
Q
Jun 18, 2006
“the ///(number) that we’veveeen”
you have to do that to trick craigslsit auto-posting engine into allowing the number to be in the post. if the post has a phone number it’s rejected by the system this happens when posting in the sections of CL that do not allow for the posting of an actual email address only the “anon-***” re-mailer.
CodeAc
Jun 19, 2006
By the estimation of a new number coming out every three weeks one should be posted today in the Boston Creigs list. thats assuming that the 3 week gap between the 1st and 2nd posting is part of the pattern and the 3rd posting is bogus.
Deezy
Jun 19, 2006
I wanted to paste a comment as I have been following this from the beginning, if people are correct there should be a posting today or sometime this week. But then I think to my self what if this has been going on for years and just recently it was discovered. Also if it is a government agency or a spy then don’t you think they will know they have been compromised and change the msg or post on a different website entirely?
Johan Louwers
Jun 19, 2006
Deezy,
It would indeed make sense if the next message would appear today if ‘they’ continue the pattern they have been using. This is if you count the third message to be fake which raises the question if we do consider the third message to be fake…
On the other hand if they know the communication channel is compromised it would make sense to change the way of communication. However we do not know if they have a way to change the communication channel this easy. One of the messages could contain instructions to change the way of communication it could also be that it is very hard to change the way of communication.
About the crypto toolkit, I have been able to run it at a home Linux machine but it was not as helpful as I hoped. That is, it was not what I was hoping for that it should be, it could become that but it would take a lot of modifications and I do currently not have the time to start understanding and modifying the code.
Johan Louwers
Jun 19, 2006
We have missed something…. I think we have missed something… take a look at the message of the third phone number. Lets consider is NOT fake for a moment.
> Reply to: pers-170018379@craigslist.org
> Date: 2006-06-10, 4:52AM EDT
> Mein Fraulein,
> I hear the weather in the South is good this time of year. Won’t you call me?
> ///678///248///2352///
We do have a ‘Reply to’ Can somebody find out what the reply to addresses where from the other 2 messages… Maybe there is a clue…
Deezy
Jun 19, 2006
Johan,
That is a very good point, Now I have been listing to the msgs and been trying to come up with some sort of explanation. As others have mentioned I notice that it is 5 different voices also the dialect seems to be Scottish or Irish, it doesn’t really sound American to me. So this may be some sort of msg from agents there to agents here, or maybe as someone posted it come be anyone from anywhere in the world since voip lets you choose your own area code. I think we need to make friends with someone who has connections in the government and not just someone on here who says I have a friend of a friend who asks his CO blah blah. If were going to crack this code we all need to work together. Maybe someone can host a website like crackthecode.com for example where everyone on the net can go and share information and we can work together to solve code.
Johan Louwers
Jun 19, 2006
Number stations are normally used to send information from a agency to a agent it could very well be that this is used as the other way around. From agent to agency sending back answers. It could be a agent who lost his normal way of communication and his instructions are to communicate back in case of a emergency using this communication channel.
About your website idea. A good plan…. However at this moment I think homelandstupidity.us is still fulfilling the need of communication at the moment don’t you agree. I can create a sub-domain on my domain and create a website for it but I think it can be done here for now don’t you think?
Eri
Jun 19, 2006
For the record I tried the whole phone mneumonic idea and got nothing significant. I am still betting that this is connected to 2600, google or NSA recruiting, or at worst a beta test of a new spy communications method. I am game for someone setting up a site to work tofgther, docunment what approaches we are taking to minimize redudency. The idea of using craigslist to generate cover traffic to hide the phoen trace is brilliant though.
Deezy
Jun 19, 2006
Or this could all be bill gates idea of a joke :)
No one
Jun 19, 2006
Don’t you see! HomelandStupidity is behind all of this! They needed the P.R. so they cooked up this scheme.
I’m going to have to disappear for awhile. We are all being manipulated. Keep up the fight. Good luck.
nothinq
Jun 19, 2006
The bit distribution of the numbers (under the 3 digit grouping and 7-bit assumptions) is not random. For the first two messages it is between 60-61% 0s and 39-40% 1s
For the the third it is 57% 0s, 42% 1s
Anonymous
Jun 19, 2006
Anybody able to retrieve the original postings to find the ‘reply to’ addresses? I am very interested to see them.
Other thing, did craiglist responded on the mail send to them? Can you please post it here?
Michael, have you been able to rerun the log file’s so we will be able to find exactly the agencies how have looked at those pages and when they have looked at the pages so we can see if we can gain some information from that?
Johan Louwers
Jun 19, 2006
By the way, I posted the previous post; somehow the form ‘lost’ my preset information ;-)
Deezy
Jun 19, 2006
Im really curious to find out which agencies visited the site, Would be nice to see if the same agencies visited craigs list too.
CodeAc
Jun 19, 2006
I’m just hoping that this things gets cracked. its all very interesting and I’ve been enjoying this thread as well as the other related threads.
I just wish i knew more about cryptography. I have been learning a lot just reading.
It would be funny when I go to 2600’s Hope Con next month to find out it was all a marketing scheme on their part. I doubt thats the case, but remember were talking about Emmanuel Goldstein here. He has been known to pull some pretty wild stunts.
Deezy
Jun 19, 2006
Yea I want to make it to a con would be pretty cool, is defcon still around?
CodeAc
Jun 19, 2006
Yeah Their con is Aug 4-6 in Vagas
alwyz
Jun 19, 2006
listening to archives of the off the hook and off the wall shows where the phone number stations are mentioned, i did notice how emmanuel seems very sure of facts in regards to the messages – things he should be in the dark on like the rest of us. he seems to be leading us to the answers, yet at the same time denying any involvement. check out the tone in his voice and the things he says, starting with the off the wall episode from may when all this began. at this point, i am convinced he’s behind the whole thing. he’s giving lots of clues that seem arbitrary, but they’re not. that’s totally his style, isnt it?
qwerty
Jun 19, 2006
That’s because Emmanuel is a radio host of a certain genre. He’s playing into that genre by saying that speculation is fact. Don’t take him seriously.
Deezy
Jun 19, 2006
Yea thats what radio hosts do, it makes for good ratings lol
alwyz
Jun 19, 2006
yeah, good point…
Jun 19, 2006
The Numbers Stations at odrakir.com
CodeAc
Jun 19, 2006
Yeah but remember this if theres anyone that has the resources to pull this off it would be the crew at 2600
CodeAc
Jun 19, 2006
Its me again. I was just thinking. can we figure the numbers 2600 into this equasion at all. I don’t know a lot about this cryptography but if the guys at 2600 have something to do with this they may factor that in seeing how much pride they take in the number.
just a thought
Nathan
Jun 20, 2006
Sigh… you people are trying to analyze base64-encoded message (Dib). Do you realize that you have to use base64-decoder to get the original “binary” data? There’s no point of trying to analyze base64 messages, since it is just encoding format.
DasKreestof
Jun 20, 2006
Actually, the base64 was translated to: DQUG Mwx PLgY FAV 1 SAw kNX kUM B1EIER wRBgkWSSY
OAQcPD0kEAk QMDeM 2B FsOAQMP VhZgCAFCA lI3BwIWCAMd
CBYMBEcNQRs JBBMdDhYIAgt TSQMaEwd WPQc I AhVV
BgEDRQ ZPDAEF GAc GEAEH RV8 RAg QFDhg JCAc
WQ1lKAVIB Vk4BAx gEEB sHAw 0PBl0G mAJUF QMHHwc
GMUEXG wYHBx AMAQcD AwJPV xYCBQ9 LH0EBC0M bQgc
JQBVPF QcJSB JBAQY MCEQ BCRIP WB8IBE kdGBkG TE8NC
wcHXwdHEgY JBw==
Which doesn’t decode to anything. I have doubts that it’s base64 code.
