Mike Morford recently relaunched his Zodiac Killer discussion forum:

His forum was formerly available by invitation only, but is now open to everyone. It is filled with lively conversations on a wide variety of topics, including news, suspects, the killer’s correspondences, evidence, analysis, theories, and non-Zodiac crimes. My favorite topics, of course, are the cipher-related ones, in which forum members present their ideas, observations, and theories about the various cryptograms attributed to the killer.

Join the conversation at ZodiacKillerSite.com!

Updated April 17, 2013: In light of recent events, I’ve decided to remove the ricin recipe plaintext from this post. The FBI, however, continues to display the encrypted ricin recipe on their website.

Cryptographer Klaus Schmeh recently posted about a cryptogram that appears in an FBI article about how their Cryptanalysis and Racketeering Records Unit (CRRU) breaks codes and ciphers to solve crimes.

The FBI article says the cryptogram contains “enciphered instructions for making ricin poison found in the notebook of a lone bomber in Virginia.” I couldn’t find any decryptions of the cipher text, so I transcribed it, and fed it into zkdecrypto lite, which very quickly found a rough approximation of the plaintext. A little bit of extra work yielded the full solution, which really does contain a recipe for ricin poison, encrypted using simple homophonic substitution.

At first I was hesitant to post the solution. Is it irresponsible to reveal a dangerous recipe to the public? But I’ve decided to post it for these reasons:

1. The FBI already posted the cryptogram in full view of the public.
2. The cryptogram is very easy to solve.
3. Ricin recipes are already very easy to come by via Google searches.
4. The enciphered recipe is very crude, producing only a mash form that is not further purified for dangerous potential. Similar recipes in terrorist “cookbooks” are “deemed incapable of achieving a good product for causing a large number of casualties by any exposure route, mainly because of the low content of toxin of the final extracts” ^[1]
5. Only one death has been attributed to ricin poisoning. Every other ricin-related incident seems to involve dumbasses stockpiling the stuff for its claimed deadly potential.

Here’s the decoded plaintext:

[redacted]

And here is the full analysis of the solution, including the solution key, symbol cycles, and symbol frequencies.

The cryptogram bears some interesting similarities to the Zodiac’s ciphers: It is 354 characters long (to Zodiac’s 340), has 65 distinct symbols (to Zodiac’s 64 in the 408-character cipher), uses homophonic substitution (like Zodiac’s 408), and uses some of the same symbols. The ricin bomber, however, did not do a good job of concealing the letter frequencies of the plaintext. In fact, if you look at the symbol frequencies, the most common symbols correspond directly to the most common letters in English: E, T, A, O, N, etc. This is because the lone bomber did not correctly flatten the frequencies with the proper number of symbol assignments per plain text letter.

The FBI says this cryptogram is just one small part of 24 pages of enciphered messages. It would be interesting to see what else was in the notebook, and to know more about the bomber. I can’t find any news sources that mention the Virginia lone bomber. Does anyone have any ideas?

German computer scientist and cryptology writer Klaus Schmeh recently published a German-language book about famous unsolved secret messages, including the Zodiac Killer cryptograms.

(The cover depicts what we all probably want to do with Zodiac’s cryptograms.)

Nicht Zu Knacken (which I think roughly translates as Not To Crack) summarizes ten fascinating unsolved mysteries: The Voynich Manuscript, the Rohonc Codex, James Hampton’s notebook, unbroken Enigma messages, messages from East Germany that used “double dice” transposition, the mystery of the Somerton Man, the Beale ciphers, Kryptos, Robert Thouless’ Experiment, and of course the ciphers of the Zodiac Killer.

Relying on Google Translate, I tried to digest the chapter on the Zodiac Killer. Klaus first gives a brief summary of the crimes, including a timeline of the letters and codes. He also relates the story of the Hardens’ successful decryption of the 408-character cryptogram. The Hardens were not cryptography experts, but they knew enough about cryptograms to understand the importance of English letter frequencies in attacking substitution ciphers. They also knew the importance of trying out cribs in the cipher text, which successfully revealed other pieces of the plain text. Klaus describes the effect the Hardens’ success had on them. Reportedly, Bettye Harden had trouble dealing with all of the sudden attention and fame, and developed a manic-depressive personality disorder.

