Original image

Exploring the Darkest Corridors of the Internet

Original image

By Jed Lipinski

When an unsuspecting researcher followed a mysterious command on a 4chan board, he found himself drawn into a scavenger hunt that led him down the darkest corridors of the internet and stretched across the globe. But in a place where no one shows his face and no one plays by the rules, how do you tell where the game ends and reality begins?

It was 10 p.m. on a Friday night in January, and Jeff Kinkle was procrastinating.

The 32-year-old cultural studies PhD was alone in his Brooklyn studio, working on a paper about institutional secrecy and the national security apparatus. His workspace offered an unobstructed view of the glittering Manhattan skyline, but the young academic, who makes his living as a writer and translator, wasn’t feeling inspired. His desk shook every time the trains rattled across the Williamsburg Bridge. The bars downstairs hummed with nightlife.

Distracted, Kinkle was scanning /b/, the infamous image-sharing board on the website 4chan. There, a curious message snagged his attention.

Kinkle had read that the National Security Agency, a U.S. government organization that engages in defensive and offensive cyber operations, was actively using 4chan to scout for hackers. Amid the thread of obscene comments that pass for conversation on /b/, some commenters were suggesting that the strange message might be an NSA recruiting exercise. His curiosity piqued, Kinkle followed the conversation as it moved to a math and science message board.

The cyberspace that most of us know and use daily is a place for connecting with friends, paying bills, and sharing funny cat pictures. But Kinkle, like others who delve into the Internet and the cultures that take shape there, knows that the Web is an iceberg: the part that shows being the smallest, least menacing piece. What lies beneath is vaster, darker, and harder to understand—a shadowy world where data and hackers and criminals hide. Some call it the “deep Web,” and Kinkle was about to tumble down a virtual rabbit hole straight into it.

Kinkle stared at the message, trying to suss out its meaning. When one commenter suggested opening the image in the simple-text editor WordPad, he couldn’t help himself. At the bottom of the text, he found the following message: TIBERIVS CLAVDIVS CAESAR says “lxxt>33m2mqkyv2gsq3q=w]O2ntk.”

And that was a code he thought he could crack.

"The id of the Web"

At first glance, 4chan looks like nothing more than a frenetic, image-based bulletin board. There is no search function and no tagging of posts. But the site’s simplicity is deceiving. Trafficked mostly by 18- to 24-year-old men, 4chan attracts more than 22 million page views per month and more than 1 million unique visitors every day—almost as much as The New York Times website. But the numbers don’t accurately reflect 4chan’s importance; what happens on the site often reverberates across the Internet.

4chan was founded in 2003 by a 15-year-old named Christopher Poole, a New Yorker known online by the handle “moot.” Poole modeled the site on a fast-paced Japanese Web forum centered on anime and porn called 2chan. “The URL for 3chan was taken at the time,” Poole told The New York Times in 2010, “so I just jumped to the next number.”

Today, 4chan’s 58 boards cover a whimsical array of topics, from the practical (do-it-yourself) to the creative (photography, music) to the shocking and pornographic (“sexy beautiful women”). Accordingly, subject threads range from the mundane to the disturbing—everything from bike-shorts recommendations to found footage of people getting hit by cars or gruesome photos of body parts found in the wreckage of the September 11 attacks. The site functions like the Wild West of cyberspace. 4chan also has no formal archive, meaning that most of its million-plus posts per day are ephemeral—they either expire or get deleted within a matter of hours. This fast-flowing river of posts is enhanced by the users’ anonymity. Because the site does not require registration, 4chan especially appeals to those who reject the increasing proof-of-identity demands and personal information requests on social networking sites such as Facebook and Google+.

The /b/ board—sometimes called the “id of the Web”—takes particular advantage of this anonymity. On /b/, offensive remarks are encouraged, both to repel outsiders and to maintain the board’s underground appeal. Longtime users, for instance, are referred to as “oldfags”; newcomers as “newfags”; and British people in general as “Britfags.” The board's Fight Club-­style rules emphasize the insular yet anonymous culture they seek to preserve: "1. You do not talk about /b/. 2. You DO NOT talk about /b/. 3. We are Anonymous. 34. If it exists, there is porn about it. No exceptions."

