On July 31, 1969, the Zodiac killer mailed three letters to three different San Francisco newspapers. Each letter included details about his recent murders, and a third of his 408-character cryptogram. The pieces of the cryptogram were soon published, and in less than a week, Donald and Bettye Harden had already solved the cryptogram. Their solution was published in the San Francisco Chronicle on August 9, 1969. “I’m convinced he has it solved”, said Detective Sergeant John Lynch, who was in charge of the case at the time.

The Hardens’ solution is well-known, but Sergeant Lynch also received a lesser-known solution to the cryptogram, sent in the mail on August 10th by a “concerned citizen”, and obtained last year via the valiant FOIA efforts of morf:

The card was sent one day after the Hardens solution became publicly known via the Chronicle article. With the card came this sheet of paper showing a substitution key to the 408-character cryptogram:

(more…)

Last year, USC machine translation specialist Kevin Knight and his group of researchers cracked the “Copiale cipher”, 105 pages of mysterious enciphered text from the 18th century. Yesterday, Wired published this fascinating and detailed account of how it all went down, and what’s happened since then:

http://www.wired.com/dangerroom/2012/11/ff-the-manuscript/all/

The decoding effort started as a sort of game between two friends that eventually engulfed a team of experts in disciplines ranging from machine translation to intellectual history. Its significance goes far beyond the contents of a single cipher. Hidden within coded manuscripts like these is a secret history of how esoteric, often radical notions of science, politics, and religion spread underground.

Uncovering the meaning of the mysterious symbols was only the first piece of a deeper puzzle: Understanding the organizations that spent so much time developing cryptographic methods to hide their rituals from the world.

After reading the Oculists’ cipher, Önnerfors suggested that it described one of the more extreme groups. Forget the implicit threats to the state or church. In part of the Copiale, there’s explicit talk about slaying the tyrannical “three-headed monster” who “deprive[s] man of his natural freedom.” There’s even a call for a “general revolt.” Remember, Önnerfors told the code-breakers, this book was written in the 1740s—30 years before the Declaration of Independence. “To someone at the time,” he added, “this would be like reading a manifesto from a terrorist organization.”

The Copiale cipher turned out to be a homophonic substitution cipher, the same general technique Zodiac used to construct his 408-character cipher. Kevin and his team have also studied the Zodiac ciphers, and I’m hopeful they will continue to give them some academic attention. They have also published a fascinating review of what we know about the Voynich Manuscript, the book containing 240 pages of bizarre symbols that have remained undeciphered for about 600 years. As Kevin’s team, and other researchers like them, continue to improve their decipherment and translation technologies, we can hope to unlock even more mysteries, perhaps even the Zodiac ciphers.

“Serial killers provide the frights at N.Y. haunted house”

Exploitative entertainment? Or innocent Halloween fun?

Özcan Türkmen, a German-born software engineer and art critic living in Turkey, recently published this solution for the unsolved 340-character cipher:

Halt Idiot Paul, Presidio killing. Lord of sick mankind killed all idiots, silly morons; am psycho, ain’t stop killing the people skid into lair of lion. I like doodles (old oils/odd dolls?) and the gasoline stamps, cloning the weird fossils in detail, hiking trails of Orland memorial (?). Stein, I was disdaining killing the idiot. In case the kids look over soon. I’m killer. I am the lion slower than snail, silent sneaking killer serpent, king lion, I am the apocalypse trials (?).

You can click the text above to read Türkmen’s article about how he came up with the solution. You can also read a Turkish-language article reporting on his solution.

Unfortunately, this solution suffers from the overuse of anagrams, which permit too many alternative solutions. With so many alternative solutions, we can’t determine which solution is correct, without stronger evidence.

To illustrate this weakness, consider the plaintext “AORDLIDKNMSFCIN” which appears in his solution. This stream of plaintext occurs when Türkmen applies his substitution key to the cipher text, which Türkmen re-arranges to form the phrase “LRD OF SIC MANKIND”. While this phrase seems vaguely Zodiac-like, look at all the other words that can also be made from the very same letters:

INFRASONIC, INSOMNIAC, CRIMINALS, IRONCLADS, MANDOLINS, MANIFOLDS, AIRLOCKS, MANIKINS, ANDIRONS, INSOMNIA, MANIFOLD, ANDROIDS, CLARIONS, MANDRILS, MIDLANDS, AIRFOILS, INFORMAL, CORDIALS, CRIMINAL, CALDRONS, DISCLAIM, CALFSKIN, IRONCLAD, SARDONIC, IRONICAL, DIAMONDS, MANDOLIN, CONFIRMS, ORDINALS, CALDRON, MANIOCS, MANSION, DIRNDLS, ANDROID, ODALISK, MIKADOS, NOMINAL, MAFIOSI, NIMRODS, MARLINS, MANKIND, CONFIRM, FORMALS, NORMALS, KINSMAN, MICRONS, MACRONS, AMNIONS, MIDAIRS, MANIKIN, NIACINS, INSOFAR, AIRFOIL, FINICAL, FINIALS, SIRLOIN, INNARDS, CORDIAL, INLANDS, ANIONIC, INFOLDS, DOMAINS, DIAMOND, LIAISON, FLORINS, ANDIRON, INFORMS, ALMONDS, AIRLOCK, SILICON, CLARION, FROLICS, FALCONS, INCISOR, CANDORS, INROADS, CLAMORS, MISLAID, NONACID, CRIMSON, ORDAINS, NOMADIC, KAOLINS, DISCARD, MINIONS, MANDRIL, MIDLAND, DISDAIN, DISCORD, AIRSICK, OILSKIN, SIMILAR, NONSKID, ORDINAL, RADIOS, ORDAIN, FROCKS, FAKIRS, MICROS, CANDID, MIKADO, FLICKS, DOMAIN, NADIRS, SALMON, ACORNS, FORMIC, CALIFS, DISMAL, FINIAL, CAROMS, RANDOM, CRANKS, DAMSON, LAIRDS, RAISIN, DISARM, MOLARS, ROMANS, DIRNDL, FIASCO, MIDAIR, CASINO, RADONS, RANCID, NORMAL, CAROLS, CLAIMS, FISCAL, ANIONS, INLAND, RACISM, FRONDS, DORSAL, MACRON, RANSOM, CLOAKS, CLINKS, DRINKS, FINALS, SILICA, AMNION, FRANCS, MARLIN, FLAIRS, ADORNS, FLACKS, NIMROD, FLORAS, CANONS, FLOCKS, MANIOC, SOLIDI, INLAID, CLONKS, FLANKS, CORALS, INROAD, CONMAN, ALMOND, MICRON, CANDOR, CLAMOR, KARMIC, MACROS, SIMIAN, FIORDS, SAILOR, NORDIC, FLORIN, MANICS, SOCIAL, FLORID, NOMADS, MODALS, MORALS, FROLIC, SORDID, CLANKS, FORMAL, FALCON, DINARS, IRONIC, INFOLD, IDIOMS, MINORS, KIDDOS, NIACIN, MOSAIC, MANORS, KAOLIN, CROAKS, ISLAND, MISDID, FRANKS, DRAINS, MINION, CAIRNS, INFIRM, INFORM, CRAMS, NARKS, NAIFS, SNARL, CILIA, NORMS, MONKS, SICKO, ADORN, CALMS, FOLKS, SCRIM, MORNS, RAIDS, SNAIL, RANIS, COALS, KINDA, FLACK, MANIC, CLANS, CLONK, DIDOS, ADIOS, DRAMS, ROAMS, COLAS, MINOR, MINKS, CRANK, MINIS, ORALS, INFOS, AMIRS, CLAMS, FIORD, FROND, MILKS, RINDS, CLAIM, FLANS, DIALS, CORAL, IRONS, OINKS, DRANK, MIDIS, CAROM, RADIO, CAROL, CLODS, FIRMS, COLDS, SCORN, MICRO, MICRA, MICAS, RAILS, ARSON, DARNS, MOILS, NARCS, FAKIR, NAILS, SCARF, FINIS, FAILS, MARKS, FOCAL, ANION, NODAL, SCION, CLANK, LAIRD, CAIRN, SOLID, DAMNS, NICKS, SOLAR, FINKS, LACKS, DADOS, FLASK, FOLDS, COIFS, ROMAN, RADII, COMAS, RADON, RIALS, MAILS, DOCKS, SCALD, ACORN, MISDO, CALIF, FRAIL, CALFS, MORAL, FLOCK, DORMS, MACRO, SNACK, RAINS, INFRA, LORIS, LORDS, DIRKS, LOINS, FINAL, LOCKS, ACRID, RANKS, LOANS, MOLDS, LOAMS, DARKS, LOAFS, DICKS, LOADS, MILDS, CORNS, LIRAS, SLINK, LIONS, CANON, LINKS, IONIC, LIMOS, ROANS, LIMNS, SCROD, FRANC, LIDOS, FORMS, DRINK, LICKS, SMACK, LIARS, FORKS, MOCKS, FORDS, LARKS, RICKS, LARDS, DORKS, ICONS, MASON, LANDS, CALKS, ROSIN, SCRAM, LAIRS, ROCKS, FINDS, CORDS, SLACK, SKOAL, RACKS, FILMS, FARMS, ROILS, DISCO, CONKS, MOANS, KRONA, KOLAS, MANOR, SCOLD, KINDS, FLANK, CORKS, OKRAS, KILOS, DINAR, KILNS, CLOAK, MAIDS, FLORA, KIDDO, ORCAS, MAINS, NOMAD, CORMS, ROADS, MARLS, MOLAR, SMIRK, SMOCK, FAIRS, FLAIR, FOILS, SLICK, CLINK, SLAIN, FLICK, DONAS, FAROS, FRANK, FOAMS, COINS, CARDS, MINDS, CROAK, NADIR, RINKS, IDIOM, FOALS, DRAIN, FRISK, SALON, SONAR, IKONS, CODAS, SONIC, ACIDS, MODAL, FROCK, COILS, IDOLS

