Exploring the Darkest Corridors of the Internet
By Jed Lipinski
When an unsuspecting researcher followed a mysterious command on a 4chan board, he found himself drawn into a scavenger hunt that led him down the darkest corridors of the internet and stretched across the globe. But in a place where no one shows his face and no one plays by the rules, how do you tell where the game ends and reality begins?
It was 10 p.m. on a Friday night in January, and Jeff Kinkle was procrastinating.
The 32-year-old cultural studies PhD was alone in his Brooklyn studio, working on a paper about institutional secrecy and the national security apparatus. His workspace offered an unobstructed view of the glittering Manhattan skyline, but the young academic, who makes his living as a writer and translator, wasn’t feeling inspired. His desk shook every time the trains rattled across the Williamsburg Bridge. The bars downstairs hummed with nightlife.
Distracted, Kinkle was scanning /b/, the infamous image-sharing board on the website 4chan. There, a curious message snagged his attention.
Kinkle had read that the National Security Agency, a U.S. government organization that engages in defensive and offensive cyber operations, was actively using 4chan to scout for hackers. Amid the thread of obscene comments that pass for conversation on /b/, some commenters were suggesting that the strange message might be an NSA recruiting exercise. His curiosity piqued, Kinkle followed the conversation as it moved to a math and science message board.
The cyberspace that most of us know and use daily is a place for connecting with friends, paying bills, and sharing funny cat pictures. But Kinkle, like others who delve into the Internet and the cultures that take shape there, knows that the Web is an iceberg: the part that shows being the smallest, least menacing piece. What lies beneath is vaster, darker, and harder to understand—a shadowy world where data and hackers and criminals hide. Some call it the “deep Web,” and Kinkle was about to tumble down a virtual rabbit hole straight into it.
Kinkle stared at the message, trying to suss out its meaning. When one commenter suggested opening the image in the simple-text editor WordPad, he couldn’t help himself. At the bottom of the text, he found the following message: TIBERIVS CLAVDIVS CAESAR says “lxxt>33m2mqkyv2gsq3q=w]O2ntk.”
And that was a code he thought he could crack.
"The id of the Web"
At first glance, 4chan looks like nothing more than a frenetic, image-based bulletin board. There is no search function and no tagging of posts. But the site’s simplicity is deceiving. Trafficked mostly by 18- to 24-year-old men, 4chan attracts more than 22 million page views per month and more than 1 million unique visitors every day—almost as much as The New York Times website. But the numbers don’t accurately reflect 4chan’s importance; what happens on the site often reverberates across the Internet.
4chan was founded in 2003 by a 15-year-old named Christopher Poole, a New Yorker known online by the handle “moot.” Poole modeled the site on a fast-paced Japanese Web forum centered on anime and porn called 2chan. “The URL for 3chan was taken at the time,” Poole told The New York Times in 2010, “so I just jumped to the next number.”
Today, 4chan’s 58 boards cover a whimsical array of topics, from the practical (do-it-yourself) to the creative (photography, music) to the shocking and pornographic (“sexy beautiful women”). Accordingly, subject threads range from the mundane to the disturbing—everything from bike-shorts recommendations to found footage of people getting hit by cars or gruesome photos of body parts found in the wreckage of the September 11 attacks. The site functions like the Wild West of cyberspace. 4chan also has no formal archive, meaning that most of its million-plus posts per day are ephemeral—they either expire or get deleted within a matter of hours. This fast-flowing river of posts is enhanced by the users’ anonymity. Because the site does not require registration, 4chan especially appeals to those who reject the increasing proof-of-identity demands and personal information requests on social networking sites such as Facebook and Google+.
The /b/ board—sometimes called the “id of the Web”—takes particular advantage of this anonymity. On /b/, offensive remarks are encouraged, both to repel outsiders and to maintain the board’s underground appeal. Longtime users, for instance, are referred to as “oldfags”; newcomers as “newfags”; and British people in general as “Britfags.” The board's Fight Club-style rules emphasize the insular yet anonymous culture they seek to preserve: "1. You do not talk about /b/. 2. You DO NOT talk about /b/. 3. We are Anonymous. 34. If it exists, there is porn about it. No exceptions."
The site’s anything-goes mentality often leads users to overstep the bounds of propriety—and sometimes legality. In September 2008, a college student named David Kernell, the son of a Democratic state representative from Tennessee, obtained access to Sarah Palin’s personal Yahoo! account. He posted the password on the /b/ board, along with a number of screenshots of the then-governor’s email messages, which quickly went viral. (The FBI managed to track down Kernell’s IP address and IP cache records from a proxy site, and he was convicted on charges soon after.)
