FBI Issues Code Cracking Challenge

coondoggie writes to tell us that the FBI has issued another cracking challenge for a new cipher on their site. Tens of thousands responded to a similar challenge last year. In addition to the challenge, the FBI is also offering a few primers on the subject. There are a number of sites offering cipher challenges, but it's funny to see the FBI encouraging such behavior.

First Post

[Hadlock]

Love the article:
 
 

coondoggie writes to tell us that the FBI has issued another cracking challenge for a new cipher on their site. Tens of thousands responded to a similar challenge last year. In addition to the challenge the FBI is also offering a few primers on the subject. There are a number of sites offering cipher challenges, just funny to see the FBI encouraging...NO CARRIER

Hillarious.

Re:First Post

[Ethanol-fueled]

Maybe their service was just disconnected because they didn't pay their phone bill.

Re:First Post

[HTH+NE1]

Hillarious.

RING
RING
CONNECT 1200
|x{
NO CARRIER

Re:First Post

[morgan_greywolf]

We're the phone company. We don't have to care.

Re:First Post

[anomnomnomymous]

To be honest, I find it quite mountainarious.

Re:First Post

[ILuvRamen]

it's actually a clue. You have to decrypt the rest of the summary using the first letters of every prime numbered word.

Oh, the fun and prizes!

The winner receives an all expense 1 way trip to the tropical island of Cuba!

Re:Oh, the fun and prizes!

[morgan_greywolf]

"You'll love our fun-filled resort on beautiful Guantanamo Bay!"

Meh. The resort is okay, but I hear the service is torture!

Re:Oh, the fun and prizes!

"You'll love our fun-filled resort on beautiful Guantanamo Bay!"

Meh. The resort is okay, but I hear the service is torture!

I heard the place is full of violent, religious fanatics who hate America.

I'd rather vacation somewhere like Europe where they're not violent, religious fanatics.

Re:Oh, the fun and prizes!

[Koiu+Lpoi]

This is how I feel about that.

This will really piss of the Chinese

[Alain+Williams]

or whichever foreign government owns the code that the FBI has just recruited the bright kids on the Internet to crack :-)

Re:This will really piss of the Chinese

[Sockatume]

It'll really piss off the NSA (or other TLA) if it turns out that the computer science discoveries made by the competitors transfer to encryption systems they use.

Re:This will really piss of the Chinese

[drspliff]

RTFA... it's an extremely simple substitution cipher, if the FBI had to outsource this I'd be extremely worried about their technical competancy.

In the age of public/private key encryption, while there's a NSA hashing algorithm competition running with many well respected scientists competing, the FBI's "lab" comes out with this crap?

Harry you?

[BadAnalogyGuy]

Houdini was always searching for better, more clever ways to perform escape acts and illusions. After he would debut a new trick, others would immediately try to emulate the trick. The trick was on them, though, because Houdini would frequently expose their methods (because it was originally his) and prove himself to be the true master magician.

No difference here. Just the FBI gauging the abilities of the community.

Re:Harry you?

[Architect_sasyr]

Or maybe looking for recruits? I'd imagine that if you're an American then working for some agency which will go un-named you would be earning a stack of money, and if you're a foreign national then they're going to set you up with a visa and a passport and some covert operation to fly your geeky self into the United States. Thus maintaining the "best of the best" cryptographic team, or at least trying to.

Hate to see what happens to the guy who finds the flaw and then says "Sorry, I want to work for [the Chinese]"...

Re:Harry you?

[failedlogic]

It wouldn't be a far stretch of the imagination that the FBI would highly consider those that have applied to Intelligence organizations but didn't make it. Doesn't mean they are less talented at their jobs. There's all kinds of reasons to choose the FBI over some of the others - there's always +/- trade-offs.

Re:Harry you?

[puto]

I have an old great uncle in South Carolina, mid 80s. For years he has had me assemble or point him in the direction when he buys himself new computers or gadgets.

And he is amazingly adept with them.