Even after leaving out all the shorter words (less than five letters long), there are 420 words to draw from. You can create all sorts of stories with so many words to choose from. How can we possibly know for sure which words might be the ones Zodiac intentionally selected? And that chunk of plaintext is just one of many places in which Türkmen arbitrarily re-arranged. Many thousands of additional words are possible if you re-arrange the sections in which Türkmen allowed anagramming.

Türkmen’s solution also takes many subjective liberties with interpretation of the plaintext, such as “PAOL” meaning “PAUL”, “PRISIDIO” meaning “PRESIDIO”, “D” representing “THE”, “LRD OF SIC” translating to “LORD OF SICK”, “KILLD” meaning “KILLED”, and “AM PSIKO” meaning “AM PSYCHO”. Similar liberties are also taken by other discredited solutions, such as Graysmith’s famous solution. Another common quality of these solutions is that the plaintext resembles a kind of halting language resembling “baby talk”. The reason for this is because shorter phrases are much easier to produce via anagramming than longer ones. And this forces unrelated and non-sequitor phrases to appear next to each other.

The Zodiac killer very likely did something unusual, or even insane, to the 340 cipher text to make it resist attack all these years. But we still need to use sanity to discover which insane method he might have used. Could he have used this kind of anagramming technique when writing up his plaintext? I believe it is unlikely, but possible. But if he did, it will be nearly impossible to prove it, because so many alternative solutions can be generated with the same technique.

Everybody likes a good story. Well, once again, the Corey Starliper story, which is over a year old, is enjoying another new round of attention:

The evidence is quite clear that anyone could use Corey’s decryption technique to invent their own creepy hidden messages and claim that they, too, have uncovered something left for them by the Zodiac killer among the mysterious symbols. Unfortunately, this little detail doesn’t inflict the same rush of excitement as believing the story at face value. The allure of unsolved mysteries is too great to overcome popular, unskeptical thinking.

Francis Bacon understood this weakness about us, almost 400 years ago:

The human understanding is no dry light, but receives infusion from the will and affections; whence proceed sciences which may be called ‘sciences as one would’. For what a man had rather were true he more readily believes. Therefore he rejects difficult things from impatience of research; sober things, because they narrow hope; the deeper things of nature, from superstition; the light of experience, from arrogance and pride; things not commonly believed, out of deference to the opinion of the vulgar. Numberless in short are the ways, and sometimes imperceptible, in which the affections colour and infect the understanding.
– Francis Bacon, Novum Organon (1620)

And numberless are the ways phantoms appear, deliberately and otherwise, within the strange cipher symbols, leading many to a ruinous path of conviction. Here is a more recent example:

http://zodiac340cipher.thoughts.com/posts/zodiac-killer-s-340-cipher-cracked-now

Once again, someone who has found a handful of interesting words and phrases in the plain text has reached the conclusion that their decryption attempt is correct. Unfortunately, anyone can produce decryptions of the 340 cipher with a handful of interesting words and phrases. I’ve seen very many such solutions over the years. They all have some readable text, scattered in large swaths of gibberish. These solutions are easy to produce because if you allow a solution to contain a lot of gibberish, you can plug whatever you want into other parts of the cipher. From the thousands of such decryptions, how do you figure out which one is right?