The site’s anything-goes mentality often leads users to overstep the bounds of propriety—and sometimes legality. In September 2008, a college student named David Kernell, the son of a Democratic state representative from Tennessee, obtained access to Sarah Palin’s personal Yahoo! account. He posted the password on the /b/ board, along with a number of screenshots of the then-governor’s email messages, which quickly went viral. (The FBI managed to track down Kernell’s IP address and IP cache records from a proxy site, and he was convicted on charges soon after.)

But 4chan also fosters a strange and uninhibited kind of creativity. While the posts are fleeting, users tend to re-post the images they find the most affecting—whether they’re funny, political, or unsettling. And that can spiral into zeitgeisty memes and all sorts of Internet phenomena. LOLcats, the ubiquitous meme featuring pictures of cats with kitten-speak captions, such as “U Seez What I’z Put Up With,” originated on 4chan. So did Rickrolling, a bait-and-switch meme in which a user clicks a hyperlink only to be redirected to a YouTube video of pop star Rick Astley singing his 1987 hit “Never Gonna Give You Up.” (The video has received more than 65 million hits to date.) More significantly, 4chan helped spawn Anonymous, the amorphous global network of hacktivists, trolls, and Web savants that has waged attacks on major corporate and government websites since sometime around 2004, pursuing an unusual breed of cyber vigilantism.

Still, as Kinkle well knew, so much of the material in the 4chan stream is either inane or meant as a prank that he questioned how to handle the message. As he monitored the 40 or so commenters discussing the image, he realized that many of them were taking it seriously. He decided to play along. “The idea that this was a recruitment exercise was definitely seductive,” he recalled. “I mean, I don’t have any esoteric knowledge the NSA would actually want. But the thought of engaging with people who are on the cutting edge of this stuff—that was exciting.”

Following the Breadcrumbs

Kinkle recognized the garbled text—TIBERIVS CLAVDIVS CAESAR says “lxxt>33m2mqkyv2gsq3q=w]O2ntk”—as a Caesar cipher, a simple encryption technique in which each letter is replaced by another letter a fixed number of places away in the alphabet. Since Tiberius Claudius was the fourth Roman Emperor, Kinkle tried shifting the text back four letters. It worked: The text revealed a URL. But when Kinkle pointed his browser to the site, the page showed an image of a plastic duck and the words: “WOOPS just decoys this way. Looks like you can’t guess how to get the message out.”

The phrasing struck Kinkle and the other commenters as odd. Before long, someone realized that the words guess and out might have something to do with the decryption software OutGuess. Running the image through OutGuess, it turned out, extracted a link to a subreddit—one of the many boards within the social news website reddit. When Kinkle clicked the link, suddenly the page bore a new mystery: a row of Mayan numerals, several lines of garbled letters, and two images labeled welcome and problems?

It was then that someone posted a link to an anonymous room on the chat website, where users adopted screen names and the conversation continued without the threat of 4chan’s disappearing archive. “That’s when I started to feel a bit creepy,” Kinkle recalls. Here he was, at 11 on a Friday night, obsessing over a riddle inside a chat room with dozens of strangers. Before this night, Kinkle had interacted with a total of three people on 4chan, a site he characterized as a “flow of smut and jokes and weird stuff that vanishes.” He saw the site as a playground for trolls, the kind of people who post deliberately distracting or provocative messages in the hope of starting an argument. “But most trolls don’t put nearly this amount of energy into what they’re doing,” Kinkle says.

He decided to walk back to his apartment. When he arrived, his roommates were heading out to a bar and invited him along, but Kinkle mumbled an excuse and retreated to his bedroom instead. There, he got to work unraveling a series of cyber clues involving book codes, King Arthur, and the quest for the Holy Grail. Scribbling madly on index cards, he finally uncovered a message: “call us on us tele phone number two one four three….”