My guess is that it’s an encrypted code of the alphabet against a 7bit ascii scheme.
Here’s another thought that may be discouraging. Aren’t 72 numbers of the 128 used? Aren’t there coincidentally 72 characters in the cyrillic alphabet?
I’m not going to double check, but would be pretty easy to throw most of us off if the message was in a language with a different alphabet that most of us aren’t familiar with.
One more thing. People keep suggesting dropping the zero’s. This is such an unefficient time and space cipher system already, I find it doubtfull that they’d reduce the scheme’s base number system from base10 to base9. I strongly believe that the many 0’s are the result of a 7 bit numbering scheme and nothing more.
huh?
Jun 20, 2006
dropping the 0’s doesn’t make it base 9, the extra 0’s would just be padding
quno
Jun 20, 2006
has anybody thought about sudoku
could be pr for http://www.sudokucombat.com/index2.php
for example
i no nothing about suodoku
but this sudokucombat has some similarity
lots of 0 for example
Reko
Jun 20, 2006
Wait, the base64 translation resulted in a message ending in ==? Anything ending in == is probably base64 encoding, it’s what gives away base64 encoding. Double-base64 encoded or something?
Anyway, on the Google thing, I think there’s something in it. Anyone remember that K-something (I forget the exact name) where people followed this ‘trail’ round the web and eventually found it was Google looking for talented people, or something?
CodeAc
Jun 20, 2006
That’s an interesting theory as well. Google is know for using these types of challenges (not encryption per say) to recruit Genius’s
brandon
Jun 20, 2006
I’m curious as to how much money exactally was on the VOIP accounts. If it was a spy to spy type deal , wouldn’t there be just enough money on the account for one person to hear the pre-recorded message ,and that be it? Rather than dozens of people?
Just a curious thought.
la
Jun 20, 2006
not if you expected 2000 nosy CL people to call =P
Robotron
Jun 20, 2006
Lo, just some thoughts.
i think there is a tendancy to over complicate things. im sure the key lies either with the group number or the text in the message (not the phone number itself). where have i heard the phase about the weather before? i think the key changes with each message, but the method of encryption is the same, as displayed by the freq dist.
when the messages are split into their threes, with 000 acting as a break, the first two messages have a ‘formal’ structure signing off at the end. but the third does not. i am interested in the third message starting with two threes. i cant think of what you might start a message with repeating the first letter or word, apart from HA HA! is the third message a reply?
tommy
Jun 20, 2006
quno-
Sudoku is a number puzzle where there are 9 squares with each square having 9 boxes coming out to a 9 x 9 grid. the numbers 1 – 9 can only appear once in each row both horizontal and vertical as well as within each smaller box. So in the end there are exactly 9 of each number 1 – 9. This patter hasn’t been shown. But I could see how at first glance it could resemble our messages.
haitch
Jun 20, 2006
If you look at the bits set in each number in the messages you see that bits corresponding to 1,2,4,8 are all set with similar frequencies and bit 32 is hardly used.
Message
1 2 3
N % N % N %
bit
1 37 15% 34 18% 32 20%
2 42 17% 29 15% 30 19%
4 48 20% 37 20% 26 16%
8 37 15% 28 15% 27 17%
16 32 13% 29 15% 19 12%
32 11 4% 3 1% 0 0%
64 28 11% 22 12% 23 14%
to work this out
take a number ie 67
binary notation is 1 0 0 0 0 1 1
value of each bit is 64 32 16 8 4 2 1
64 2 1 =67
However, I have no idea what this would indicate as far as the message.
CodeAc
Jun 21, 2006
I was thinking about something and now with the new posting on craigs list it makes sense.
assuming the third posting is bogus the 212, 415, and 617 all have small numbers at the end
415 had 86, 617 had 7 and (the new one) 215 has 14
because these are not the normal 5 digits and seeing peoples theroys lead to 3 digit groupings I did some playing around with the first message (212)
ok heres the original
Group 415
01305 60510 12079 04606 50100
93000 08203 90130 94069 01207
81080 17028 01706 90220 73038
01401 70150 15073 00402 00680
12013 12510 00540 04091 01401
30150 86022 09608 10660 02082
05507 00020 00000 02208 30290
08022 01200 40710 13065 02709
40190 29014 02200 80020 11083
07300 30260 19000 00700 00000
86
with the 3 digit groupings
013,056,051,012,079,046,065,010,093,000
082,039,013,094,069,012,078,108,017,028
017,069,022,073,038,014,017,015,015,073
004,020,068,012,013,125,100,054,004,091
014,013,015,086,022,096,081,066,002,082
055,070,002,000,000,022,083,029,008,022
012,004,071,013,065,027,094,019,029,014
022,008,002,011,083,073,003,026,019,000
007,000,000
ok assuming 86 is used to offset the groupings as someone mentioned in the original thread for the first number when i take each of these numbers and add 86 i get this
99 142 137 98 165 132 151 96 179 86 168
125 99 180 155 98 164 194 103 114 103 155
108 159 124 100 103 101 101 159 90 106 154
98 99 211 186 140 90 177 100 99 101 172 108
182 167 152 88 168 141 156 88 86 86 108 169
115 94 108 98 90 157 99 151 113 180 105 115
100 108 94 88 97 169 159 89 112 105 86 93 86
86
started to type out the ascii representation of these and got gibberish.
now heres where I thought it was interesting I took the three digit groupings and instead of adding 86 i subtracted 86 and got the following
-73 –30 –35 –74 –7 –40 –21 –76
7
-86 –4 –47 –73
8
–17 –74 –8
22
-69 -58 –69 –17 –64 –13 –48 –72 –69 -71 –71 –13 –82 –66 –18 –74 –73
39
14
–32 –82
5
–72 –73 –71
0
–64
10
-5 –20 –84 –4 –31 –16 –84 –86 –86 -64 –3 –57 –78 –64 –74 –82 –15 –73 -21 –59
8
–67 –57 –72 –64 –78 –84 -75 –3 –13 –83 –60 –67 –86 –79 –86 -86
whats interesting is any positive number looks like a space in a sentance and the only occurance where there are two positive numbers together could be seen as a new sentance.
this is probably coincidence but it looks interesting
Eri
Jun 21, 2006
It is not as simple as an ascii transposition, the distributions are all wrong. It could be a transposition with a cypher, but not as simple as +-a constant. I also ran this just to make sure nothing was in it using every really viable number. I thinkw e should assume the 3rd message is fake at the moment. Any other ideas people have? I will code em up if I can.
eri
Jun 21, 2006
Has anyone bitwise xord the messages togetehr and then applied the results to words that are probably in teh cipher? Standard stream attack? If not I will do it.
Brad
Jun 21, 2006
I took a look at Focal’s website, and I have to say it looks like a front. I mean, it’s full of cyber-babble, yet it isn’t apparent from looking at the site what, precisely, that company does and how, specifically, one can purchase its goods or services. Compare Focal’s website to those of other communications companies that ask you to sign up on the spot, and you’ll see what I mean.
Does anyone- anywhere– know anyone who works for Focal or has ever worked for Focal? I’m starting to suspect that the answer is no, which says a lot.
To quote ExamplesofaGirl:
That is the worst fronting I have seen in a looooooooong time.
This is Focal’s mission: ” On September 2, 2004, the parent company of Broadwing Communications, LLC, Corvis Corporation , announced the completion of the Focal Communications Corporation acquisition. Learn more(there is a link here) about the details and new opportunities this move offers to our customers…’
So then you click the link that takes you to this: “Corvis Corporation Completes Focal Acquisition”
September 2, 2004, the parent company of Broadwing Communications, LLC, Corvis Corporation, announced the completion of the Focal Communications Corporation acquisition. The communications services business, consolidating the services of Broadwing and Focal, will operate under the Broadwing brand once final regulatory approval is received to transfer the assets of Focal to Broadwing.