But 4chan also fosters a strange and uninhibited kind of creativity. While the posts are fleeting, users tend to re-post the images they find the most affecting—whether they’re funny, political, or unsettling. And that can spiral into zeitgeisty memes and all sorts of Internet phenomena. LOLcats, the ubiquitous meme featuring pictures of cats with kitten-speak captions, such as “U Seez What I’z Put Up With,” originated on 4chan. So did Rickrolling, a bait-and-switch meme in which a user clicks a hyperlink only to be redirected to a YouTube video of pop star Rick Astley singing his 1987 hit “Never Gonna Give You Up.” (The video has received more than 65 million hits to date.) More significantly, 4chan helped spawn Anonymous, the amorphous global network of hacktivists, trolls, and Web savants that has waged attacks on major corporate and government websites since sometime around 2004, pursuing an unusual breed of cyber vigilantism.
Still, as Kinkle well knew, so much of the material in the 4chan stream is either inane or meant as a prank that he questioned how to handle the message. As he monitored the 40 or so commenters discussing the image, he realized that many of them were taking it seriously. He decided to play along. “The idea that this was a recruitment exercise was definitely seductive,” he recalled. “I mean, I don’t have any esoteric knowledge the NSA would actually want. But the thought of engaging with people who are on the cutting edge of this stuff—that was exciting.”
Following the Breadcrumbs
Kinkle recognized the garbled text—TIBERIVS CLAVDIVS CAESAR says “lxxt>33m2mqkyv2gsq3q=w]O2ntk”—as a Caesar cipher, a simple encryption technique in which each letter is replaced by another letter a fixed number of places away in the alphabet. Since Tiberius Claudius was the fourth Roman Emperor, Kinkle tried shifting the text back four letters. It worked: The text revealed a URL. But when Kinkle pointed his browser to the site, the page showed an image of a plastic duck and the words: “WOOPS just decoys this way. Looks like you can’t guess how to get the message out.”
The phrasing struck Kinkle and the other commenters as odd. Before long, someone realized that the words guess and out might have something to do with the decryption software OutGuess. Running the image through OutGuess, it turned out, extracted a link to a subreddit—one of the many boards within the social news website reddit. When Kinkle clicked the link, suddenly the page bore a new mystery: a row of Mayan numerals, several lines of garbled letters, and two images labeled welcome and problems?
It was then that someone posted a link to an anonymous room on the chat website Mibbit.com, where users adopted screen names and the conversation continued without the threat of 4chan’s disappearing archive. “That’s when I started to feel a bit creepy,” Kinkle recalls. Here he was, at 11 on a Friday night, obsessing over a riddle inside a chat room with dozens of strangers. Before this night, Kinkle had interacted with a total of three people on 4chan, a site he characterized as a “flow of smut and jokes and weird stuff that vanishes.” He saw the site as a playground for trolls, the kind of people who post deliberately distracting or provocative messages in the hope of starting an argument. “But most trolls don’t put nearly this amount of energy into what they’re doing,” Kinkle says.
He decided to walk back to his apartment. When he arrived, his roommates were heading out to a bar and invited him along, but Kinkle mumbled an excuse and retreated to his bedroom instead. There, he got to work unraveling a series of cyber clues involving book codes, King Arthur, and the quest for the Holy Grail. Scribbling madly on index cards, he finally uncovered a message: “call us on us tele phone number two one four three….”
“I’m getting a phone number!” he blurted into the chat room. The more advanced commenters doubted it; the less advanced insulted him. Kinkle believed he was onto something, but no one believed him. Then he received a private message—“You’re way ahead of the others”—and an invitation to a smaller, private chat room within the same network. Once inside, he dialed the number using Google Voice. A recording welcomed him: “Very good. You have done well. There are three prime numbers associated with the original final .jpg image. 3301 is one of them. You will have to find the other two. Multiply all three of these numbers together and add a .com on the end to find the next step. Good luck. Good-bye.”
The pixel dimensions of the first image, Kinkle realized, were 509 and 503, both primes. He multiplied the numbers and got a URL. An image of a cicada appeared onscreen, above a countdown set to expire in three days. Opening the cicada in OutGuess unveiled yet another message: “You have done well to come this far. Patience is a virtue. Check back at 17:00 on Monday, 9 January 2012. UTC.”
Kinkle slumped in his chair. It was 2 a.m. He had reached the next level of the game—but what had begun as an online lark was about to breach the walls of the Web and enter real life.
Getting to Know Anonymous
The subversive digital network known as Anonymous found its footing in virtual mischief, but the way the group has wielded influence and power in real life (IRL, in Internet-speak) has made agencies like the NSA pay close attention.
