Exploring the Darkest Corridors of the Internet
By the mag
By Jed Lipinski
When an unsuspecting researcher followed a mysterious command on a 4chan board, he found himself drawn into a scavenger hunt that led him down the darkest corridors of the internet and stretched across the globe. But in a place where no one shows his face and no one plays by the rules, how do you tell where the game ends and reality begins?
It was 10 p.m. on a Friday night in January, and Jeff Kinkle was procrastinating.
The 32-year-old cultural studies PhD was alone in his Brooklyn studio, working on a paper about institutional secrecy and the national security apparatus. His workspace offered an unobstructed view of the glittering Manhattan skyline, but the young academic, who makes his living as a writer and translator, wasnât feeling inspired. His desk shook every time the trains rattled across the Williamsburg Bridge. The bars downstairs hummed with nightlife.
Distracted, Kinkle was scanning /b/, the infamous image-sharing board on the website 4chan. There, a curious message snagged his attention.
Kinkle had read that the National Security Agency, a U.S. government organization that engages in defensive and offensive cyber operations, was actively using 4chan to scout for hackers. Amid the thread of obscene comments that pass for conversation on /b/, some commenters were suggesting that the strange message might be an NSA recruiting exercise. His curiosity piqued, Kinkle followed the conversation as it moved to a math and science message board.
The cyberspace that most of us know and use daily is a place for connecting with friends, paying bills, and sharing funny cat pictures. But Kinkle, like others who delve into the Internet and the cultures that take shape there, knows that the Web is an iceberg: the part that shows being the smallest, least menacing piece. What lies beneath is vaster, darker, and harder to understandâa shadowy world where data and hackers and criminals hide. Some call it the âdeep Web,â and Kinkle was about to tumble down a virtual rabbit hole straight into it.
Kinkle stared at the message, trying to suss out its meaning. When one commenter suggested opening the image in the simple-text editor WordPad, he couldnât help himself. At the bottom of the text, he found the following message: TIBERIVS CLAVDIVS CAESAR says âlxxt>33m2mqkyv2gsq3q=w]O2ntk.â
And that was a code he thought he could crack.
"The id of the Web"
At first glance, 4chan looks like nothing more than a frenetic, image-based bulletin board. There is no search function and no tagging of posts. But the siteâs simplicity is deceiving. Trafficked mostly by 18- to 24-year-old men, 4chan attracts more than 22 million page views per month and more than 1 million unique visitors every dayâalmost as much as The New York Times website. But the numbers donât accurately reflect 4chanâs importance; what happens on the site often reverberates across the Internet.
4chan was founded in 2003 by a 15-year-old named Christopher Poole, a New Yorker known online by the handle âmoot.â Poole modeled the site on a fast-paced Japanese Web forum centered on anime and porn called 2chan. âThe URL for 3chan was taken at the time,â Poole told The New York Times in 2010, âso I just jumped to the next number.â
Today, 4chanâs 58 boards cover a whimsical array of topics, from the practical (do-it-yourself) to the creative (photography, music) to the shocking and pornographic (âsexy beautiful womenâ). Accordingly, subject threads range from the mundane to the disturbingâeverything from bike-shorts recommendations to found footage of people getting hit by cars or gruesome photos of body parts found in the wreckage of the September 11 attacks. The site functions like the Wild West of cyberspace. 4chan also has no formal archive, meaning that most of its million-plus posts per day are ephemeralâthey either expire or get deleted within a matter of hours. This fast-flowing river of posts is enhanced by the usersâ anonymity. Because the site does not require registration, 4chan especially appeals to those who reject the increasing proof-of-identity demands and personal information requests on social networking sites such as Facebook and Google+.
The /b/ boardâsometimes called the âid of the Webââtakes particular advantage of this anonymity. On /b/, offensive remarks are encouraged, both to repel outsiders and to maintain the boardâs underground appeal. Longtime users, for instance, are referred to as âoldfagsâ; newcomers as ânewfagsâ; and British people in general as âBritfags.â The board's Fight Club-Âstyle rules emphasize the insular yet anonymous culture they seek to preserve: "1. You do not talk about /b/. 2. You DO NOT talk about /b/. 3. We are Anonymous. 34. If it exists, there is porn about it. No exceptions."
The siteâs anything-goes mentality often leads users to overstep the bounds of proprietyâand sometimes legality. In September 2008, a college student named David Kernell, the son of a Democratic state representative from Tennessee, obtained access to Sarah Palinâs personal Yahoo! account. He posted the password on the /b/ board, along with a number of screenshots of the then-governorâs email messages, which quickly went viral. (The FBI managed to track down Kernellâs IP address and IP cache records from a proxy site, and he was convicted on charges soon after.)