Turns out my quiet old uncle was a brilliant cryptologist in the OSS.

He told me they retired him quietly in his 30's with a big fat pensions, and he has been doing nothing and growing peaches ever since. And when he says it his eyes twinkle.

Re:Harry you?

[JWSmythe]

    Years ago, I caught my girlfriend's daughter passing ciphered messages between her and friends. I wasn't trying to punish her, but I wanted to educate her. I explained how they're easily crackable. She wasn't even using letters. They were all symbols of all different kinds. Some were similar to runes. Others simple shapes and variations. It was good for a kid. :)

    I told her what she was doing right, and what she was doing wrong. She said I couldn't crack her message. I asked if there was anything I shouldn't see in it, and she said it was ok. I'm nosy, but I'm not so impolite to look at her private notes. I then walked her through cracking her own message.

    I would hope that the FBI could give us something a little harder than a basic cipher. zzz. boring. At least the daughter's cipher was entertaining. :)

Link to the 2008 challenge

[root777]

The links in the article point to FBI challenges in 2007 and the kids challenge but do not point to the 2008 challenge.

Here is the FBI Cryptanalysis challenge 2008 http://www.fbi.gov/page2/dec08/code_122908.html

Other helpful links for reference
2007 challenge: http://www.fbi.gov/page2/nov07/code112107.html
Kids challenge: http://www.fbi.gov/kids/k5th/jobs9.htm

Re:Link to the 2008 challenge

[Chris+Daniel]

Also, here's the code (transcribed a damn Flash file; wtf you guys):

VFWTDLCSWV. YD NSLMIJFWEJFD GSW SL NIJNQBLM FOBV EJFDVF DLNIGTFBSL. KBVBF YYY.AHB.MSK/NSCDC.OFZ FS EDF WV QLSY SA GSWI VWNNDVV.

Lameness filter ... it was presented in caps on the original, so it is presented as such here!

Re:Link to the 2008 challenge

[enFi]

Presuming that the text is all the information we need - maybe the got creative and did steganography, or a message hidden in the flash source.

I agree with the characters; if newlines are relevant:

VFWTDLCSWV. YD
NSLMIJFWEJFD GSW SL
NIJNQBLM FOBV EJFDVF
DLNIGTFBSL. KBVBF
YYY.AHB.MSK/NSCDC.OFZ
FS EDF WV QLSY SA
GSWI VWNNDVV.

Re:Link to the 2008 challenge

[laddiebuck]

It remains fairly trivial after your substitutions. vivit -> visit, then the last line but one is "to let us know of". After those chars, the whole thing falls into place. The final translation table is tr '[abcdefghijklmnoqstvwyz]' '[fideltybravngchkopsuwm]'. You're supposed to visit this trite URL, which congratulates you. Maybe they really did mix it up with the kids' challenge.

Re:Link to the 2008 challenge

[wxwz]

tr '[abcdefghijklmnoqstvwyz]' '[fideltybravngchkopsuwm]'

Interestingly there appears to be a hidden message within the key itself, the start obviously encodes: fidelIty bravERy InTEgRITY, but not sure what the rest works out to (chkopsuwm).

I noticed there was a similar pattern in the 2007 challenge, with the key (fedralbuoinvstgchrkmpvwxyz) starting off with letters encoding 'federal buro of investigation'.

Re:Link to the 2008 challenge

[93+Escort+Wagon]

Also, here's the code (transcribed a damn Flash file; wtf you guys):

VFWTDLCSWV. YD NSLMIJFWEJFD GSW SL
NIJNQBLM FOBV EJFDVF DLNIGTFBSL. KBVBF
YYY.AHB.MSK/NSCDC.OFZ FS EDF WV QLSY SA
GSWI VWNNDVV.

Lameness filter ... it was presented in caps on the original, so it is presented as such here!

Easy - "Be sure to drink your Ovaltine!"

Fidelity, Bravery (n/t)

[Cryptosporidium]

Hm. Hidden message.

