FBI Issues Code Cracking Challenge

coondoggie writes to tell us that the FBI has issued another cracking challenge for a new cipher on their site. Tens of thousands responded to a similar challenge last year. In addition to the challenge, the FBI is also offering a few primers on the subject. There are a number of sites offering cipher challenges, but it's funny to see the FBI encouraging such behavior.

First Post

[Hadlock]

Love the article:
 
 

coondoggie writes to tell us that the FBI has issued another cracking challenge for a new cipher on their site. Tens of thousands responded to a similar challenge last year. In addition to the challenge the FBI is also offering a few primers on the subject. There are a number of sites offering cipher challenges, just funny to see the FBI encouraging...NO CARRIER

Hillarious.

Re:

[Ethanol-fueled]

Maybe their service was just disconnected because they didn't pay their phone bill [fastsilicon.com].

Re:

[morgan_greywolf]

We're the phone company. We don't have to care.

Re:First Post

[HTH NE1]

Hillarious.

RING
RING
CONNECT 1200
|x{
NO CARRIER

Re:

[anomnomnomymous]

To be honest, I find it quite mountainarious.

Re:

[ILuvRamen]

it's actually a clue. You have to decrypt the rest of the summary using the first letters of every prime numbered word.

Re:

[Hadlock]

For those of you following along at home the original article ended at "encouraging". So my post hopefully now makes sense. Looks like they fixed it finally. Happy new year.

Re:

[bistromath007]

Doing it by saying "Candlejack" last is chea

Oh, the fun and prizes!

[Anonymous Coward]

The winner receives an all expense 1 way trip to the tropical island of Cuba!

Re:Oh, the fun and prizes!

[morgan_greywolf]

"You'll love our fun-filled resort on beautiful Guantanamo Bay!"

Meh. The resort is okay, but I hear the service is torture!

Re:

[Anonymous Coward]

"You'll love our fun-filled resort on beautiful Guantanamo Bay!"

Meh. The resort is okay, but I hear the service is torture!

I heard the place is full of violent, religious fanatics who hate America.

I'd rather vacation somewhere like Europe where they're not violent, religious fanatics.

Re:

[Koiu Lpoi]

This is how I feel about that. [instantrimshot.com]

Re:

[Rival]

Really? I was told that the magic words are Squeamish Ossifrage. [wikipedia.org]

This will really piss of the Chinese

[Alain Williams]

or whichever foreign government owns the code that the FBI has just recruited the bright kids on the Internet to crack :-)

Re:

[Sockatume]

It'll really piss off the NSA (or other TLA) if it turns out that the computer science discoveries made by the competitors transfer to encryption systems they use.

Re:This will really piss of the Chinese

[drspliff]

RTFA... it's an extremely simple substitution cipher, if the FBI had to outsource this I'd be extremely worried about their technical competancy.

In the age of public/private key encryption, while there's a NSA hashing algorithm competition running with many well respected scientists competing, the FBI's "lab" comes out with this crap?

Re:

[Anml4ixoye]

Basically what I was thinking as well. I did it while I was on a conference call, and was disappointed to see that this was all there was to it. I figured at the very least that it was just a first-level and the real puzzle would be on the site. Oh well.

Re:

[coolsnowmen]

don't lie, you just ignored the robots.txt file and crawled the whole site didn't you?

Harry you?

[BadAnalogyGuy]

Houdini was always searching for better, more clever ways to perform escape acts and illusions. After he would debut a new trick, others would immediately try to emulate the trick. The trick was on them, though, because Houdini would frequently expose their methods (because it was originally his) and prove himself to be the true master magician.

No difference here. Just the FBI gauging the abilities of the community.

Re:Harry you?

[Architect_sasyr]

Or maybe looking for recruits? I'd imagine that if you're an American then working for some agency which will go un-named you would be earning a stack of money, and if you're a foreign national then they're going to set you up with a visa and a passport and some covert operation to fly your geeky self into the United States. Thus maintaining the "best of the best" cryptographic team, or at least trying to.