“I’m getting a phone number!” he blurted into the chat room. The more advanced commenters doubted it; the less advanced insulted him. Kinkle believed he was onto something, but no one believed him. Then he received a private message—“You’re way ahead of the others”—and an invitation to a smaller, private chat room within the same network. Once inside, he dialed the number using Google Voice. A recording welcomed him: “Very good. You have done well. There are three prime numbers associated with the original final .jpg image. 3301 is one of them. You will have to find the other two. Multiply all three of these numbers together and add a .com on the end to find the next step. Good luck. Good-bye.”

The pixel dimensions of the first image, Kinkle realized, were 509 and 503, both primes. He multiplied the numbers and got a URL. An image of a cicada appeared onscreen, above a countdown set to expire in three days. Opening the cicada in OutGuess unveiled yet another message: “You have done well to come this far. Patience is a virtue. Check back at 17:00 on Monday, 9 January 2012. UTC.”

Kinkle slumped in his chair. It was 2 a.m. He had reached the next level of the game—but what had begun as an online lark was about to breach the walls of the Web and enter real life.

Getting to Know Anonymous

The subversive digital network known as Anonymous found its footing in virtual mischief, but the way the group has wielded influence and power in real life (IRL, in Internet-speak) has made agencies like the NSA pay close attention.

Anons, as members call themselves, emerged from the juvenilia and nihilism of 4chan’s /b/ board around 2004. Over time, the group has become known less for Rickrolling and pranking radio DJs than for real-life attacks against institutions that try to suppress information online. In the winter of 2008, when the Church of Scientology tried to make the gossip site Gawker remove a leaked video of Tom Cruise delivering a diatribe, Anonymous got its first taste of mainstream attention. Vowing to “destroy” Scientology, thousands of Anonymous supporters protested outside Scientology centers and churches around the world, wearing Guy Fawkes masks and holding signs like “don’t worry, we’re from the internet.” The group continued its war online, releasing viral videos decrying Scientology practices and crashing Scientology websites.

The following year, in keeping with the collective’s love of cats, Anonymous supporters hunted down the creator of a YouTube video in which a domestic cat named Dusty is shown being slammed against a wall. Based on the creator’s other YouTube videos, posted under glennspam1, members of 4chan’s /b/ board were able to locate and identify him as Kenny Glenn, a 14-year-old from Lawton, Okla. Shortly after the teen was outed, local police stepped in. Meanwhile, hundreds of cat photos flooded 4chan, with captions like “ill see you in jail kenny glenn.”

In the years since, Anonymous has grown more political. In December 2010, core Anons recruited thousands of volunteers to orchestrate what’s called a distributed denial of service—flooding a website with traffic until it crashes or slows considerably. The group targeted the sites of MasterCard, Visa, and PayPal, all of which had effectively prohibited financial contributions to WikiLeaks. Anonymous (and in some cases, its splinter groups) also made trouble for Interpol, the CIA, German neo-Nazi groups, child-pornography servers, the Tunisian government, News Corporation, and others. It even bugged a conference call between the FBI and Scotland Yard about a global cyber crime investigation. The 16-minute call was later posted on YouTube under the headline hacked for the lulz—“lulz” being Web slang for laughs. The nihilism of 4chan, after all, is part of its DNA.

Considering its contradictory impulses, observers of Anonymous have struggled to define the group as either political or criminal in nature. Parmy Olson, Forbes’s London bureau chief and author of the book We Are Anonymous, says the group’s supporters are “unpredictable.” “They could be trying to take down the website of a repressive African government one minute and harassing someone on Facebook for fun the next,” she says. And while some self-identify as hacktivists, using the resources and reputation of Anonymous for social-political causes, others remain true to the anarchic culture of /b/. “What matters more,” Olson says, “is that Anonymous has provided a process for anyone to pool together to cause some sort of stir online. The more creative the better.” That sort of 4chan-inspired mentality is responsible for attacks on Mexican drug lords and British government websites, but it’s also the same incubator—or at least, the same type of thinking—that inspired the cicada mystery in which Kinkle found himself steeped.

Locating the Cicada

At 4:59 p.m. on Monday, Kinkle and his Venezuelan office mate were staring at the countdown on his laptop. When the clock hit zero, the website reloaded. Fourteen GPS coordinates popped up, their locations fanned across the globe: Warsaw, Seoul, Paris, Sydney, Hawaii, Miami, New Orleans, Seattle. Until then, none of the still-anonymous participants had provided any personal information. But suddenly, as they traced the coordinates to specific addresses, these same participants began volunteering their whereabouts. “Like, ‘I’m in Oakland,’ ‘I’m in Sweden,’ ‘I’m in South Korea,’?” Kinkle said.