Corey Starliper went a step beyond this, and decided to eliminate the constraints of the cipher text altogether, freeing him to squeeze in his invented plain text.

A frequent objection to this kind of analysis goes something like this: We can’t assume that Zodiac was a rational person, who would use a methodical encryption technique that could be easily understood or accepted. Wouldn’t he use some kind of crazy codemaking scheme that doesn’t make sense?

This is an acceptable objection. Yes, he very well could have done something insane to produce the sequence of symbols we see in the 340 cipher. But you still have to figure out which insane method is the correct one, because there are millions of them to select from!

Just because the Zodiac killer may have abandoned reason, doesn’t mean we should.

Programmer Dan Umanovskis has been busy running many experiments on the unsolved 340-character cipher. During his experiments, he used the zkdecrypto software to look for solutions for test ciphers and variations of the 340 cipher. But the current version of zkdecrypto can only work on one cipher at a time, and you have to click around in the user interface to kick off its search for solutions.

Dan needed a way to simplify and speed up the process, so he hacked together a command-line version called zkdecrypto-lite. Visit the project page, or go straight to the downloads page where you can find binaries for Windows, Linux, and Mac OS X. And read about how to use the program.

Thanks to Globalization and Digitalization, businesses are now digitized, and breathes in a connected ecosystem so do threats. Due to the digitalized and interconnected ecosystem, the companies are more vulnerable to cyber threats which makes cybersecurity an essential component. So, let’s go ahead and check out https://www.sapphire.net/ and their benefits of cybersecurity services.

This version of zkdecrypto is really great for exploring ideas about the 340 cipher, because you can set up a bunch of test ciphers, and then run the command-line program on them all at once, instead of manually loading the ciphers one at a time into the user interface. (Side note: zkdecrypto was originally a command-line program written by Brax Sisco, who worked with other programmers to add the user interface to help make the program more user friendly. So, zkdecrypto is revisiting its roots!)

Here’s some info from Dan on how to use the program:

To invoke ZKDlite, call it with a parameter giving the relative path to the cipher that you wish to solve. Such as:

./zkdecrypto-lite cipher/408.zodiac.solved.txt

Invoked in that way, the program will run the solver for 2 minutes before outputting the result. It’s also possible to specify a stopping condition:

-t n will stop after n seconds.
-i n will stop after n solver iterations.
-s n will stop as soon as the score reaches n.

So for example,

./zkdecrypto-lite cipher/408.zodiac.solved.txt -s 44000

will work on the 408 until the score exceeds 44000. That’s a good value for testing, by the way, as the 408 cipher becomes comfortably readable at a score of 44000.

./zkdecrypto-lite cipher/408.zodiac.solved.txt -s 44000
44000,ISIHEHILSINGPEOPLEBECAUSEITITSOMUCHFUNITIUMORERUNTHANHILLING
WISDGAMEINTHEFORCESTBECAUTEMANISTHEMOATDANGERTUEANAMALORALLTO
HILLTOMETHINGGIVESMETHEMOATTHRILLINGEKPECENCEITISEVENBETTERTHAN
GETTINGYOURCOCHTOFRWITHAGIRSTHEBESTPARTOFITIATHAEWHENIDIEIWILL
BECEBORNINPARADICEUNDASSTHEIHAVEHISSEDWILLBECOMEMYSLAVETIWILS
NOTGIVEYOUMYNAMEBECAUSEYOUWISLTRYTOSLOIDOWNOCUTOPMYCOLLECTING
ORSSAVETFORMYAFTERLIREEBEORIETEMETHHPITI

When I run the above example on the solved 408 cipher, the program takes only a second and a half to find the (mostly) correct solution!

Thanks, Dan, for such a useful hack of zkdecrypto!

While Zamantha was digging up Thomas Dougherty’s letters at the San Francisco Public Library, she also made copies of their collection of newspaper article clippings.

The collection contains an assortment of Zodiac-related articles from 1978 to 2009. Zamantha generously sent me a copy of the articles, and now you can view the entire collection online in Google Docs by clicking on this link.