Anons, as members call themselves, emerged from the juvenilia and nihilism of 4chan’s /b/ board around 2004. Over time, the group has become known less for Rickrolling and pranking radio DJs than for real-life attacks against institutions that try to suppress information online. In the winter of 2008, when the Church of Scientology tried to make the gossip site Gawker remove a leaked video of Tom Cruise delivering a diatribe, Anonymous got its first taste of mainstream attention. Vowing to “destroy” Scientology, thousands of Anonymous supporters protested outside Scientology centers and churches around the world, wearing Guy Fawkes masks and holding signs like “don’t worry, we’re from the internet.” The group continued its war online, releasing viral videos decrying Scientology practices and crashing Scientology websites.
The following year, in keeping with the collective’s love of cats, Anonymous supporters hunted down the creator of a YouTube video in which a domestic cat named Dusty is shown being slammed against a wall. Based on the creator’s other YouTube videos, posted under glennspam1, members of 4chan’s /b/ board were able to locate and identify him as Kenny Glenn, a 14-year-old from Lawton, Okla. Shortly after the teen was outed, local police stepped in. Meanwhile, hundreds of cat photos flooded 4chan, with captions like “ill see you in jail kenny glenn.”
In the years since, Anonymous has grown more political. In December 2010, core Anons recruited thousands of volunteers to orchestrate what’s called a distributed denial of service—flooding a website with traffic until it crashes or slows considerably. The group targeted the sites of MasterCard, Visa, and PayPal, all of which had effectively prohibited financial contributions to WikiLeaks. Anonymous (and in some cases, its splinter groups) also made trouble for Interpol, the CIA, German neo-Nazi groups, child-pornography servers, the Tunisian government, News Corporation, and others. It even bugged a conference call between the FBI and Scotland Yard about a global cyber crime investigation. The 16-minute call was later posted on YouTube under the headline hacked for the lulz—“lulz” being Web slang for laughs. The nihilism of 4chan, after all, is part of its DNA.
Considering its contradictory impulses, observers of Anonymous have struggled to define the group as either political or criminal in nature. Parmy Olson, Forbes’s London bureau chief and author of the book We Are Anonymous, says the group’s supporters are “unpredictable.” “They could be trying to take down the website of a repressive African government one minute and harassing someone on Facebook for fun the next,” she says. And while some self-identify as hacktivists, using the resources and reputation of Anonymous for social-political causes, others remain true to the anarchic culture of /b/. “What matters more,” Olson says, “is that Anonymous has provided a process for anyone to pool together to cause some sort of stir online. The more creative the better.” That sort of 4chan-inspired mentality is responsible for attacks on Mexican drug lords and British government websites, but it’s also the same incubator—or at least, the same type of thinking—that inspired the cicada mystery in which Kinkle found himself steeped.
Locating the Cicada
At 4:59 p.m. on Monday, Kinkle and his Venezuelan office mate were staring at the countdown on his laptop. When the clock hit zero, the website reloaded. Fourteen GPS coordinates popped up, their locations fanned across the globe: Warsaw, Seoul, Paris, Sydney, Hawaii, Miami, New Orleans, Seattle. Until then, none of the still-anonymous participants had provided any personal information. But suddenly, as they traced the coordinates to specific addresses, these same participants began volunteering their whereabouts. “Like, ‘I’m in Oakland,’ ‘I’m in Sweden,’ ‘I’m in South Korea,’?” Kinkle said.
The problem? None of the commenters were near any of the coordinates. “Everyone was deflated,” Kinkle said. He was convinced this was a decoy, but others in the chat room turned paranoid. What if someone had planted a bomb at the coordinates? What if a kidnapper was lying in wait?
Over the next week, people paid visits to the addresses in Paris, Warsaw, Miami, and Sydney. They posted pictures inside the chat room of what they’d found: sheets of white paper taped to streetlights, each featuring a QR code and a red-stenciled image of a cicada. The codes linked to unique URLs, which, when opened with OutGuess, revealed two new messages.
Kinkle couldn’t figure out what they referred to, but someone else did: a 300-line poem by the science fiction writer William Gibson called “Agrippa (A Book of the Dead).” By using the poem to decode the content of the messages, commenters extracted a Tor address. Tor, short for the Onion Router, is an obscure routing network that hides a user’s IP address by redirecting Internet traffic through proxies. In effect, Tor enables users to anonymously explore the Internet—including its darkest regions—without the risk of being traced. It’s in these secret spaces, buried deep in the deep Web, where the remaining clues lay in wait.