Here are some of the other bits of info Klaus mentions:

• Donald Harden was asked to work on the 340-character cryptogram, but refused. However, Bettye “barricaded herself in her room for weeks” to try to solve it, but failed. The CIA and NSA also failed to crack the code.
• The 13-character cryptogram is very difficult to solve, because it is too short for cryptanalysis.
• The Zodiac Killer case went cold in the late 1970s, but then started to heat up again as the Internet became widespread in the late 1990s, and sites such as Tom Voigt’s Zodiackiller.com appeared.
• Robert Graysmith points out in his book “Zodiac” several cryptography books that were available at the time of the crimes: “The Codebreakers” by David Kahn, and “Codes and Ciphers” by John Laffin.

The 340 is still of interest to cryptographers because of its length. The 13 and 32 character cryptograms are simply too short, making definitive solutions very unlikely. But the 340 is long enough to hold out hope for a definitive solution resulting from discovery of an encryption scheme.

Based on symbol frequencies, Klaus observes that the 340 has some homophonic properties (letters in the hidden message might be represented by multiple symbols), suggesting a construction similar to the 408. But he wonders if the same method was used a second time. Since the 408 was solved so quickly, Zodiac could have changed his method, perhaps by adding meaningless letters, or by completely changing his encryption technique.

Homophonic substitution ciphers make decryption difficult, but not impossible, as the Hardens demonstrated. Failing with cribs, one could try to guess common letter pairs. But the 340 does not have much to work with. Another strategy is to look at the homophone order (the sequences of symbols assigned to individual plaintext letters).

While researching his book, Klaus met Austrian Mensa member Jürgen Koller, who was developing his own method of detecting homophone usage in the Zodiac ciphers. His “two-time repetition” approach can be found here. And his Austrian Mensa article about the Zodiac ciphers can be found on page 36 in this “Top IQ” Mensa journal published last year.

Klaus also mentions the Cryptologia paper by John King and Dennis Bahler, An Algorithmic Solution of Sequential Homophonic Ciphers. The method described in the paper is very powerful for attacking cryptograms that are constructed with sequential homophones. You can see the pattern of sequential homophones in this detailed breakdown of the solution to the 408. The 408 is easily cracked by King and Bahler’s method, but no solution is found for the 340 using the same method. I believe the same regularities that make ciphers like the 408 vulnerable to King and Bahler’s technique also make them easily cracked by hillclimbing computer programs such as zkdecrypto.

But the Zodiac killer probably did something unique to the 340 to make it withstand attacks from these various methods. Homemade test ciphers that are 340-characters long and share the same symbol distribution easily fall to these assorted attacks. I don’t think we can keep assuming that a simple substitution attack will work. Something else is probably going on in the encryption scheme in the 340. Or it’s just pointless busywork which continues to hypnotize us nearly a half century after it was created.

What is the “something else” the killer might have applied to the 340-character cryptogram? Klaus mentions Robert Graysmith’s “solution”, but points out the overuse of unusual abbreviations, misspellings, and incomprehensible wording. Those traits are common when you allow anagramming in your approach to the solution (you can see many examples of them here). Klaus also notes Raymond Grant, whose book “The Zodiac Murders – Solved” describes elaborate hidden messages in the Zodiac letters, and is “simply too confusing to be true” and “more of a curiosity than a serious contribution.” Many more ideas have been explored. Hopefully one of them will lead to a breakthrough.

Overall, Klaus Schmeh’s book is very interesting. It goes a bit beyond the usual “Top Unsolved Codes” lists that occasionally appear in the news to tease our thirst for mysteries. Brush up on your German and visit Klaus’ blog in which he unearths more mysteries and tidbits. And watch his appearance on German TV show “Planet Knowledge” during a full hour-long episode about secret codes.

Click above to view the entire article as it appeared as the top story in the Leader-Herald, a local newspaper in Gloversville, NY.

The article also appeared online here: Decoding a Killer.

Daryll did not solve Zodiac’s puzzle, and this article explains why. I’m glad people are still trying to solve the cryptograms, but until someone comes up with the real solution, these stories will continue to flourish.