What does this mean for our customers? Two companies – both valuing the delivery of a positively differently customer experience – will bring to the market a more robust set of products and services to meet even more customer needs.
Click on the links below to learn more about this acquisition.”
Holy running around in circles and getting nowhere near the point Batman!!!
On another note, does anyone know whether any numbers broadcast over shortwave has ever been cracked? I’ve never heard of such a case.
Brad
Jun 21, 2006
More on Focal from Examplesofagirl:
Also I went to the map of locations where Focal was located in the USA. The HQ is located in Arlington Heights, IL (never heard of it, don’t know if it has any intresting history or not.) But I googled the man in charge of corporate services: Frank Cefali. Not much came up on him, but Focal things and he is an Adult CCG Member, with no starting date and no ending date, which I don’t understand. Then when googling CCG I found this: http://www.ccgteam.com/ which is a class of sort. “Developed exclusively by the current partners of CCG, PROChart© includes all of CCG’s products and services, in a comprehensive, integrated and logical process, including the acclaimed DELTA Plus® workshop and the Executive Leadership Series©, both designed for senior executives and middle managers, the Organizational Climate Study, the Executive Retreat, Leadership Coaching, and the Passing the Baton: Managing the Leadership Handoff© workshop, designed for middle managers and front-line supervisors.”
I also found it weird that what comes up the most for the abbreviation of CCG is: Cheats, Codes and Guides.
Weird coincidence?
eri
Jun 21, 2006
Here is an idea, if they numbers are ascii, then they are being transposed by some key. The key has to keep the numbers in the range, so I calculated the tolerances for this possible key for every 3character group. Maybe someone can find a pattern in the tolerances. the results look like:
013 -19 112
056 24 69
051 19 74
012 -20 113
079 47 46
046 14 79
065 33 60
010 -22 115
They are too long to post here (we should have a mailing list perhaps?) If anyone is interested in these results email me, erithid@gmail.com
nothinq
Jun 21, 2006
4th is very probably not from the same source as the 1st and 2nd messages, probably also not the 3rd either (which may not be from the original 1st/2nd source). At the very least, one could say that even if the numbers were from the same source, it is not the same algorithm (my guess for the 4th is that the algorithm is rand() )
The bits are nominally random in the 4th message: 49% 0s, 50% 1s. The other messages show completely different bit distributions (see my comment above)
Brad
Jun 21, 2006
We might as well refer to the first three telephone number recordings as the “synoptic numbers” and the fourth as “Johannine,” since the first three have a common source (let’s call it “Q”), while the fourth defies belief…
Someone’s jerking our collective chain.
alwyz
Jun 21, 2006
I think I made a discovery, only applied it to the first message, but looks significant. The reference 415 tells us to take the original 5 digit groupings, drop every 5th number entirely, and read the remaining groups of 4 digits as 4 3 2 1…. Check it out.
031 015 067 021 064 001 050
Etc
All numbers remaining STILL start, with very minor exceptions, all with zeroes. I think we have the correct numbers to decipher. Now, what about our alphabet dilemma?
jesus
Jun 22, 2006
Mein Fraulein, You didn’t call me from my previous message. Time is of the essence. Please call me. 510 //// 790 //// 68900
CodeAc
Jun 22, 2006
Alwyz: That is interesting. now i wonder if the last group of numbers ie 86 in the first message can be applied as a key somehow with that
Spook
Jun 22, 2006
CCGTEAM.COM
Registrant:
CCG Inc.
1500 Pinecroft Road, Suite 119
Greensboro, NC 27407
US
Domain Name: CCGTEAM.COM
Administrative Contact , Technical Contact :
CCG Inc.
jbostick@ccgteam.com
1500 Pinecroft Road, Suite 119
Greensboro, NC 27407
US
Phone: 336-294-8793
Fax: 336-294-8797
Focal.com
Registrant:
Focal communications corp.
200 N Lasalle
Chicago, IL 60601
United States
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: FOCAL.COM
Created on: 08-Oct-97
Expires on: 07-Oct-07
Last Updated on: 13-Oct-05
Administrative Contact:
Roedger, Rich dns@focal.com
Focal
200 N Lasalle
Chicago, IL 60601
United States
847-954-8242 Fax — 847-954-8799
Technical Contact:
Roedger, Rich dns@focal.com
Focal
200 N Lasalle
Chicago, IL 60601
United States
847-954-8242 Fax — 847-954-8799
t
Jun 22, 2006
Alwyz, can you explain in more detail?
i’m not following
thanks
t
Jun 22, 2006
oh nevermind.. I got it now.. you meant read them backwards
robbes
Jun 22, 2006
Group 617
061 078 002 021 085 006 013
069 006 079 012 015 024 007
006 016 017 069 095 000 017
024 005 014 024 009 087 022
067 089 074 010 082 010 086
078 013 024 004 016 027 073
013 015 006 093 069 112 020
084 000 000 021 003 070 031
076 049 065 023 027 067 000
007 016 012 017
fixq fixjoazhmrfox
fix q fix joazh mr fox
digits grouped in 3. These grouped in 7 (61_7_) cols, start at col 6 (_6_17) then go to 1 (6_1_7) and so on… when facing a number higher then 26, substracted 26 till it gets below. The result is probably still chance. It makes even less sence when done to the others.
erithid
Jun 22, 2006
the 4th ones ben solved, the answewr hasnt been posted yet, but it has been. I tried all teh mod stuff on the other mesages fyi.
fearman911
Jun 23, 2006
Has anyone noticed but the original one the introduction is completely different, notice the caplization in Mein Fraluin (spelling)? this is strange… People say there was only 1 real one.
alwyz
Jun 23, 2006
well, i am pretty sure i just uncovered how the group numbers work, we just have to figure out how to apply it and see what comes up. so far it looks like, if i’m right, then the first 3 messages are all from the same author, as there is a specific link using my theory. it also looks like these may be 2 digit numbers in the messages, not 3 digit numbers. (For example message 1 would be 01,30,56,05,10 and so on)…
everyone humor me for a minute… do mod-10 chain addition on the group numbers. if you do this with 415 (as we know all 3 legit messages had the first 2 bytes equal the third). then the next 3 bytes are – walla:617! that is the group # is message 2!! run through til you reach 415 again, and you have half the numbers for this loop (41,56,17, etc)… – now go split those #s in half and you have the rest of them (41,15,56,61,17 etc) now you have over 60 unique sets of 2 digit numbers, in a specific order and in a loop, and NONE repeat. for the sake of argument, let’s say group 415 and 617 belong to LOOP #1. this is by far the longest loop we have. Is group 415 saying that, at that specific point in the loop is where we place the letter “a” for our alphabet, and in message 2 we need to place “a” where 617 is? not sure yet…
Now, there are some missing sets of numbers from this loop. This is how we know the third message is linked to the other 2! LOOP #2, *could* start with Group 134! It’s a much shorter loop which would give us 13, 34, 47 and so on until we return to 13. NONE of the numbers in this loop appear anywhere in loops 1, 3,4, or 5.
LOOP #3 could be used if we ever got a message referring to Group 864, for example (remember the 86 in message 1? it could have been referring to this). It will consist of 86, 64, 40, and so on… another short loop – no numbers repeat in this loop or appear on any other loop.
LOOP #4 is short and sweet, the whole loop is 505505 etc etc – split up it’s 50, 05, and 55 – only those 3 numbers appear on this loop and once again, appear no where else.
LOOP #5 is 00. Not sure if this is a space in the message, a terminator of some kind, or another letter in the loop that could potentially offset the letters in any of the other loops by 1.
Between all 5 loops – no repeating numbers, and we hit values 00-99 in specific sets of order.
Since the messages seem to grab bytes from each loop, the question remains as to how to group the loops in regards to a-z values, where some of the loops begin and end depending on the message, and a host of others i cant explain this early in the morning.