Diving Into the Deep Web
Sometimes called the “invisible web” or “dark net,” the deep Web represents the portion of the Internet that cannot be indexed by standard search engines such as Google, Yahoo!, or Bing. Search engines work through a process known as “spidering” or “crawling.” Crawlers roam across the Web collecting pages and keywords, following the hyperlinks on each page to amass more and more data. The results are filed into indexes of keywords; when you type a search query in Google, the search engine returns results from the appropriate index. The surface Web, or the part of the Internet that most people use on a daily basis, consists of Web pages that are linked to this giant mass. But since the majority of content on the Web isn’t linked to anything, it remains hidden from the crawlers. Researchers say it’s impossible to measure the size of the un-indexed Internet, though it’s estimated to be between 4,000 and 5,000 times larger than the surface Web.
“People don’t have an accurate way of measuring the deep Web, because it’s hard to define what it is,” says Juliana Freire, a computer science professor at New York University who studies the topic. To that end, much of the unindexed material is banal: peer-to-peer file-sharing services, scientific and governmental databases. But deep Web mythology—born out of 4chan, reddit, and other online forums—abounds with rumors of human-trafficking rings, weapon depots, and terrorist networks that dwell in its belly like unclassified sea creatures, squatting on abandoned websites, then leaving without a trace.
Yet there’s enough truth out there to feed worries. Take the Russian Business Network—an elusive cyber-crime conduit originally based in St. Petersburg that began as a service provider for websites devoted to identity theft, child pornography, and spamming. Thought to have been created in 2006 or earlier by a 24-year-old known only as Flyman, the network was linked to a stunning 50 percent of all credit-card phishing schemes. But the shadowy provider has since vanished from view.
In recent months, Silk Road, a black market website that uses Tor to enable users to anonymously sell illegal drugs including heroin, cocaine, and Ecstasy, has come to the attention of the Drug Enforcement Administration. The website, which employs a digital currency called Bitcoins to further disguise the identities of buyers and sellers, has enabled about $22 million in sales, according to a Carnegie Mellon report. A handful of recent discussions have tried to suggest that some users—including the site’s administrator, who goes by the handle “Dread Pirate Roberts”—are becoming increasingly less visible in the wake of media scrutiny. However, as Gawker has noted, someone is clearly still investing; in July 2012, the Silk Road site underwent a major redesign.
In the realm between academic accounts and crime-facilitating organizations lie those who use Tor for work. Journalists, for example, employ Tor to communicate with dissidents, whistle-blowers, and environmental activists concerned about government surveillance. One tech blogger, writing about the cicada mystery after the fact, suggested that a tech company or intelligence agency might have been using Tor for similar means.
After downloading TOR software, Kinkle visited the appointed address, which instructed him to create an anonymous Hotmail account. Minutes later, he received what the sender claimed was a personalized message. It contained a riddle Kinkle had to solve on his own.
“It required all this complicated decryption software,” he says. “I just couldn’t figure it out.” He emailed his programmer friends and anyone he thought might provide a lead, but they too came up empty. And so 10 days after his quest began, it was over.
“I never heard anything again,” Kinkle admits. He adds that he was extremely curious to know who was behind the game and why it was created. “If I thought it was just a complex puzzle with a clever answer, I don’t think I’d have been as captivated as I was.”
Weeks after he abandoned the quest, the mystery was still nagging at him. While idly Googling “cicada” and “3301” one day, he discovered a Wiki page about the puzzle that revealed a new development. Another mysterious message had appeared on 4chan in February. It read: “We have now found the individuals we sought. Thus our month-long journey ends.”
But the day after that message was posted on 4chan, yet another strange note cropped up on a temporary text-storage site called Pastebin. It seemed to be a letter of congratulations to the winners of the puzzle, acquired and re-posted by a member of Anonymous. “DO NOT SHARE THIS INFORMATION!” the re-posted letter began. It continued: “You are undoubtedly wondering what it is that we do we are much like a * think tank * in that our primary focus is on researching and developing techniques to aid the ideas we advocate liberty privacy security.” The letter offered the winners membership in the group, as long as they answered a few questions, including “Do you believe that information should be free?”
It’s a frustrating, enigmatic ending to a saga that, throughout, showed signs of careful craftsmanship and ingenious orchestration. It was a hunt that swept a room full of curious minds from an idle board on 4chan down the Internet’s most anonymous corridors, then spit them out into the real world. But today, Kinkle feels like he’s back where he started. He knows no more about “cicada 3301” than he did on that January night.
“It’s actually pretty crazy that there’s so little about that final message online,” he says. “A decent amount has been written about the hunt itself, so it’s odd that there’s barely anything about its conclusion.”
In 10 days, Kinkle traveled across more of the Web than most people will in a lifetime. The journey stoked his curiosity. Today, he spends his days poring over the underbelly of the Internet. He keeps a Tor browser on his phone, and he stays vigilant, occasionally dipping into 4chan’s boards, holding out hope that somewhere, flowing in this massive river of smut and depravity and cat jokes, he just might catch a glimpse of the answer.