FBI's "Add yourself to suspect database contest

[Jason+Quinn]

Dear citizens: Please inform us if you have the talents necessary to be suspects in criminal cyber-cracking cases. That is all. Love, The FBI

This is like the Last Starfighter

[synthesizerpatel]

Except for video games and aliens, it'll be a bunch of crypto guys battling it out with Matlab.

Everyone is a Winner

[retech]

It's interesting to note that all of the participants in the challenge last year got an all expenses paid vacation to an undisclosed location. I guess it was a really cool vacation since none of them returned home.

A similar challenge for linux web servers...

[lamapper]

Reminds me of a security company that issued a hacking / cracking challenge somewhere between 3 and 8 years back, no way could I find this article...perhaps one of your ./ will provide a link...

The company offered over $10,000.00 for not only hacking and cracking their server, but showing the company how they did it.

If memory serves (and it sometimes does not) they paid out the first and second years of the challenge, but in year three no one successfully broke into their web server environment.

I believed they kept eliminating modules that had holes and were not needing and closing holes in modules that were needed.

Based on what I read, they were able to 100% successfully secure their web servers from attacks only because they were using Linux as the OS.

I remembered comparing their results with others attempts with other operating systems and really wanting to learn Linux.

Now that I am using Unix and Linux and have a better understanding of what they were doing I can see the simple genius in such challenges.

Whether just for security or for scouting talent, whatever their reasons, its money well spent when they offer cash prizes to the few that are successful!

Re:Fill in the blank

[morgan_greywolf]

Well, actually, I think it's supposed to be

Ummm, was this supposed to be difficult?

[bennomatic]

It was not, shall we say, stupendously hard. A little common sense and some patience was all it took. I expected that I'd be looking at something a little tougher than I used as clues in the scavenger hunt at my 10th birthday party.

FBI as code crackers?

[girlintraining]

Oh, come on. This is from an organization that cut funding for terrorism just before 9/11 to add resources to software piracy. Do you really think if they had the brains do do cryptanalysis they'd...

oh wait.

I suppose they are looking for brains, huh.

FBI uses open source software

[root777]

Interesting that FBI uses plone as their CMS and not Wordpress and they have IE compatibility CSS code like the rest of the planet.
Clue: Is there a reason why they have the crypto code displayed as a flash file and not a simple png or jpeg file?

I cracked it...

"Be sure to drink your ovaltine"

What the hell does that mean?

I win

[binaryseraph]

I have decrypted. Answer is: U R under Arrest.

damn!

Re:link to challenge

Wow. Cryptograms in the newspaper are harder than that.

stupendous. we
congratulate you on
cracking this latest
encryption. visit
www.fbi.gov/coded.htm
to let us know of
your success.

what it should be

[overcaffein8d]

what it should be:

coondoggie writes to tell us that the FBI has issued another cracking challenge for a new cipher on their site. Tens of thousands responded to a similar challenge last year. In addition to the challenge the FBI is also offering a few primers on the subject. There are a number of sites offering cipher challenges, just funny to see the FBI encouraging 4J58I4JTK5NRO4844/4534852WDVJRIN67/368RB8XC0GJFNFXVXCVJVXV8R/GE8F/RETWQ8ER8WRHQ98CVUXHE8V09E8Q/WRWE8Q7T-E8THQEW/CHICKEN438R8SDFUEFNX7/4UDFJD7FH47FHEFT28FHEW6DFT

Cryptogram tool

[Jade+E.+2]

There are automated ones out there that solve this in under a second, but if you want to figure it out yourself try this page:

http://www.esg.montana.edu/meg/consbio/cryptogram/crypto.html

Here's the puzzle text to copy:

VFWTDLCSWV. YD NSLMIJFWEJFD GSW SL NIJNQBLM FOBV EJFDVF DLNIGTFBSL.
KBVBF YYY.AHB.MSK/NSCDC.OFZ FS EDF WV QLSY SA GSWI VWNNDVV.