Is this the cipher we need to figure out how to use for this? is this a cipher that’s been used before? pretty genius stuff. thank god it was slow at work tonight so i could play around with this :)
ours truly, alwyz
johan louwers
Jun 23, 2006
Looks valid to me alwyz….. :-) man, good stuff there! Let work on this some more….
k
Jun 23, 2006
always,
seems impressive what you found.. excpet I don’t follow you.. :(
can you explain whats a mod-10 chain addition?
and maybe a bit more detail of how you get the numbers for one loop? for example..
thanks
CodeAc
Jun 23, 2006
I hope that’s it. I would love to see what the message said. I think its safe to say that its not something that threatens national security or anything like that I would be funny if there was a Cryptographers convention going on some where and this was the ad for it.
CodeAc
Jun 23, 2006
Its Me again.
This is interesting I googled Mod 10 Chain Addition and got all sorts of hits for addition chains. but when i used the double quotes (“) I got this
http://en.wikipedia.org/wiki/VIC_cipher
alwyz
Jun 23, 2006
k, sure no problem… a little more detail on the discovery of the group numbers loops
I’ll take you through the first group as i discovered it.
Message 1: Group 415
Message 2: Group 617
Message 3: Group 134
Someone noted that what all group numbers had in common was that the first 2 bytes always equaled the 3rd. 4+1=5, 6+1=7, and 1+3=4.
Group 415 – since we have a theory that 4 plus 1 equals 5, then we continue the cycle, dropping the carries (ala mod 10 chain addition – example if you add 8 and 5, instead of 13, you just use the 3) and discover this:
41561785381909987527965167303369549325729101123583145943
7077415
there’s where the loop starts to cycle – when we get back to 415. notice the next string of 3 digits after the initial 415 was 617 – which was the Group # in our second message. Separating them gets:
41,56,17,85,38 and so on… we then build a “sub loop” using the “in between” numbers:
15,61,78,53 and string them into the loop, which could be 2 different things (though i believe it’s the former)
it could be they weave in to each other, like this:
41,15,56,61,17,78,85
or the entire first loop, followed by the entire “sub loop” (which i dont think is the case, but probably worth looking into until the first is proven right). no sets of 2 digit values repeats.
There are 2 digit values in the 00-99 range that are missing, and for those you build loops AND sub loops based on
134 (the group # of message 3)
134718976392134
86 (the 2 arbitrary digits at the end of message 1)
8640448202246066280886
50 (small loop that fills in 3 out of 4 missing 2 digit values)
50550
and a final 00 (the final missing 2 digit value)
00
These 5 loops (including sub loops) account for ALL 2 digit values in the 00-99 range with NO repeats. And they give a sense of order to everything AND tie all 3 messages together.
alwyz
CodeAc
Jun 23, 2006
I was looking at that link on Wikipedia and I clicked on that external link for that external link John Savard’s Page ( http://www.hypermaths.org/quadibloc/crypto/pp1324.htm )
looking at the explaination he gave it starts to make some sense. I’m not 100% if i’m on the right track here but I have a petty good gut feeling.
I know that explaination is based on 10 digits and 5 digit groups but notice how we have been grouping all these messages to 3?
some really cool discoveries were made when I stated to apply the Vic Cypher Modified to groups of 3
first like that article says to take the Date and the rendom identifier and subtract it without carries. Couldn’t we do this with the Area code and the group number
415
-212
—–
203
Ok Now hears a really cool discovery.
according to the article they have a key phrase and they split them into two groups of 10. 10 divided by 2 is 5 (Keep this in mind.)
The first thing that came to my mind was Mein Fraulen.
count the letters in meinfraulen thats 12 2*3 = 6 and two groups of 6 is 12 so I’m wondering if thats the Key phrase. and applying what the article says will come up with something
applying the method for encoding the keyphrase as follows
meinfr aulein
413520 104235
and taking that and adding it together without carries
413520
+104235
——–
517755
I haven’t had a lot of time to work on this little bit I started was quite interesting.
alwyz
Jun 23, 2006
CodeAc, i think the problem with using the Vic cipher as it’s “to be used”, is that we are missing specific information needed to use it, such as the personal number and 5 digit indicator – we have dates, but can’t really assume any of them are correct for our purposes. and without really knowing that we have the correct personal number even (not to mention we have no idea what possible combinations we could use as a 5 digit indicator), 1 digit off can really screw everything up on such a complex cipher as the vic. also using mein fraulein and changing 10 letters to 12 changes the cipher, we could also use the first 20 letters of the song little black heart “i never saw the sunlight” if we wanted to (don’t bother – i already tried that a few days ago :)).. in other words, i personally feel it’s too messy and complicated – and from my experience with all the different permutations of the code i’ve personally “invented” since i’ve been working on this thing, i’d have to say that if it seems messy, chances are it’s wrong at this point. I think whoever created this WANTS it to be solved, so to make this mess even worse is not in their best interest. not to mention, at some point, we end up “making things up” for code or input information that’s missing, and that’s just going to yield incorrect results no matter which way you slice it. they’re giving us clues as to how to solve it, it’s best we try to look for those.
CodeAc
Jun 23, 2006
Yeah maybe it is too messy with the Vic. I wasen’t sure if anyones tried that cypher yet but you did.
with your theroy we can we go now?
I’m pretty sure I’m following what your saying and that make a lot of sense. I say if we keep picking away at this thing someone will get it.
CodeAc
Jun 23, 2006
Wow I’m realizing just how badly i’ve been typing. LOL.. honest I talk better then I type.
alwyz
Jun 23, 2006
addendum to Group Number loops. LOOP #6: 268426 . accounts for 4 missing 2-digit values from the 00-99 table. Oddly this group is not referenced at all in the message, so not sure how to count it.
Joe West
Jun 23, 2006
hey mike, you got my IM. get ahold of me as i might have something in case another number comes up. best shot we prolly have.