But 4chan also fosters a strange and uninhibited kind of creativity. While the posts are fleeting, users tend to re-post the images they find the most affectingâwhether theyâre funny, political, or unsettling. And that can spiral into zeitgeisty memes and all sorts of Internet phenomena. LOLcats, the ubiquitous meme featuring pictures of cats with kitten-speak captions, such as âU Seez What Iâz Put Up With,â originated on 4chan. So did Rickrolling, a bait-and-switch meme in which a user clicks a hyperlink only to be redirected to a YouTube video of pop star Rick Astley singing his 1987 hit âNever Gonna Give You Up.â (The video has received more than 65 million hits to date.) More significantly, 4chan helped spawn Anonymous, the amorphous global network of hacktivists, trolls, and Web savants that has waged attacks on major corporate and government websites since sometime around 2004, pursuing an unusual breed of cyber vigilantism.
Still, as Kinkle well knew, so much of the material in the 4chan stream is either inane or meant as a prank that he questioned how to handle the message. As he monitored the 40 or so commenters discussing the image, he realized that many of them were taking it seriously. He decided to play along. âThe idea that this was a recruitment exercise was definitely seductive,â he recalled. âI mean, I donât have any esoteric knowledge the NSA would actually want. But the thought of engaging with people who are on the cutting edge of this stuffâthat was exciting.â
Following the Breadcrumbs
Kinkle recognized the garbled textâTIBERIVS CLAVDIVS CAESAR says âlxxt>33m2mqkyv2gsq3q=w]O2ntkââas a Caesar cipher, a simple encryption technique in which each letter is replaced by another letter a fixed number of places away in the alphabet. Since Tiberius Claudius was the fourth Roman Emperor, Kinkle tried shifting the text back four letters. It worked: The text revealed a URL. But when Kinkle pointed his browser to the site, the page showed an image of a plastic duck and the words: âWOOPS just decoys this way. Looks like you canât guess how to get the message out.â
The phrasing struck Kinkle and the other commenters as odd. Before long, someone realized that the words guess and out might have something to do with the decryption software OutGuess. Running the image through OutGuess, it turned out, extracted a link to a subredditâone of the many boards within the social news website reddit. When Kinkle clicked the link, suddenly the page bore a new mystery: a row of Mayan numerals, several lines of garbled letters, and two images labeled welcome and problems?
It was then that someone posted a link to an anonymous room on the chat website Mibbit.com, where users adopted screen names and the conversation continued without the threat of 4chanâs disappearing archive. âThatâs when I started to feel a bit creepy,â Kinkle recalls. Here he was, at 11 on a Friday night, obsessing over a riddle inside a chat room with dozens of strangers. Before this night, Kinkle had interacted with a total of three people on 4chan, a site he characterized as a âflow of smut and jokes and weird stuff that vanishes.â He saw the site as a playground for trolls, the kind of people who post deliberately distracting or provocative messages in the hope of starting an argument. âBut most trolls donât put nearly this amount of energy into what theyâre doing,â Kinkle says.
He decided to walk back to his apartment. When he arrived, his roommates were heading out to a bar and invited him along, but Kinkle mumbled an excuse and retreated to his bedroom instead. There, he got to work unraveling a series of cyber clues involving book codes, King Arthur, and the quest for the Holy Grail. Scribbling madly on index cards, he finally uncovered a message: âcall us on us tele phone number two one four threeâŠ.â
âIâm getting a phone number!â he blurted into the chat room. The more advanced commenters doubted it; the less advanced insulted him. Kinkle believed he was onto something, but no one believed him. Then he received a private messageââYouâre way ahead of the othersââand an invitation to a smaller, private chat room within the same network. Once inside, he dialed the number using Google Voice. A recording welcomed him: âVery good. You have done well. There are three prime numbers associated with the original final .jpg image. 3301 is one of them. You will have to find the other two. Multiply all three of these numbers together and add a .com on the end to find the next step. Good luck. Good-bye.â
The pixel dimensions of the first image, Kinkle realized, were 509 and 503, both primes. He multiplied the numbers and got a URL. An image of a cicada appeared onscreen, above a countdown set to expire in three days. Opening the cicada in OutGuess unveiled yet another message: âYou have done well to come this far. Patience is a virtue. Check back at 17:00 on Monday, 9 January 2012. UTC.â
Kinkle slumped in his chair. It was 2 a.m. He had reached the next level of the gameâbut what had begun as an online lark was about to breach the walls of the Web and enter real life.
Getting to Know Anonymous
The subversive digital network known as Anonymous found its footing in virtual mischief, but the way the group has wielded influence and power in real life (IRL, in Internet-speak) has made agencies like the NSA pay close attention.