The problem? None of the commenters were near any of the coordinates. “Everyone was deflated,” Kinkle said. He was convinced this was a decoy, but others in the chat room turned paranoid. What if someone had planted a bomb at the coordinates? What if a kidnapper was lying in wait?

Over the next week, people paid visits to the addresses in Paris, Warsaw, Miami, and Sydney. They posted pictures inside the chat room of what they’d found: sheets of white paper taped to streetlights, each featuring a QR code and a red-stenciled image of a cicada. The codes linked to unique URLs, which, when opened with OutGuess, revealed two new messages.

Kinkle couldn’t figure out what they referred to, but someone else did: a 300-line poem by the science fiction writer William Gibson called “Agrippa (A Book of the Dead).” By using the poem to decode the content of the messages, commenters extracted a Tor address. Tor, short for the Onion Router, is an obscure routing network that hides a user’s IP address by redirecting Internet traffic through proxies. In effect, Tor enables users to anonymously explore the Internet—including its darkest regions—without the risk of being traced. It’s in these secret spaces, buried deep in the deep Web, where the remaining clues lay in wait.

Diving Into the Deep Web

Sometimes called the “invisible web” or “dark net,” the deep Web represents the portion of the Internet that cannot be indexed by standard search engines such as Google, Yahoo!, or Bing. Search engines work through a process known as “spidering” or “crawling.” Crawlers roam across the Web collecting pages and keywords, following the hyperlinks on each page to amass more and more data. The results are filed into indexes of keywords; when you type a search query in Google, the search engine returns results from the appropriate index. The surface Web, or the part of the Internet that most people use on a daily basis, consists of Web pages that are linked to this giant mass. But since the majority of content on the Web isn’t linked to anything, it remains hidden from the crawlers. Researchers say it’s impossible to measure the size of the un-indexed Internet, though it’s estimated to be between 4,000 and 5,000 times larger than the surface Web.

“People don’t have an accurate way of measuring the deep Web, because it’s hard to define what it is,” says Juliana Freire, a computer science professor at New York University who studies the topic. To that end, much of the unindexed material is banal: peer-to-peer file-sharing services, scientific and governmental databases. But deep Web mythology—born out of 4chan, reddit, and other online forums—abounds with rumors of human-trafficking rings, weapon depots, and terrorist networks that dwell in its belly like unclassified sea creatures, squatting on abandoned websites, then leaving without a trace.

Yet there’s enough truth out there to feed worries. Take the Russian Business Network—an elusive cyber-crime conduit originally based in St. Petersburg that began as a service provider for websites devoted to identity theft, child pornography, and spamming. Thought to have been created in 2006 or earlier by a 24-year-old known only as Flyman, the network was linked to a stunning 50 percent of all credit-card phishing schemes. But the shadowy provider has since vanished from view.

In recent months, Silk Road, a black market website that uses Tor to enable users to anonymously sell illegal drugs including heroin, cocaine, and Ecstasy, has come to the attention of the Drug Enforcement Administration. The website, which employs a digital currency called Bitcoins to further disguise the identities of buyers and sellers, has enabled about $22 million in sales, according to a Carnegie Mellon report. A handful of recent discussions have tried to suggest that some users—including the site’s administrator, who goes by the handle “Dread Pirate Roberts”—are becoming increasingly less visible in the wake of media scrutiny. However, as Gawker has noted, someone is clearly still investing; in July 2012, the Silk Road site underwent a major redesign.

In the realm between academic accounts and crime-facilitating organizations lie those who use Tor for work. Journalists, for example, employ Tor to communicate with dissidents, whistle-blowers, and environmental activists concerned about government surveillance. One tech blogger, writing about the cicada mystery after the fact, suggested that a tech company or intelligence agency might have been using Tor for similar means.