j
Jun 24, 2006
alwyz,
I just wrote a script to do chain additon mod 10 on all numbers from 0-99 hope it helps
000
01123583145943707741561785381909987527965167303369549325729101
0224606628088640448202
03369549325729101123583145943707741561785381909987527965167303
0448202246066280886404
05505
0662808864044820224606
07741561785381909987527965167303369549325729101123583145943707
0886404482022460662808
09987527965167303369549325729101123583145943707741561785381909
10112358314594370774156178538190998752796516730336954932572910
11235831459437077415617853819099875279651673033695493257291011
12358314594370774156178538190998752796516730336954932572910112
13471897639213
14594370774156178538190998752796516730336954932572910112358314
15617853819099875279651673033695493257291011235831459437077415
16730336954932572910112358314594370774156178538190998752796516
17853819099875279651673033695493257291011235831459437077415617
18976392134718
19099875279651673033695493257291011235831459437077415617853819
2022460662808864044820
21347189763921
2246066280886404482022
23583145943707741561785381909987527965167303369549325729101123
2460662808864044820224
25729101123583145943707741561785381909987527965167303369549325
268426
27965167303369549325729101123583145943707741561785381909987527
2808864044820224606628
29101123583145943707741561785381909987527965167303369549325729
30336954932572910112358314594370774156178538190998752796516730
31459437077415617853819099875279651673033695493257291011235831
32572910112358314594370774156178538190998752796516730336954932
33695493257291011235831459437077415617853819099875279651673033
34718976392134
35831459437077415617853819099875279651673033695493257291011235
36954932572910112358314594370774156178538190998752796516730336
37077415617853819099875279651673033695493257291011235831459437
38190998752796516730336954932572910112358314594370774156178538
39213471897639
4044820224606628088640
41561785381909987527965167303369549325729101123583145943707741
426842
43707741561785381909987527965167303369549325729101123583145943
4482022460662808864044
45943707741561785381909987527965167303369549325729101123583145
4606628088640448202246
47189763921347
4820224606628088640448
49325729101123583145943707741561785381909987527965167303369549
50550
51673033695493257291011235831459437077415617853819099875279651
52796516730336954932572910112358314594370774156178538190998752
53819099875279651673033695493257291011235831459437077415617853
54932572910112358314594370774156178538190998752796516730336954
55055
56178538190998752796516730336954932572910112358314594370774156
57291011235831459437077415617853819099875279651673033695493257
58314594370774156178538190998752796516730336954932572910112358
59437077415617853819099875279651673033695493257291011235831459
6066280886404482022460
61785381909987527965167303369549325729101123583145943707741561
6280886404482022460662
63921347189763
6404482022460662808864
65167303369549325729101123583145943707741561785381909987527965
6628088640448202246066
67303369549325729101123583145943707741561785381909987527965167
684268
69549325729101123583145943707741561785381909987527965167303369
70774156178538190998752796516730336954932572910112358314594370
71897639213471
72910112358314594370774156178538190998752796516730336954932572
73033695493257291011235831459437077415617853819099875279651673
74156178538190998752796516730336954932572910112358314594370774
75279651673033695493257291011235831459437077415617853819099875
76392134718976
77415617853819099875279651673033695493257291011235831459437077
78538190998752796516730336954932572910112358314594370774156178
79651673033695493257291011235831459437077415617853819099875279
8088640448202246066280
81909987527965167303369549325729101123583145943707741561785381
8202246066280886404482
83145943707741561785381909987527965167303369549325729101123583
842684
85381909987527965167303369549325729101123583145943707741561785
8640448202246066280886
87527965167303369549325729101123583145943707741561785381909987
8864044820224606628088
89763921347189
90998752796516730336954932572910112358314594370774156178538190
91011235831459437077415617853819099875279651673033695493257291
92134718976392
93257291011235831459437077415617853819099875279651673033695493
94370774156178538190998752796516730336954932572910112358314594
95493257291011235831459437077415617853819099875279651673033695
96516730336954932572910112358314594370774156178538190998752796
97639213471897
98752796516730336954932572910112358314594370774156178538190998
99875279651673033695493257291011235831459437077415617853819099
j
Jun 24, 2006
Her eare the chain lengths of each loop too.. interesting property of numbers isn’t it…
0: 3
1: 62
2: 22
3: 62
4: 22
5: 5
6: 22
7: 62
8: 22
9: 62
10: 62
11: 62
12: 62
13: 14
14: 62
15: 62
16: 62
17: 62
18: 14
19: 62
20: 22
21: 14
22: 22
23: 62
24: 22
25: 62
26: 6
27: 62
28: 22
29: 62
30: 62
31: 62
32: 62
33: 62
34: 14
35: 62
36: 62
37: 62
38: 62
39: 14
40: 22
41: 62
42: 6
43: 62
44: 22
45: 62
46: 22
47: 14
48: 22
49: 62
50: 5
51: 62
52: 62
53: 62
54: 62
55: 5
56: 62
57: 62
58: 62
59: 62
60: 22
61: 62
62: 22
63: 14
64: 22
65: 62
66: 22
67: 62
68: 6
69: 62
70: 62
71: 14
72: 62
73: 62
74: 62
75: 62
76: 14
77: 62
78: 62
79: 62
80: 22
81: 62
82: 22
83: 62
84: 6
85: 62
86: 22
87: 62
88: 22
89: 14
90: 62
91: 62
92: 14
93: 62
94: 62
95: 62
96: 62
97: 14
98: 62
99: 62
j
Jun 24, 2006
Ahh… maybe this is what you were talking about… most ot the loops are degenerate, and only 6 of them have actually uniq sequences
0,1,2, 5,13, and 26.. the rest are just rotations of these fundamental loops..
and there are only lengths of [3, 62, 22, 5, 14, 6]
amd i missing something else..?
j
Jun 24, 2006
what bothers me still, is that the message lenghts for the 3 real message, are all only divisible by 3, suggesting that the messages should be divided by three still
If so, there are some messages with numbers above 100, which doesn’t suggest how to use a key that only goes to 99
Michael R
Jun 24, 2006
The highest number is 125 = 99 + 26. Could each group of 3 digits be a number between 0 and 99 generated by chain addition, added to a number between 0 and 26 representing a-z and space?
j
Jun 24, 2006
Can you explain what you mean micheal?
Michael R
Jun 24, 2006
Encode your message using 0 for space, 1 for A, 2 for B, etc. Then start with the group number and generate a chain, eg 415 generates 4156178538190998752… Add two digits from the chain to each character of the message, giving you a number between 0 and 125.
The only problem is, it doesn’t seem to work for the chain generated from 415. ;o) But we don’t know quite how to select digits from the chain: do we use 41,15,56 or 41,56,17? Or maybe we should do chain addition on the phone number instead of the group number?
Michael R
Jun 24, 2006
Wait, a chain based on the group number couldn’t generate a double zero, but there are double zeroes in the messages. In a chain based on a three digit “seed”, the digit before a zero is always repeated twice after the zero: 1011, 9099, etc. The only chain based on a three digit seed that contains a double zero is the chain that’s all zeroes.
But if the chain’s based on a longer number (like the phone number) it could contain double zeroes…
alwyz
Jun 24, 2006
j, sweet research. thanks bro. i get your point about the 3 digit groupings, certainly as they were created they do overall make nice sentence and paragraph structure if you count 000’s as breaks. also the 2 digit groupings will make the messages longer, and why do you need to write so much stuff in a spy message?
michael and j,
what strikes me as odd is that there are so few numbers from 1xx-1xx. maybe their intended purpose is:
a. they were simply put in as a way to throw us off FROM the 3 digit groupings theory. if we had the rest of the message, it would undoubtedly be easy to brute force hack those digits, wouldn’t it? or
b. if they’re supposed to exist, maybe they act as a key of sorts to throw the whole thing off, change the rotation of our loops somehow, or possibly call for us to “reset” our loops at a new location in the loop as our metaphorical “a”.
probably if they did so, because of my explanation in a, it would be for the remainder of the message and not solely that letter. so, maybe they’re not part of the numbers. (for rough example 108 would actually be take command 1, number 008?) – that’s the only logical conclusion i can see right now.
alwyz
j
Jun 24, 2006
are ther eany other ways todo chain addition besides using the last two numbers?
another thought.. since the 134 chain is the shortest… “maayyybee” that will make that one easier to crack?
(though it could very well be the opposite)
Buff Daddy
Jun 24, 2006
“There’s nothing more dangerous than a resourceful idiot.†– Scott Adams
“The easiest person in the world to scam is the person who foolishly believes that they can’t be scammed.†– Me!
I’m WAY to tired to write further, so I’ll just leave you all with the above quotes and this question/answer:
Q. What’s the advantage of giving thousands of cryptologists free access to their secret messages?
A. They’ll encrypt it for them.
Michael R
Jun 24, 2006
j, the way it’s done in the VIC cipher is that you add the first two digits, write the result (mod 10) at the end of the chain, and advance by one digit. So 41 becomes 415617… and 123 becomes 123356814…
I referred to the group numbers as 3-digit seeds earlier, but they’re actually 2-digit seeds because the third digit is generated from the first two. A seed that genuinely had three digits could generate double zeroes.
Buff Daddy
Jun 24, 2006
Why hasn’t anyone taken a psychological perceptive in trying to solve this? Don’t be suprised if that’s what the person behind this was banking on! Consider answering these questions first before going any further, as it might save a lot of time and effort in solving this puzzle…
Why would the person risk compromising highly-sensitive information by using a publically accessable forum like Craig’s List to transmit it?
If you wanted to provide further information to the intended parties using a pre-paid phone messaging service, then why wouldn’t you encrypt THAT information to ensure that nobody else could call it?