Hate to see what happens to the guy who finds the flaw and then says "Sorry, I want to work for [the Chinese]"...

Re:

[failedlogic]

It wouldn't be a far stretch of the imagination that the FBI would highly consider those that have applied to Intelligence organizations but didn't make it. Doesn't mean they are less talented at their jobs. There's all kinds of reasons to choose the FBI over some of the others - there's always +/- trade-offs.

Re:

[Zero__Kelvin]

ROTFLMAO. failedlogic used "FBI" and "Intelligence organization" in the same sentence!

1. The "I" in FBI stands for Investigation
2. One can hardly equate the "challenge" - ridiculous, simple, and breakable by any reasonably educated 12 year old - to be a sign of intelligence

Re:

[puto]

I have an old great uncle in South Carolina, mid 80s. For years he has had me assemble or point him in the direction when he buys himself new computers or gadgets.

And he is amazingly adept with them.

Turns out my quiet old uncle was a brilliant cryptologist in the OSS.

He told me they retired him quietly in his 30's with a big fat pensions, and he has been doing nothing and growing peaches ever since. And when he says it his eyes twinkle.

Re:

[nelsonal]

they put a three letter address and three letter tld in the coded message with yyy at the beginning, I don't think they're looking for super sleuths to crack this code. I was surprised they didn't just rot (x) the original.

Re:

[JWSmythe]

Years ago, I caught my girlfriend's daughter passing ciphered messages between her and friends. I wasn't trying to punish her, but I wanted to educate her. I explained how they're easily crackable. She wasn't even using letters. They were all symbols of all different kinds. Some were similar to runes. Others simple shapes and variations. It was good for a kid. :)

I told her what she was doing right, and what she was doing wrong. She said I couldn't crack her message. I a

Re:

[pcolaman]

The answer is 42. Where do I claim my prize?

Link to the 2008 challenge

[root777]

The links in the article point to FBI challenges in 2007 and the kids challenge but do not point to the 2008 challenge.

Here is the FBI Cryptanalysis challenge 2008 http://www.fbi.gov/page2/dec08/code_122908.html [fbi.gov]

Other helpful links for reference
2007 challenge: http://www.fbi.gov/page2/nov07/code112107.html [fbi.gov]
Kids challenge: http://www.fbi.gov/kids/k5th/jobs9.htm [fbi.gov]

Re:Link to the 2008 challenge

[Chris Daniel]

Also, here's the code (transcribed a damn Flash file; wtf you guys):

VFWTDLCSWV. YD NSLMIJFWEJFD GSW SL NIJNQBLM FOBV EJFDVF DLNIGTFBSL. KBVBF YYY.AHB.MSK/NSCDC.OFZ FS EDF WV QLSY SA GSWI VWNNDVV.

Lameness filter ... it was presented in caps on the original, so it is presented as such here!

Re:Link to the 2008 challenge

[enFi]

Presuming that the text is all the information we need - maybe the got creative and did steganography, or a message hidden in the flash source.

I agree with the characters; if newlines are relevant:

VFWTDLCSWV. YD
NSLMIJFWEJFD GSW SL
NIJNQBLM FOBV EJFDVF
DLNIGTFBSL. KBVBF
YYY.AHB.MSK/NSCDC.OFZ
FS EDF WV QLSY SA
GSWI VWNNDVV.

Re:Link to the 2008 challenge

[laddiebuck]

It remains fairly trivial after your substitutions. vivit -> visit, then the last line but one is "to let us know of". After those chars, the whole thing falls into place. The final translation table is tr '[abcdefghijklmnoqstvwyz]' '[fideltybravngchkopsuwm]'. You're supposed to visit this trite URL [fbi.gov], which congratulates you. Maybe they really did mix it up with the kids' challenge.