Unsolved Mystery

After downloading TOR software, Kinkle visited the appointed address, which instructed him to create an anonymous Hotmail account. Minutes later, he received what the sender claimed was a personalized message. It contained a riddle Kinkle had to solve on his own.

“It required all this complicated decryption software,” he says. “I just couldn’t figure it out.” He emailed his programmer friends and anyone he thought might provide a lead, but they too came up empty. And so 10 days after his quest began, it was over.

“I never heard anything again,” Kinkle admits. He adds that he was extremely curious to know who was behind the game and why it was created. “If I thought it was just a complex puzzle with a clever answer, I don’t think I’d have been as captivated as I was.”

Weeks after he abandoned the quest, the mystery was still nagging at him. While idly Googling “cicada” and “3301” one day, he discovered a Wiki page about the puzzle that revealed a new development. Another mysterious message had appeared on 4chan in February. It read: “We have now found the individuals we sought. Thus our month-long journey ends.”

But the day after that message was posted on 4chan, yet another strange note cropped up on a temporary text-storage site called Pastebin. It seemed to be a letter of congratulations to the winners of the puzzle, acquired and re-posted by a member of Anonymous. “DO NOT SHARE THIS INFORMATION!” the re-posted letter began. It continued: “You are undoubtedly wondering what it is that we do we are much like a * think tank * in that our primary focus is on researching and developing techniques to aid the ideas we advocate liberty privacy security.” The letter offered the winners membership in the group, as long as they answered a few questions, including “Do you believe that information should be free?”

It’s a frustrating, enigmatic ending to a saga that, throughout, showed signs of careful craftsmanship and ingenious orchestration. It was a hunt that swept a room full of curious minds from an idle board on 4chan down the Internet’s most anonymous corridors, then spit them out into the real world. But today, Kinkle feels like he’s back where he started. He knows no more about “cicada 3301” than he did on that January night.

“It’s actually pretty crazy that there’s so little about that final message online,” he says. “A decent amount has been written about the hunt itself, so it’s odd that there’s barely anything about its conclusion.”

In 10 days, Kinkle traveled across more of the Web than most people will in a lifetime. The journey stoked his curiosity. Today, he spends his days poring over the underbelly of the Internet. He keeps a Tor browser on his phone, and he stays vigilant, occasionally dipping into 4chan’s boards, holding out hope that somewhere, flowing in this massive river of smut and depravity and cat jokes, he just might catch a glimpse of the answer.

This story originally appeared in mental_floss magazine. Now go download our new iPad app! Or get a free issue of mental_floss magazine via mail.

Original image
iStock // Ekaterina Minaeva
Man Buys Two Metric Tons of LEGO Bricks; Sorts Them Via Machine Learning
Original image
iStock // Ekaterina Minaeva

Jacques Mattheij made a small, but awesome, mistake. He went on eBay one evening and bid on a bunch of bulk LEGO brick auctions, then went to sleep. Upon waking, he discovered that he was the high bidder on many, and was now the proud owner of two tons of LEGO bricks. (This is about 4400 pounds.) He wrote, "[L]esson 1: if you win almost all bids you are bidding too high."

Mattheij had noticed that bulk, unsorted bricks sell for something like €10/kilogram, whereas sets are roughly €40/kg and rare parts go for up to €100/kg. Much of the value of the bricks is in their sorting. If he could reduce the entropy of these bins of unsorted bricks, he could make a tidy profit. While many people do this work by hand, the problem is enormous—just the kind of challenge for a computer. Mattheij writes:

There are 38000+ shapes and there are 100+ possible shades of color (you can roughly tell how old someone is by asking them what lego colors they remember from their youth).

In the following months, Mattheij built a proof-of-concept sorting system using, of course, LEGO. He broke the problem down into a series of sub-problems (including "feeding LEGO reliably from a hopper is surprisingly hard," one of those facts of nature that will stymie even the best system design). After tinkering with the prototype at length, he expanded the system to a surprisingly complex system of conveyer belts (powered by a home treadmill), various pieces of cabinetry, and "copious quantities of crazy glue."