Why is it that the only people who have taken an interested in solving this have one thing in common (based on the comments thus far)?
Why hasn’t it been solved yet?
And most importantly, why hasn’t anyone considered that it’s NOT an encrypted message?
Taking those questions, isn’t it possible that you have all been used without knowing it to keep alive and spread it’s contents exponentially? In other words, there is only one way to stump a cryptographer… Tell them do decrypt a message that IS NOT ENCRYPTED! What’s the first thing a person will do when they can’t solve something? They ask for help from other cryptographers! How do they do it? They provide the puzzle that needs to be decrypted to the public! The result? The message will reach it’s intended parties without having to pay or hide anything to do it! What could these messages POSSIBLY contain that would benefit from public availability, the guise of being something it isn’t AND who would make use of it’s information?
“If it’s too good to be true, it usually isn’t true.”
Dan
Jun 24, 2006
Well, it sure seems like a reasonable method of one-way communication to me.
If all you knew was the key and to look for “Mein Fraulein” in the personals of Craigs List, which you could do from any public library, you could get your instructions from a payphone.
Sure, it could be nothing. But, since there’s the chance that it is indeed something, why not try and figure it out?
CodeAc
Jun 24, 2006
I’m not quite ready to subscribe to the theory that these messages are just a bunch of meaningless numbers.
Buff Daddy
Jun 24, 2006
I have no idea whether or not the contents are meaningful or meaningless… My interest lies in the psychological aspects of the puzzle, so I’ll leave the cryptography (or ANY sort of math!) to the experts! :) I think that maybe this puzzle requires a combination of both points of view in order to find the solution. I could be wrong, though; it DEFINETLY wouldn’t be the first time!
smc u.k.
Jun 25, 2006
Buff Daddy – I agree that a lot of attention is going on ‘cracking the code’, I think that’s necessary but we may be missing important clues. I’d like to know if there is any significance to the phrase ‘Mein Fraulien’, and why the choice of song. Could the song – Little Black Heart – be meaningful to the sender/recipient?
Listening to the full song, I could help noticing the words could apply to some underground group that believes it’s trying to change the world — ‘they say it’s getting better, they say it’s alright…. but I never felt darkness…. the way I feel it tonight’. Also references to shining like a bright moon in that darkness… all the raindrops, can’t tell them apart.. my little black heart…
What group might see itself in that light? Al Qaeda? … perhaps some other group with shady tactics with strong beliefs in questionable ideals?
I may be reading too much into it but I thought the choice of an old song from the 80’s indicates the selection wasn’t exactly random…. suggesting it was in the sender’s library… suggesting the identify with the song.
As for ‘Mein Fraulien’… did someone say they found a link to a German spy novel online containing that phrase? Maybe a favourite of the sender? Wherelse might they have gotten such an unusual phrase from?
smc u.k.
Jun 25, 2006
Buff Daddy – I agree that a lot of attention is going on ‘cracking the code’, I think that’s necessary but we may be missing important clues. I’d like to know if there is any significance to the phrase ‘Mein Fraulien’, and why the choice of song. Could the song – Little Black Heart – be meaningful to the sender/recipient?
Listening to the full song, I couldn’t help noticing the words could apply to some underground group that believes it’s trying to change the world — ‘they say it’s getting better, they say it’s alright…. but I never felt darkness…. the way I feel it tonight’. Also references to shining like a bright moon in that darkness… all the raindrops, can’t tell them apart.. my little black heart…
What group might see itself in that light? Al Qaeda? … perhaps some other group with shady tactics with strong beliefs in questionable ideals?
I may be reading too much into it but I thought the choice of an old song from the 80’s indicates the selection wasn’t exactly random…. suggesting it was in the sender’s library… suggesting the identify with the song.
As for ‘Mein Fraulien’… did someone say they found a link to a German spy novel online containing that phrase? Maybe a favourite of the sender? Wherelse might they have gotten such an unusual phrase from?
smc u.k.
Jun 25, 2006
Oops! Sorry for double-posting, server didn’t respond for ages and thought I’d try reloading. Also, where I say, ‘where else might they have gotten’ the phrase from, that’s not meant to sound like a rhetorical question, as if I’m certain I have the right answer already, although it might have come across that way reading it back! I’m genuinely interested if anyone else any other theories, as both the phrase and choice of song seem significant in their obscurity.
Fishy
Jun 25, 2006
Hey everyone! Fascinating stuff is going on here, but there’s a few things I feel like saying: Sorry for raining on everyone’s parade.
1) If these are legit, and paid for by a phone card that only accepts a finite number of incomming calls, then we run the risk of the Good Guys calling the line *after* the legions of bloggers have gotten there first, and the number goes dead. It’s possible we’re performing a hideous obstruction of justice, here.
2) Mein Freuline is probably not part of the cipher, because it’s in the public part of the message.
3) In the same vein, simply because the encrypted message is so incredibly public, it suggest that it’s encrypted with a One Time Pad, which, as was pointed out before, is unbreakable. That might explain the ‘group number’: It could be an instruction of which OTP to use to read the massage.
4) As was pointed out before, ‘Let’s try cypher X with key Y, and see what we get!” is not the way forward. While I’m not a cryptographer, I am a devout follower of James Randi: while some of the ‘number chain mod 10′ stuff looks promising, (Picking on you because you’re at the bottom of the thread and for no other reason, sorry j) it also looks like Bible code. Apply permutations to any sufficiently large block of input, and you’re going to get something ‘interesting’. http://skepdic.com/bibcode.html Honestly, those 62s look more like an obscure property of multiplication by 9 than anything else.
The way to do this, if it’s a breakable code, is to use statistical analysis to create a fingerprint: some sort of guess as to what cypher was used (I’m not nearly qualified to do this) and *then* apply that, not go looking for patterns first and asking questions later.
Best of luck.
CodeAc
Jun 25, 2006
First I don’t think the masses of people overloading the number and wiping out the prepaid minutes that that number had on it would hinder any investigation by any agency considering they have resources well beyond our means to obtain any information that they need should they deem it a threat.
and I believe initially the federal agencys did look at these messages and concluded that they were harmless.
Getting back to buff daddys theory. I wonder if its some kind of project for some college student. I Live in Rhode Island and i remember back in the early 90’s a RISD (Rhode Island School Of Design) student was giving an art project by his professor to make up a slogan that meant absolutly nothing and generate interest in it. This student (Name slips my mind) went on to create stickers with a picture of Andre The Giant with the words “Andre The Giant has a posse” this sticker became such a cult icon that it started appearing in Boston, New York, LA, and lord knows where else.
I wonder if this is on the same level
buff daddy
Jun 25, 2006
Well, if nothing else, the mystery behind that T-Shirt I bought years ago that had a picture of a German women made entirely out of random numbers with the words “Won’t you call me?” written inside the balloon caption above her head has now been solved! :)
Seriously, though, that’s the only thing that would make perfect sense. It might also explain why the cryptography comments have come to an abrupt end since my first post. At the very least, I can truthfully state that I solved the puzzle, and I didn’t need to use any math to do it, either! Woo-hoo! :)
Deadbeat
Jun 26, 2006
Does anyone have all the original posts? Perhaps the 1-time-key for each msg is somewhere in the ID number generated by Craigslist. IE: pers-170018379 for the 3rd msg. I know that’s a lot of numbers to play with but it’s not far fetched since the ID is generated before you aprove your post and the recording could very well be compiled after the ID is asigned but b4 the ad is published.