Re:

[wxwz]

tr '[abcdefghijklmnoqstvwyz]' '[fideltybravngchkopsuwm]'

Interestingly there appears to be a hidden message within the key itself, the start obviously encodes: fidelIty bravERy InTEgRITY, but not sure what the rest works out to (chkopsuwm).

I noticed there was a similar pattern in the 2007 challenge, with the key (fedralbuoinvstgchrkmpvwxyz) starting off with letters encoding 'federal buro of investigation'.

Re:

[laddiebuck]

Well, chkopsuwm is in alphabetical order, as is chrkmpvwxyz. I suggest they simply had finished encoding what they wanted to do and just took letters as they came after that.

Re:

[penguinbrat]

chkopsuwm ?= "checking opposite of universal weapons of mass destruction"

"Fidelity Bravery Intergrity checking opposite of universal weapons of mass destruction"???

I have no clue...

Re:

[fracai]

So they took moved the letters of FIDELITY, BRAVERY, and INTEGRITY to the front of the alphabet for the substitution and then left the rest as is. There's an example on their analysis [fbi.gov] page that does this with SECRETLY as the seed.

I figured it out by the obvious replacements and then continued on as more became apparent. I wonder if anyone went about trying different sub keys? Given the amount of text and the obviousness of it, attacking the cipher text seemed the most sensible route.

Re:

[Gulthek]

And four letters are missing in the encryption. Perhaps something is hidden there as well.

A f
B i
C d
D e
E l
F t
G y
H b
I r
J a
K v
L n
M g
N c
O h
P None
Q k
R None
S o
T p
U None
V s
W u
X None
Y w
Z m

Padding line length for comment filter.

Re:

[Hillgiant]

Sad that "integrity" received the fewest letters. Saying something about our priorities?

Re:

[Tubal-Cain]

Maybe it's cryptography's equivalent of a Polyglot [wikipedia.org]?

Result

[Anonymous Coward]

It's a pretty simple substitution cipher, and the obvious web address in the code makes it even simpler. A simple bit of guess work and you get the result:
"stupendous. we congratulate you on cracking this latest encryption. visit www.fbi.gov/coded.htm to let us know of your success"

The lookup table for the substitution is:
A : f; C : d; B : i; E : l; D : e; G : y; F : t; I : r; H : b; K : v; J : a; M : g; L : n; O : h; N : c; Q : k; S : o; T : p; W : u; V : s; Y : w; Z : m;

Re:

[Bromskloss]

stupendous

I will not tolerate them calling me names!

Re:

[vikstar]

When I went to www.fbi.com/coded.htm my computer froze for a couple of seconds as my harddrive was working more than usual... hmmmm...

Re:Link to the 2008 challenge

[93 Escort Wagon]

Also, here's the code (transcribed a damn Flash file; wtf you guys):

VFWTDLCSWV. YD NSLMIJFWEJFD GSW SL
NIJNQBLM FOBV EJFDVF DLNIGTFBSL. KBVBF
YYY.AHB.MSK/NSCDC.OFZ FS EDF WV QLSY SA
GSWI VWNNDVV.

Lameness filter ... it was presented in caps on the original, so it is presented as such here!

Easy - "Be sure to drink your Ovaltine!"

Re:

[gfody]

It seems they're trying to better their odds this year by only allowing the code to be seen by visitors using IE

Re:

[Raynor]

Firefox loaded it for me.

Re:

[mls]

View source, copy and paste. Isn't that part of the challenge ;)

Re:

[Hillgiant]

the chair is against the wall

Fidelity, Bravery (n/t)

[Cryptosporidium]

Hm. Hidden message.

FBI's "Add yourself to suspect database contest

[Jason Quinn]

Dear citizens: Please inform us if you have the talents necessary to be suspects in criminal cyber-cracking cases. That is all. Love, The FBI

Re:

[Almahtar]

The cypher was too simple to be that indicative of talent. They're obviously just testing how many people have very basic knowledge of this stuff.