Anons, as members call themselves, emerged from the juvenilia and nihilism of 4chanâs /b/ board around 2004. Over time, the group has become known less for Rickrolling and pranking radio DJs than for real-life attacks against institutions that try to suppress information online. In the winter of 2008, when the Church of Scientology tried to make the gossip site Gawker remove a leaked video of Tom Cruise delivering a diatribe, Anonymous got its first taste of mainstream attention. Vowing to âdestroyâ Scientology, thousands of Anonymous supporters protested outside Scientology centers and churches around the world, wearing Guy Fawkes masks and holding signs like âdonât worry, weâre from the internet.â The group continued its war online, releasing viral videos decrying Scientology practices and crashing Scientology websites.
The following year, in keeping with the collectiveâs love of cats, Anonymous supporters hunted down the creator of a YouTube video in which a domestic cat named Dusty is shown being slammed against a wall. Based on the creatorâs other YouTube videos, posted under glennspam1, members of 4chanâs /b/ board were able to locate and identify him as Kenny Glenn, a 14-year-old from Lawton, Okla. Shortly after the teen was outed, local police stepped in. Meanwhile, hundreds of cat photos flooded 4chan, with captions like âill see you in jail kenny glenn.â
In the years since, Anonymous has grown more political. In December 2010, core Anons recruited thousands of volunteers to orchestrate whatâs called a distributed denial of serviceâflooding a website with traffic until it crashes or slows considerably. The group targeted the sites of MasterCard, Visa, and PayPal, all of which had effectively prohibited financial contributions to WikiLeaks. Anonymous (and in some cases, its splinter groups) also made trouble for Interpol, the CIA, German neo-Nazi groups, child-pornography servers, the Tunisian government, News Corporation, and others. It even bugged a conference call between the FBI and Scotland Yard about a global cyber crime investigation. The 16-minute call was later posted on YouTube under the headline hacked for the lulzââlulzâ being Web slang for laughs. The nihilism of 4chan, after all, is part of its DNA.
Considering its contradictory impulses, observers of Anonymous have struggled to define the group as either political or criminal in nature. Parmy Olson, Forbesâs London bureau chief and author of the book We Are Anonymous, says the groupâs supporters are âunpredictable.â âThey could be trying to take down the website of a repressive African government one minute and harassing someone on Facebook for fun the next,â she says. And while some self-identify as hacktivists, using the resources and reputation of Anonymous for social-political causes, others remain true to the anarchic culture of /b/. âWhat matters more,â Olson says, âis that Anonymous has provided a process for anyone to pool together to cause some sort of stir online. The more creative the better.â That sort of 4chan-inspired mentality is responsible for attacks on Mexican drug lords and British government websites, but itâs also the same incubatorâor at least, the same type of thinkingâthat inspired the cicada mystery in which Kinkle found himself steeped.
Locating the Cicada
At 4:59 p.m. on Monday, Kinkle and his Venezuelan office mate were staring at the countdown on his laptop. When the clock hit zero, the website reloaded. Fourteen GPS coordinates popped up, their locations fanned across the globe: Warsaw, Seoul, Paris, Sydney, Hawaii, Miami, New Orleans, Seattle. Until then, none of the still-anonymous participants had provided any personal information. But suddenly, as they traced the coordinates to specific addresses, these same participants began volunteering their whereabouts. âLike, âIâm in Oakland,â âIâm in Sweden,â âIâm in South Korea,â?â Kinkle said.
The problem? None of the commenters were near any of the coordinates. âEveryone was deflated,â Kinkle said. He was convinced this was a decoy, but others in the chat room turned paranoid. What if someone had planted a bomb at the coordinates? What if a kidnapper was lying in wait?
Over the next week, people paid visits to the addresses in Paris, Warsaw, Miami, and Sydney. They posted pictures inside the chat room of what theyâd found: sheets of white paper taped to streetlights, each featuring a QR code and a red-stenciled image of a cicada. The codes linked to unique URLs, which, when opened with OutGuess, revealed two new messages.
Kinkle couldnât figure out what they referred to, but someone else did: a 300-line poem by the science fiction writer William Gibson called âAgrippa (A Book of the Dead).â By using the poem to decode the content of the messages, commenters extracted a Tor address. Tor, short for the Onion Router, is an obscure routing network that hides a userâs IP address by redirecting Internet traffic through proxies. In effect, Tor enables users to anonymously explore the Internetâincluding its darkest regionsâwithout the risk of being traced. Itâs in these secret spaces, buried deep in the deep Web, where the remaining clues lay in wait.
Diving Into the Deep Web
Sometimes called the âinvisible webâ or âdark net,â the deep Web represents the portion of the Internet that cannot be indexed by standard search engines such as Google, Yahoo!, or Bing. Search engines work through a process known as âspideringâ or âcrawling.â Crawlers roam across the Web collecting pages and keywords, following the hyperlinks on each page to amass more and more data. The results are filed into indexes of keywords; when you type a search query in Google, the search engine returns results from the appropriate index. The surface Web, or the part of the Internet that most people use on a daily basis, consists of Web pages that are linked to this giant mass. But since the majority of content on the Web isnât linked to anything, it remains hidden from the crawlers. Researchers say itâs impossible to measure the size of the un-indexed Internet, though itâs estimated to be between 4,000 and 5,000 times larger than the surface Web.