TtJ
Robotron
Jun 26, 2006
ok like the work on the group numbers, interesting, i have been pushing ascii through these numbers every which way and no joy. i have to come back and look at the feq dist. With 415 86% of numbers occur in 0-30 or 70-100, in 617 its 95% and 134 its 96.1%. in addition 0-30 constitutes over 50% of the numbers in each case. It would appear that the code rarely generates a number between 30-60 or larger than 100.
on another note looking for cribs, the interesting patterns are:
in 415 – 17 28 17, is it the same as 10 82 10 in 617?
in 134 the sequence 79 64 21 79 21 79
both 415 and 134 have repeating numbers 15 and 3 respectively.
keep on searching it does feel crackable.
eri
Jun 27, 2006
Before we go nuts with this mod addition, I am going to try to rule out a simple cypher system. I have calculated the tolerances for every triplet and am making 3-5 letter groupings by calculating every permutation of the letters. this is hard to describe basically:
056, you can add 69 to subject 24 to stay in the ascii band. Teh trick is looking over the output for possible words.
eri
Jun 27, 2006
I left out an important part. I am doing this for the first few chars, then take the cypher that turn them into word patterns, and apply that cypher elsewhere. Hopefully if it is a substitution cypher, the key isnt as long as the message.
eri
Jun 27, 2006
now that I think of it, it would prolly be faster to start with a list of common 3 letter combinations, sample, and see what happens. if we only had quantum comps.. :-)
brandon
Jun 28, 2006
What would be neat would………….having a farm system for these types of encryptions/cyphers , and farm the data to a few hundred computers , so you could have the power of many , many systems working on it :)
abc123
Jun 30, 2006
since no one has made any comments for a few days…… i have had an idea all along that the numbers are the answer. meaning that they should not be converted to words. i think they have something to do with GPS coordinates.
anyone?
matt
Jul 01, 2006
Hi, I’m new. This may seem a tad bit too easy, but has anyone tried taking the numbers and coordinating them to the letters on the numbers of a phone?
Tony
Jul 01, 2006
Two digit number, for example, 73, 83, 20, etc, being spaced by a zero, unless the number is less than 10 and then it would be represented by, for example, 04, 08, etc. there are two spots of mess where this pattern was discontinued, most likely a common mistake when a lot of number was involved. I also check the frequency of the 2 digit numbers, a total of 44, suggesting two sets of number that represent the same letter. Why 44? if you take away Q,V,X,Z, from the 26 letters, the remaining is 22, and 22 x 2 = 44. The frequency of certain number in the clain also suggest that the A, E, I, O, U are in its place regularly, and so are letters such as S, T, W, Y, etc.
I of course, out of the 44 numbers, excluded those numbers in the “mistake chain pattern section”, those could be easily filled in later on after the 44 number is decoded, but I am not going to as there is no money involve.
Tony
Jul 01, 2006
PS. because there are mistake in the content, the user of these codes are NOT THAT SMART after all, if the code printed here is exactly identical as the original recording.
Tony
Jul 01, 2006
Here is another one for all of you……….
The two groups of letter has a middle point at about # 50, 22 numbers less than 50, 22 number more than 50, so it point out very clearly that these are two sets of letters from A to Z. Also, the less than 50 set of number was used a whole lot more often than the second set. # 02 is almost certain an “A”, hence # 03 and 04 are almost certain to be B and C. 7 is D, 8 could be E, etc.
CodeAc
Jul 03, 2006
I think the masses have all but conceeded defeat here. I’m by no means an expert or an amature (for that matter) cryptologist. I was enjoying this thread and I learned a bunch. I just wished someone whould have broken it by now.
I’ll keep checking this thread until it goes quiet for a length of time (ie 1-2 weeks).
I wonder if anyone will be talking about this at the upcoming Hope Conferance. would be interesting to meet some experts on the subject and get their thoughts.
grass
Jul 03, 2006
Listening to the recordings (and comapring it with recordings of numbers stations) i’ve came to the simplest conclusion-i think it’s an one-time pad cipher,the character of transmission indicates that,therefore any attempts of cracking the cipher will fail,I think.But I wish I was wrong;)
Jul 03, 2006
Fourth phone numbers station: 501-588-1015 - Homeland Stupidity
Michael Hampton
Jul 03, 2006
A new phone numbers station has been posted on Craigslist this morning.
m3 (aka ipdb)
Jul 03, 2006
The feds should have figured out a few of the numbers by now. ;)
Jonathan Bheart
Jul 04, 2006
One question – why doesn’t the sender of the message just post the numbers to Craig’s List but uses an answerbox on a VOIP line to transmit the numbers by voice (thus making reception more error prone) which does IMHO not add any more obscurity / security than just posting them in the ad itself….or maybe I have no talent for being an agent…
Orion_
Jul 04, 2006
maybe to remember the good old time of those radio transmitions. I’m pretty sure that the person who diffuse those messages is nostalgic.
Robotron
Jul 04, 2006
Ok if this latest message is real, they are now playing with us..
The message is the longest yet and appears at first glance to have a similar number spread as the others. It also appears to ’sign off’ like group 617.
Been off on a bit of a detour last week looking at the text of ‘Nullen’ by Hacklander, who is the german version of charles dickens(looooooong shot). There are PDF’s of the text and each page is number at the top, (like section numbers). So i triedusing the numbers to count out words from pages 617 and 415, all different ways and guess what – germo-babble. curse my elementry deutsch. well back to the numbers then.
Brad
Jul 05, 2006
Hey Robotron,
What did the Germobabble say? I speak some German but have some well-placed contacts in the Abwehr who might be able to help us…
DasKreestof
Jul 05, 2006
Grass,
I too thought it might be an uncrackable one time pad. But the numbers don’t quite back that up. Using a one time pad, we should see a more scattered distribution of numbers from 0-127, but instead, we have two distinct clusterings.
In my opinion, if it’s a one time pad, it’s not used on the numbers, it’s used down the line, after the numbers are converted to characters using a currently unknown encryption.
Robotron
Jul 06, 2006
Lo,
you are welcome to rummage through this text(link below to pdf). i found it after searching for 415 and mein fraulien. i tried counting words and letters but didnt appear to make sense. It was as i say a very long shot, but made a change from ascii.
enjoy
http://math.sun.ac.za/~prodinger/nullen.pdf
eri
Jul 06, 2006
Wouldnt it be wild if this was encrypted using genetic data as a cypher? ACG T might explain the missing data in the middle. Just a random thought as I actually get some work done.
Bunsen
Jul 09, 2006
“Jonathan Bheart” wants to know why the numbers are not directly in the message – the reason? That’s just not very covert – the numbers (real or not) are too obviously code, and would draw too much attention. If you are a spy that’s bad, and if you are using ad-terrorism, you need to maintain the appearance that you don’t want the attention.
“Johan Louwers” stated that it is difficult to alter the form of communication if it is compromised – this isn’t true – most spy networks throughout history are known to have more than one drop or network set up in case a communique was intercepted.
“CodeAc” Sheppard Fairey theory is interesting, too (though his history is a little warped – OBEY Giant came out before the Posse wheatpastes, and Fairey didn’t do it for a class, but rather because of what he learned in the class – also, the phrase never picked up, but the “style” got picked up in the NYSub movement, which is *kinda* the same, but not really.) My best guess goes along with CodeAc – somebody is seeing how much attention they can get. I will list my reasons why I believe this code is not genuine, and why I believe this code cannot be broken at this point in either case:
1.) “Tony” thinks that there are mistakes in the coding, apparently. You might be a stupid spy and have a job in a cell, but if you are working crypto&cyphers, you don’t make mistakes – you have the education and know-how to get the job done right.
2.) There have been too many messages – the first time an account over-clocked its charges, if this were a legitimate code somebody would have bailed completely. Also, with the attention recieved we have to assume there are copycats – possibly even within this very forum. So now we have to assume that any messages other than the first are tainted/false/intentionally inaccurate cyphers.
3.) The message is in English in the classified. The address (Mein Fruelien = ~My dear, my love, my sweet) is not – this makes it seem clear to me that this is a joke/mental exercise – a spy would not actively draw attention to a message like this, but would rather do his absolute best to conceal the conveyance by making it better match other entries in the classifieds.