This is like the Last Starfighter

[synthesizerpatel]

Except for video games and aliens, it'll be a bunch of crypto guys battling it out with Matlab.

Everyone is a Winner

[retech]

It's interesting to note that all of the participants in the challenge last year got an all expenses paid vacation to an undisclosed location. I guess it was a really cool vacation since none of them returned home.

A similar challenge for linux web servers...

[lamapper]

Reminds me of a security company that issued a hacking / cracking challenge somewhere between 3 and 8 years back, no way could I find this article...perhaps one of your ./ will provide a link...

The company offered over $10,000.00 for not only hacking and cracking their server, but showing the company how they did it.

If memory serves (and it sometimes does not) they paid out the first and second years of the challenge, but in year three no one successfully broke into their web server environment.

I believed they kept eliminating modules that had holes and were not needing and closing holes in modules that were needed.

Based on what I read, they were able to 100% successfully secure their web servers from attacks only because they were using Linux as the OS.

I remembered comparing their results with others attempts with other operating systems and really wanting to learn Linux.

Now that I am using Unix and Linux and have a better understanding of what they were doing I can see the simple genius in such challenges.

Whether just for security or for scouting talent, whatever their reasons, its money well spent when they offer cash prizes to the few that are successful!

Re:

[krray]

It was Bulldog (Firewall or Linux) if I remember correctly.
I can't find reference to their history / challenges.
The only link I can barely find is (which may not be the one I'm thinking of): http://tanaya.net/BullDog/index.shtml [tanaya.net]

Ummm, was this supposed to be difficult?

[bennomatic]

It was not, shall we say, stupendously hard. A little common sense and some patience was all it took. I expected that I'd be looking at something a little tougher than I used as clues in the scavenger hunt at my 10th birthday party.

Re:

[Psychotria]

I got the first six words without writing anything down. Maybe they got it mixed up with the kids challenge.

Re:

[bennomatic]

I just started with what was obviously a URL, made a few guesses about that and everything else fell into place in about 2 minutes.

Re:

[Psychotria]

I think I may apply for a job.

Re:

[bennomatic]

Yeah, so might my dog.

Re:Dog!

[TaoPhoenix]

So who's smarter? Dogbert or Brian

Re:

[bennomatic]

Right. Like, duh.

FBI as code crackers?

[girlintraining]

Oh, come on. This is from an organization that cut funding for terrorism just before 9/11 to add resources to software piracy. Do you really think if they had the brains do do cryptanalysis they'd...

oh wait.

I suppose they are looking for brains, huh.

Re:

[Amazing Quantum Man]

Oh, come on. This is from an organization that cut funding for terrorism just before 9/11 to add resources to software piracy.

But if the Evil Content Pirates(tm) steal music, the The Terrorists Have Won(tm).

Re:

[ricebowl]

I suppose they are looking for brains, huh.

You're saying the FBI are zombies..?

Re:

[nelsonal]

There was a story in puzzle palace about a code that some mobsters were using that had stumped the FBI, they took it over to the NSA as a friendly challenge (the NSA folk weren't supposed to work on domestic stuff). The NSA cryptanalysts cracked it over a single lunch break.

FBI uses open source software

[root777]

Interesting that FBI uses plone as their CMS and not Wordpress and they have IE compatibility CSS code like the rest of the planet.
Clue: Is there a reason why they have the crypto code displayed as a flash file and not a simple png or jpeg file?

I cracked it...

[Anonymous Coward]

"Be sure to drink your ovaltine"

What the hell does that mean?

Re:

[mcrbids]

Ovaltine is a chocolate milk drink that's vitamin fortified. It's marketed as being rich, chocolaty, and healthy to boot.

Google "I'm feeling lucky" for "Ovaltine" results in this link at Wikipedia [wikipedia.org]...