âPeople donât have an accurate way of measuring the deep Web, because itâs hard to define what it is,â says Juliana Freire, a computer science professor at New York University who studies the topic. To that end, much of the unindexed material is banal: peer-to-peer file-sharing services, scientific and governmental databases. But deep Web mythologyâborn out of 4chan, reddit, and other online forumsâabounds with rumors of human-trafficking rings, weapon depots, and terrorist networks that dwell in its belly like unclassified sea creatures, squatting on abandoned websites, then leaving without a trace.
Yet thereâs enough truth out there to feed worries. Take the Russian Business Networkâan elusive cyber-crime conduit originally based in St. Petersburg that began as a service provider for websites devoted to identity theft, child pornography, and spamming. Thought to have been created in 2006 or earlier by a 24-year-old known only as Flyman, the network was linked to a stunning 50 percent of all credit-card phishing schemes. But the shadowy provider has since vanished from view.
In recent months, Silk Road, a black market website that uses Tor to enable users to anonymously sell illegal drugs including heroin, cocaine, and Ecstasy, has come to the attention of the Drug Enforcement Administration. The website, which employs a digital currency called Bitcoins to further disguise the identities of buyers and sellers, has enabled about $22 million in sales, according to a Carnegie Mellon report. A handful of recent discussions have tried to suggest that some usersâincluding the siteâs administrator, who goes by the handle âDread Pirate Robertsââare becoming increasingly less visible in the wake of media scrutiny. However, as Gawker has noted, someone is clearly still investing; in July 2012, the Silk Road site underwent a major redesign.
In the realm between academic accounts and crime-facilitating organizations lie those who use Tor for work. Journalists, for example, employ Tor to communicate with dissidents, whistle-blowers, and environmental activists concerned about government surveillance. One tech blogger, writing about the cicada mystery after the fact, suggested that a tech company or intelligence agency might have been using Tor for similar means.
Unsolved Mystery
After downloading TOR software, Kinkle visited the appointed address, which instructed him to create an anonymous Hotmail account. Minutes later, he received what the sender claimed was a personalized message. It contained a riddle Kinkle had to solve on his own.
âIt required all this complicated decryption software,â he says. âI just couldnât figure it out.â He emailed his programmer friends and anyone he thought might provide a lead, but they too came up empty. And so 10 days after his quest began, it was over.
âI never heard anything again,â Kinkle admits. He adds that he was extremely curious to know who was behind the game and why it was created. âIf I thought it was just a complex puzzle with a clever answer, I donât think Iâd have been as captivated as I was.â
Weeks after he abandoned the quest, the mystery was still nagging at him. While idly Googling âcicadaâ and â3301â one day, he discovered a Wiki page about the puzzle that revealed a new development. Another mysterious message had appeared on 4chan in February. It read: âWe have now found the individuals we sought. Thus our month-long journey ends.â
But the day after that message was posted on 4chan, yet another strange note cropped up on a temporary text-storage site called Pastebin. It seemed to be a letter of congratulations to the winners of the puzzle, acquired and re-posted by a member of Anonymous. âDO NOT SHARE THIS INFORMATION!â the re-posted letter began. It continued: âYou are undoubtedly wondering what it is that we do we are much like a * think tank * in that our primary focus is on researching and developing techniques to aid the ideas we advocate liberty privacy security.â The letter offered the winners membership in the group, as long as they answered a few questions, including âDo you believe that information should be free?â
Itâs a frustrating, enigmatic ending to a saga that, throughout, showed signs of careful craftsmanship and ingenious orchestration. It was a hunt that swept a room full of curious minds from an idle board on 4chan down the Internetâs most anonymous corridors, then spit them out into the real world. But today, Kinkle feels like heâs back where he started. He knows no more about âcicada 3301â than he did on that January night.
âItâs actually pretty crazy that thereâs so little about that final message online,â he says. âA decent amount has been written about the hunt itself, so itâs odd that thereâs barely anything about its conclusion.â
In 10 days, Kinkle traveled across more of the Web than most people will in a lifetime. The journey stoked his curiosity. Today, he spends his days poring over the underbelly of the Internet. He keeps a Tor browser on his phone, and he stays vigilant, occasionally dipping into 4chanâs boards, holding out hope that somewhere, flowing in this massive river of smut and depravity and cat jokes, he just might catch a glimpse of the answer.
This story originally appeared in mental_floss magazine. Now go download our new iPad app! Or get a free issue of mental_floss magazine via mail.