Here's a video showing the current system running at low speed:

The key part of the system was running the bricks past a camera paired with a computer running a neural net-based image classifier. That allows the computer (when sufficiently trained on brick images) to recognize bricks and thus categorize them by color, shape, or other parameters. Remember that as bricks pass by, they can be in any orientation, can be dirty, can even be stuck to other pieces. So having a flexible software system is key to recognizing—in a fraction of a second—what a given brick is, in order to sort it out. When a match is found, a jet of compressed air pops the piece off the conveyer belt and into a waiting bin.

After much experimentation, Mattheij rewrote the software (several times in fact) to accomplish a variety of basic tasks. At its core, the system takes images from a webcam and feeds them to a neural network to do the classification. Of course, the neural net needs to be "trained" by showing it lots of images, and telling it what those images represent. Mattheij's breakthrough was allowing the machine to effectively train itself, with guidance: Running pieces through allows the system to take its own photos, make a guess, and build on that guess. As long as Mattheij corrects the incorrect guesses, he ends up with a decent (and self-reinforcing) corpus of training data. As the machine continues running, it can rack up more training, allowing it to recognize a broad variety of pieces on the fly.

Here's another video, focusing on how the pieces move on conveyer belts (running at slow speed so puny humans can follow). You can also see the air jets in action:

In an email interview, Mattheij told Mental Floss that the system currently sorts LEGO bricks into more than 50 categories. It can also be run in a color-sorting mode to bin the parts across 12 color groups. (Thus at present you'd likely do a two-pass sort on the bricks: once for shape, then a separate pass for color.) He continues to refine the system, with a focus on making its recognition abilities faster. At some point down the line, he plans to make the software portion open source. You're on your own as far as building conveyer belts, bins, and so forth.

Check out Mattheij's writeup in two parts for more information. It starts with an overview of the story, followed up with a deep dive on the software. He's also tweeting about the project (among other things). And if you look around a bit, you'll find bulk LEGO brick auctions online—it's definitely a thing!

Original image
200 Health Experts Call for Ban on Two Antibacterial Chemicals
Original image

In September 2016, the U.S. Food and Drug Administration (FDA) issued a ban on antibacterial soap and body wash. But a large collective of scientists and medical professionals says the agency should have done more to stop the spread of harmful chemicals into our bodies and environment, most notably the antimicrobials triclosan and triclocarban. They published their recommendations in the journal Environmental Health Perspectives.

The 2016 report from the FDA concluded that 19 of the most commonly used antimicrobial ingredients are no more effective than ordinary soap and water, and forbade their use in soap and body wash.

"Customers may think added antimicrobials are a way to reduce infections, but in most products there is no evidence that they do," Ted Schettler, science director of the Science and Environmental Health Network, said in a statement.

Studies have shown that these chemicals may actually do more harm than good. They don't keep us from getting sick, but they can contribute to the development of antibiotic-resistant bacteria, also known as superbugs. Triclosan and triclocarban can also damage our hormones and immune systems.

And while they may no longer be appearing on our bathroom sinks or shower shelves, they're still all around us. They've leached into the environment from years of use. They're also still being added to a staggering array of consumer products, as companies create "antibacterial" clothing, toys, yoga mats, paint, food storage containers, electronics, doorknobs, and countertops.

The authors of the new consensus statement say it's time for that to stop.

"We must develop better alternatives and prevent unneeded exposures to antimicrobial chemicals," Rolf Haden of the University of Arizona said in the statement. Haden researches where mass-produced chemicals wind up in the environment.

The statement notes that many manufacturers have simply replaced the banned chemicals with others. "I was happy that the FDA finally acted to remove these chemicals from soaps," said Arlene Blum, executive director of the Green Science Policy Institute. "But I was dismayed to discover at my local drugstore that most products now contain substitutes that may be worse."

Blum, Haden, Schettler, and their colleagues "urge scientists, governments, chemical and product manufacturers, purchasing organizations, retailers, and consumers" to avoid antimicrobial chemicals outside of medical settings. "Where antimicrobials are necessary," they write, we should "use safer alternatives that are not persistent and pose no risk to humans or ecosystems."

They recommend that manufacturers label any products containing antimicrobial chemicals so that consumers can avoid them, and they call for further research into the impacts of these compounds on us and our planet.