Re:

[sgtrock]

Whooshh... [imdb.com] :)

Re:

[Bromskloss]

"Be sure to drink your ovaltine"

That must be the solution to the elliptic curve cipher.

Re:

[sgtrock]

Whooshh... [imdb.com] :)

I win

[binaryseraph]

I have decrypted. Answer is: U R under Arrest.

damn!

And the winners get...

[peacefinder]

And the winners get all expenses incurred DMCA prosecutions!

Easy.

[Dice]

There were some dead give-away cribs.

Spoiler below...

sed -e s/H/b/g -e s/D/e/g -e s/A/f/g -e s/M/g/g -e s/B/i/g -e s/S/o/g -e s/K/v/g -e s/Y/w/g -e s/V/s/g -e s/F/t/g -e s/W/u/g -e s/T/p/g -e s/L/n/g -e s/C/d/g -e s/G/y/g -e s/N/c/g -e s/I/r/g -e s/J/a/g -e s/E/l/g -e s/Q/k/g -e s/O/h/g -e s/Z/m/g fbi.txt

Re:Easy.

[laddiebuck]

As one UNIX lover to another...

tr '[abcdefghijklmnoqstvwyz]' '[fideltybravngchkopsuwm]'

Happy man reading!

Re:

[Dice]

I actually started working on it with tr but then decided that I didn't want to bother with counting character placements to be sure I got it right. With sed I could just tack on extra '-e's as I deduced substitutions.

Re:

[Gulthek]

Why not just pipe to tr and add on characters in lowercase as you find them?

$ echo "BLAH" | tr '[BLH]' '[trp]'
trAp
$ echo "BLAH" | tr '[BLAH]' '[trip]'
trip

Extremely Lame

[INeededALogin]

Why embed the text in a flash object? code [fbi.gov]... I would of given this a shot if I could of relied on some normalized text, but no... that would make sense. Sense and gov't obviously don't belong in the same room. Yea... I am a little disappointed.

what it should be

[overcaffein8d]

what it should be:

coondoggie writes to tell us that the FBI has issued another cracking challenge for a new cipher on their site. Tens of thousands responded to a similar challenge last year. In addition to the challenge the FBI is also offering a few primers on the subject. There are a number of sites offering cipher challenges, just funny to see the FBI encouraging 4J58I4JTK5NRO4844/4534852WDVJRIN67/368RB8XC0GJFNFXVXCVJVXV8R/GE8F/RETWQ8ER8WRHQ98CVUXHE8V09E8Q/WRWE8Q7T-E8THQEW/CHICKEN438R8SDFUEFNX7/4UDFJD7F

Cryptogram tool

[Jade E. 2]

There are automated ones out there that solve this in under a second, but if you want to figure it out yourself try this page:

http://www.esg.montana.edu/meg/consbio/cryptogram/crypto.html [montana.edu]

Here's the puzzle text to copy:

VFWTDLCSWV. YD NSLMIJFWEJFD GSW SL NIJNQBLM FOBV EJFDVF DLNIGTFBSL.
KBVBF YYY.AHB.MSK/NSCDC.OFZ FS EDF WV QLSY SA GSWI VWNNDVV.

Re:

[dexmachina]

yyy.ahb.msk/nscdc.ofz Holy crib Batman.

No congradulate

[BountyX]

What ever you do, DO NOT let the FBI congradulate you on your success.

Was Fairly Easy...

[mmalove]

Took me longer to find a pencil than to crack the damn code. Now on to much more interesting things, like watching my three year old arrange the perfect train crash under a footstool.

Oh hi there

[deblau]

V'q yvxr gb gnxr guvf bccbeghavgl gb fnl "Uryyb!" gb nyy zl snaf va qbzrfgvp fheirvyynapr.

Use You to Teach Them How To Crack Your Computer

[HermMunster]

Heh, can't figure this one out on your own?

You don't help them violate your privacy.