Here is a summary of the articles contained in the collection:

Tip: When you open one of the articles in Google Docs, it will extract the text from the article. This makes the article searchable. Here’s an example:

Many thanks again to Zamantha and Traveller1st!

Thirty-seven years ago, a man named Thomas Dougherty came up with a Zodiac “code theory”, and mailed dozens of bizarre letters from the Hotel Warfield in San Francisco to United States federal judge Oliver Carter.


The letters were recently unearthed again from the San Francisco Public Library by researchers Mark (traveller1st) and Di (Zamantha). Di paid a visit to the library, obtained copies of all the files, and also discovered that they had been previously found by “Goldcatcher / Blaine Blaine”, the person who originally promoted suspicions that Richard Gaikowski was the Zodiac killer (read more here and here). Goldcatcher refers to Dougherty in his report:

Some of the most pathetic Zodiac suspects included " my Uncle Bubba the Zodiac" – this Zodiac suspect turned out, like most of the others, a joke foisted on an ignorant mass media; and someone living in a tenderloin hotel room with a bottle of wine who got drunk and began believing the son of Howard Hughes was the Zodiac according to his written decoding illusions.

Di generously gave me a copy of the Dougherty files, which I’ve scanned and put online. You can read the letters in their entirety here.

Was Thomas Dougherty on to something with the Zodiac ciphers? Let’s examine his approach. Here’s how he describes his method:
(more…)

Updated Oct 17, 2014: Fixed the Google Drive link to the FBI files.

Diligent researcher morf13‘s persistence recently paid off: He received over 800 pages of never before seen material from FBI files on the Zodiac case. Click here to view all of the new documents (thanks, Mark, for uploading them). The files contain a wide variety of material related to persons of interest investigated for the Zodiac crimes. Inside the files you’ll see handwriting samples, letters, envelopes, crime reports, interview transcripts, emergency call logs, evidence analysis, and even a suspect’s day planner. The files also contain some unconfirmed Zodiac letters, and a lot of material related to Gareth Penn’s oft debunked theories about the killer and his codes.

This cryptanalyst’s conclusions about Gareth Penn’s strange code theories says it all:

 

 

Alas, that conclusion is reached all too often when analyzing the many claims that have emerged over the years.

And speaking of codes, here is one that appears in the files:

 

 

The files don’t seem to mention this code in any way. At first glance, it resembles a book cipher like the Beale ciphers. But Quicktrader on Morf’s forums was quick to point out the code’s resemblance to a Vigenère cipher matrix, due to the way the numbers repeat in an aligned pattern.

The matrix appears with a lot of other material, including handwriting samples, and this crossword puzzle:

 

 

Perhaps someone’s interest in puzzles aroused the suspicions of investigators.

Have a look at the new documents. Can you find anything interesting?

Forum user 4on4off had an interesting idea: Why not run the Gutenberg crib search program again, but against the Zodiac’s own writings instead of the massive collection of books in the Gutenberg collection?

I ran the search, and it found a few matches. Here are the files containing the results:

Results for the 408 cipher
Results for the 340 cipher

In each file, the matches resulting in the highest Zkdecrypto scores are displayed first. Here is a sample line from one of the files:

37, 237, +yBX1*:49CE>VUZ5-+|c.3zBK(Op^.fMqG2Rc, RSEENSIGNEDYOURSTRULEYHEPLUNGEDHIMSEL, 15, 1.8402534E-5, {0 17} {2 23} {20 29} {19 36} , 2952.125, 79.78716

And here’s an explanation of the data format:

  • 37: Length of chunk
  • 237: Position of chunk. Positions start at 0.
  • +yBX1*:49CE>VUZ5-+|c.3zBK(Op^.fMqG2Rc: Transcription of cipher text chunk
  • RSEENSIGNEDYOURSTRULEYHEPLUNGEDHIMSEL: Plain text chunk
  • 15: Number of unique letters in the plain text
  • 1.8402534E-5: Constraint difficulty. Lower values reflect higher difficulty (due to larger numbers of repeated symbols)
  • {0 17} {2 23} {20 29} {19 36}: Positions of repeated symbols, grouped into pairs
  • In the data for the 408, another value appears before the Zkdecrypto score, representing the proportion of characters in the solution that match the real known solution.
  • 2952.125: Zkdecrypto score
  • 79.78716: Zkdecrypto score divided by chunk length

What do you think? See anything interesting?