4.) As I said a couple of times, but must reiterate – THE MESSAGE IS COMPROMISED – it would not be broadcasting anymore. However, since it is broadcasting, we can assume that in all likelihood the originator KNOWS that the message has been comprimised. A spy would not continue to broadcast (except counter-intelligence) on a line of communication he knows to be blown.
5.) Nobody uses straight key-less encryption in the real world or the non-software world. Even in the 13th century spies were beyond such a level of tech. Keyless encryption is the stuff of Hopscotch Magazine for Girls. It’s a puzzle in the newspaper funnies. No spy organization is making codes that you can crack without reference code, a reference text, such as the bible code, or a pad or key. The reason why the government can crack codes you can’t? – they have acquired materials from government stings, arrests, intercepted communiques, and in-the-field covert operatives. The reason the government can crack codes you can’t when they don’t have keys? Two words, baby – Cray Supercomputers. You don’t have one.
In closing, scholastic cryptography is fun. But it doesn’t get anything done. This has been an interesting pursuit, but without more info, this thing isn’t getting cracked no matter what we think up. That’s just my vote. In review -
+ There’s no chance that ALL the messages we are cross-referencing are genuine.
+ There’s no chance that we can decode the messages without an appropriate key.
+ We don’t have an appropriate key.
+ By my count, we have discussed over 700 encryption methods here. I’m pretty sure we even came up with a couple nobody has ever thought of before. None of them have worked. That’s not saying a method isn’t still out there, but… ah, F@ck it – a method ISN’T still out there.
Bunsen
Jul 09, 2006
I forgot to mention a small piece of trivia –
Q: What’s the most commonly cited method by hackers for breaking codes and acquiring passwords for systems?
A: Digging through the trash for paperwork/secretary’s notes/shredded confidential documents.
Same thing.
manus
Jul 09, 2006
I also agree that this is probably some eon8-esque social experiment. Since setting up the numbers takes some time & money, it suggests that the person(s) behind this isn’t doing it purely as a recreational attention-getting exercise, but has some actual purpose — my guess is some psych student working on a thesis or research paper (unless the NSA has a Willy Wonka?).
On the other hand, to address one of the points Bunsen made — keyed codes *can* be cracked without initially having the key, IF the code is weak or designed to be crackable. Still, assuming my hypothesis is correct and the purpose of these codes is just “to see how people react to lack of information”, it’s not unlikely that they’re just nonsensical blocks of numbers that don’t decode to anything, but may in fact be crafted to have some statistical abnormalities that make them *look* crackable.
I haven’t actually tried to crack any of the “real” codes because there’s no context and no explicit motivation (I value my time over my curiosity). If they are crackable, my hypothesis is likely out the window, but I’m sure that, if I’m right, things will come to light once this person’s funding runs out or the research is complete. Publish or perish, yo.
-manus
Michael R
Jul 09, 2006
may in fact be crafted to have some statistical abnormalities that make them *look* crackable
I have to agree with this – the patterns in the messages seem to get more obvious with time (eg 021 079 021 079 in the third message), almost as if the author is trying to keep us interested… or trying to give us easier clues to how the cipher works…
Brad
Jul 09, 2006
Bunsen is correct.
Represent, B-dog.
Jul 12, 2006
SecondAgenda : For Mein Fraulein
csis&dsist
Jul 15, 2006
Mentioned in passing on the crptyo thread was that when configured in a 3-digit format the groups all start with 0 except 3. So if the 3-digit number combinations are transposed and written vertically instead of horizontally, the 0’s could be viewed as nulls included for encoding purposes. 1/0/0 9/7/0 etc or 0/0/1 0/7/9 etc.
The nulls would be irrelevant and added only to further encode the message for the 5-digit format of transmission. After removing the nulls we would have to figure out the resultant cypher box. The three exceptions could be the line starters or enders or something of the like.
Zip
Aug 13, 2006
Message 4 – (501) 588-1015
For Mein Fraulein
Mein Fraulein,
Do not become disillusioned; you are more popular than you imagine. Call me.
501 //// 588 //// 1015
Group 205
00107 90200 79001 00900 90800
03027 01406 90790 03083 01102
40220 12085 00106 50170 25006
01907 90210 67082 08600 30270
15000 02408 30670 10010 02900
60770 08004 00902 30160 00078
06506 50290 04078 01302 90190
24014 00000 00240 95010 08208
70880 31000 02207 90130 01020
06601 80040 03006 07602 00000
07014 08402 60170 81
read about the experiment here
http://www.projectevil.org/?p=2
Michael Hampton
Aug 13, 2006
Zip, you obviously missed the posting about this.
malatesta
Aug 14, 2006
funny – it is now 35 years ago, and her voice seems not to change. actually, i did receive such number-blocks about 35 years ago on my radio. back then, they were sent by the stasi from gdr. so i don’t think that you should dig too deep into digital solutions of the modern time. since years, it is common to use this kind of encryption, and without having the key, it is pretty hard to decypher it.
more than 150 stations worldwide are normally distributing such messages. during cold war, it was more, just before desert storm, it was more, too.
here you find many examples of such broadcasts:
http://www.mypage.bluewin.ch/radiomann/audio/audio.htm
and here you find a site from one of the leading experts:
http://www.simonmason.karoo.net/page30.html
CryptoCat
Oct 07, 2006
More Mein Fraulein Mayhem?
I recently saw this ad in the Baltimore Craigslist, Who can crack this code? What is this all about anyway?
baltimore craigslist > missed connections > Mein(e) Fraulein
http://baltimore.craigslist.org/mis/217192532.html
Mein(e) Fraulein
besucht mir jetzt http meinfraulein.blogspot.com
thank you for our wonderful voip conversations this summer but now my phone is broken
QHYSI KMKUH GMLOG KBXKO FWHUK
FESGR LAMYG GYXCO JXJUF XNXAF
WFIYG SZIYH ZTXCW DEFKS EUIJR
WWMTX HXKYT GKQTC OHRNH LIACK
VTXKB KVLAH RSITH JNQJS KXPHG
LWEZS FLGNI LSMTH WKRKH KMIMO
FHKXO HAMKX HAWNH E
Liebe,
Klaus
this is in or around Not Specifically Attributable
Frank
Aug 19, 2007
Re: Comment 94 by Brad. I happened to ‘Google’ myself and came upon this page. I’m the Frank Cefali, Member of the Adult CCG to whom you refer…..one of many Frank Cefali’s I see when I ‘Googled’. I’m not related to the other Frank Cefali’s but the CCG I was a member of was when I was doing HIV clinical trials. The ‘CCG’ stands for ‘Community Constituency Group’ which helped link affected communities to HIV Treatment and Trials. I was the nursing representive of the trials to the community group. A worthwhile and rewarding time of my career. Has nothing to do with codes, cryptanalysis etc. So sorry, but no coincidence other than name. The only ‘codes’ I deal with are Medical Codes….just like on ‘ER’. FC (
hunter
Oct 24, 2007
Mein Fraulein – is a rare occurrence on an English speaking site. Given it’s use in cinema (Indiana Jones, Bond, etc), it is reasonable to assume that even a non German speaker would know of this phrase. Combined with its rarity, could it not be that ‘Mein Fraulein’is merely the phrase that is searched for by the handler? I’m picturing the intelligence liaison typing ‘Mein Fraulein’ in the search parameter for each city… I did it myself today with zero results in 10 cities. Pretty easy way to find a specific message, no?
In case people are trying to locate new coded messages, bear in mind that ‘Craigslist’ and ‘Mein Fraulein’ might be two keys that change on a daily/weekly/monthly basis.
m1t0s1s
Feb 13, 2008
Perhaps a distributedmeinfraulein.net is in order like the rc4 and ogr crackers