Result

It's a pretty simple substitution cipher, and the obvious web address in the code makes it even simpler. A simple bit of guess work and you get the result:
"stupendous. we congratulate you on cracking this latest encryption. visit www.fbi.gov/coded.htm to let us know of your success"

The lookup table for the substitution is:
A : f; C : d; B : i; E : l; D : e; G : y; F : t; I : r; H : b; K : v; J : a; M : g; L : n; O : h; N : c; Q : k; S : o; T : p; W : u; V : s; Y : w; Z : m;

Re:Easy.

[laddiebuck]

As one UNIX lover to another...

tr '[abcdefghijklmnoqstvwyz]' '[fideltybravngchkopsuwm]'

Happy man reading!

Re:link to challenge

[Raynor]

Was the the only person who started this by guessing YYY.AHB.MSK was www.fbi.gov? Seems like including a fully formatted URL is a bad idea...

Re:Easy.

[Dice]

I actually started working on it with tr but then decided that I didn't want to bother with counting character placements to be sure I got it right. With sed I could just tack on extra '-e's as I deduced substitutions.

good grief

[denaje]

I hope they don't guard any sensitive data with encryption that easy

Answer

[ottffs]

I've solved it and posted the answer for y'all. Check it out here: http://c0nn0r.info/blog/2008/12/29/i-pwned-the-fbi-cyphertext-challenge-in-about-45-minutes-using-a-pen-and-paper/

The greeks would be proud.

[scan-alias]

The FBi issues a code to be cracked with the simplicity of a 3 on a scale of 1 to 100 in terms of advanced technologies used in current cryptography. HAha - / they aren't looking for the 99% of society that can figure out the simple sub ciPher. Food for thought: With present technology in cryptography pushing the upper maxim of what we as a species are capable of understanding (in terms of entropy of data with a key) - lets just say someone went another direction. Intelligent "believable" misinformation is more powerful than anything else that could be devised in the world of intelligence. What would be the impact in the world of hidden secrets if an algorithm could encrypt a paragraph of data into an output resembling a ciphered textual paragraph instead of just random letters? Example 1: Paragraph A is encrypted .. instead of yielding random chaotic letters it yields a paragraph of of completely different content/context. How? Take 100 characters - First, these aren't words but 8 bit vectors of data. How do you you transpose 100 8 bit vectors into 100 other 8 bit vectors - the answer: very carefully and with a map along the way of course (the key). Yes it's 100% possible. Example 2: Take it a step further and instead of encrypting into another paragraph. Yield a paragraph that is ciphered with a determined amount of complexity. What would be the advantage of having a barely breakable code, yield a cipher that wasn't just mono-interpretive? Pretty powerful. The trojan horse of modern crypto-design? or just the fbi spending time putting up a code that I could break when i was 5?

Re:ITSATRAP!

[ZeroExistenZ]

it's funny to see the FBI encouraging such behavior

It reminds me to the series of letters of George Mercies, about "Invisible Contracts".

[For example, in the U.S.S.R., the KGB is known to have secretly "created" (sponsored is more like it) -- various protester groups for the sole purpose of throwing out some attractive philosophy designed to attract a certain type of individual, and then having "extracted" those individuals from society, and having thus identified them -- then shutting down the organization and arresting the members. This practice is a utilization of the principle known as the "Doctrine of False Opposition."]

Motivation=mens rea; demonstration=actus reus

[KudyardRipling]

This contest is nothing more than a fishing expedition to see those who are smart enough to break codes and brazen and stupid enough to have the testicular resources to demonstrate the same in public.

File under the heading "Let every flower bloom".

Sting?

[kpainter]

Maybe this is like those stings where the police dupe some idiot criminals to show up somewhere under the guise of getting some free stuff, then slap the cuffs on 'em. Are they logging the IP of people who go to that website which in turn is compared against a list of people they want to talk to? Why else would they do something like this?