I just violated the DMCA and it only took me 10min

[Fry-kun]

...I've gotten rusty over the years, shaddup!

I was hoping for more of a challenge, sheesh.
Then again, it was a somewhat enjoyable coffee break distraction.

ITSATRAP!

[Arancaytar]

it's funny to see the FBI encouraging such behavior

Yes, rather strange...

Re:

[ZeroExistenZ]

it's funny to see the FBI encouraging such behavior

It reminds me to the series of letters of George Mercies, about "Invisible Contracts [constitution.org]".

[For example, in the U.S.S.R., the KGB is known to have secretly "created" (sponsored is more like it) -- various protester groups for the sole purpose of throwing out some attractive philosophy designed to attract a certain type of individual, and then having "extracted" those individuals from society, and having thus identified them -- then shutting down the organization

good grief

[denaje]

I hope they don't guard any sensitive data with encryption that easy

Answer

[ottffs]

I've solved it and posted the answer for y'all. Check it out here: http://c0nn0r.info/blog/2008/12/29/i-pwned-the-fbi-cyphertext-challenge-in-about-45-minutes-using-a-pen-and-paper/ [c0nn0r.info]

If you figure out the solition

[Punto]

call your mom on the phone and tell it to her. You'll hear from the FBI 15 minutes later if you found the correct answer.

The old saying...

[kylegordon]

"it's funny to see the FBI encouraging such behavior"

Probably best categorized under "know your enemy"...

The greeks would be proud.

[scan-alias]

The FBi issues a code to be cracked with the simplicity of a 3 on a scale of 1 to 100 in terms of advanced technologies used in current cryptography. HAha - / they aren't looking for the 99% of society that can figure out the simple sub ciPher. Food for thought: With present technology in cryptography pushing the upper maxim of what we as a species are capable of understanding (in terms of entropy of data with a key) - lets just say someone went another direction. Intelligent "believable" misinformation i

Hidden Wolf.....

[IHC Navistar]

"coondoggie writes to tell us that the FBI has issued another cracking challenge for a new cipher on their site. Tens of thousands responded to a similar challenge last year. In addition to the challenge, the FBI is also offering a few primers on the subject. There are a number of sites offering cipher challenges, but it's funny to see the FBI encouraging such behavior."

-.....so they can know who to declare a threat to national security and round up. What's next? Lawrence Livermore and Sandia having a conte

obligatory sarcastic paranoia joke

[EdelFactor19]

its simple really, and kills several birds with one stone. They are concerned with the 'hackers' who keep cracking this stuff, MAFIAA is annoyed that people keep cracking their often laughable security / encyption (who remembers the magic marker solution). Mafiaa pays them to host the challenge, and 'protects' some material with the very thing being 'cracked' in the challenge.

Then clearly they round up all the winners, let the DMCA circumvention suits fly, and add them to watch lists all at the same time.

Re:Fill in the blank

[morgan_greywolf]

Well, actually, I think it's supposed to be

Re:link to challenge

[Anonymous Coward]

Wow. Cryptograms in the newspaper are harder than that.

stupendous. we
congratulate you on
cracking this latest
encryption. visit
www.fbi.gov/coded.htm
to let us know of
your success.

Re:

[Raynor]

Was the the only person who started this by guessing YYY.AHB.MSK was www.fbi.gov? Seems like including a fully formatted URL is a bad idea...

Re:

[iammani]

I did not know NSA had the monopoly in organizing code cracking contests in the US. May be they should sue the FBI asking for compensation. A cease and desist letter should be even more fun.

Re:

[Xelios]

No kidding. They could have at least thrown in some UFO pictures from Area 51 or something!

Re:

[stfvon007]

THIS THE HULK

Hi Hulk, I didn't know you were online!

Re:

[Killjoy_NL]

HULK ONLINE TIL HULK SMASH MODEM!

lameness filter workaround.lameness filter workaround.lameness filter workaround.