Puzzles Endanger, Then Save, a Nation: The Spy Who Couldn’t Spell

While working on our multi-part series of posts about the history of codebreaking in America during the 20th century, I mentioned that some of the recent revelations about the National Security Agency were the result of Edward Snowden’s actions during his time as a government contractor.

What you might not know is that he has not been the only contractor to sneak information off of government computers in that fashion: a decade before Edward Snowden, there was Brian Patrick Regan.

Regan was a career soldier in the Air Force who eventually reached the rank of Master Sergeant and worked in signals intelligence.

Buried under hundreds of thousands of dollars in credit card debt, Regan decided his only way out of financial ruin was to try to sell US government secrets to a foreign government. He copied page after page of sensitive documents from national defense systems and snuck them out of his office, eventually amassing more than 15,000 pages, CD-ROMs, and other material in his home.

He would later bury bundles of these documents in various locations, including state parks, concealing the GPS coordinates of these valuables caches through a complicated series of encryptions where letters and numbers became three-digit sets.

You see, Regan had spent a fair amount of time studying cryptography, and fancied himself a top-shelf codemaster.

Regan used another set of encryptions of lesser complexity when he attempted to contact agents of the Libyan, Iraqi, and Chinese governments in order to sell off the treasure trove of secrets he’d amassed during his time at the National Reconnaissance Office.

One of these packets — a collection of three parcels intended for Libya — ended up in the hands of an FBI agent named Steven Carr.

From The Spy Who Couldn’t Spell by Yudhijit Bhattacharjee:

In the first envelope was a four-page letter with 149 lines of typed text consisting of alphabets and numbers. The second envelope included instructions on how to decode the letter. The third envelope included two sets of code sheets.

One set contained a list of ciphers. The other, running to six pages, listed dozens of words along with their encoded abbreviations: a system commonly known as brevity codes. Together, the two sets were meant to serve as the key for the decryption.

Some of the document had already been decrypted by FBI agents, and it revealed a member of the US intelligence community — claiming to be CIA, which was unverified, but definitely someone with top secret access — was trying to sell government secrets.

And this person had terrible spelling.

Brian Patrick Regan suffered from severe dyslexia. And, despite concerted efforts to perfect both his encryptions and his plan to net millions by selling government secrets, that dyslexia would be one of the clues that led Steven Carr to Regan’s doorstep.

It took Carr six months to connect Regan to the Libyan package, but once he did, surveillance on Regan began immediately.

When Regan attempted to board a plane to Zurich in 2001 — intending to meet with Iraqi and Libyan embassy officials — he was nabbed by the FBI and taken into custody.

Again, excerpted from The Spy Who Couldn’t Spell:

On searching Regan, officials found a piece of paper tucked between the inner and outer soles of his right shoe, on which were written addresses of Iraqi and Chinese embassies in Europe. The other materials they found on him and in his belongings were more mystifying. In a trouser pocket, Regan was carrying a spiral pad containing a page with 13 words that didn’t add up to anything: like tricycle, rocket and glove.

He had another 26 random words scribbled on an index card. Among the contents of Regan’s wallet was a piece of paper with a string of letters and numbers that read “5-6-N-V-O-A-I …” And in a folder he was carrying in his duffel bag were four sheets with handwritten lines of three-digit numbers.

FBI cryptanalyst Daniel Olson decoded some of the messages found on Regan when he was captured, but he had failed to unravel the multi-stage encryptions that concealed where Regan had buried his secret parcels. The government knew which state parks, but with acres and acres of possible hiding places, they needed more precise information.

And those parcels were the key, because they weren’t just packages to be sold to the highest bidder. No, those parcels doubled as a ransom in order to secure a better deal for himself with the US government. He wanted to blackmail the government for a reduced sentence.

They were his insurance plan.

As Thomas G. West said in Seeing What Others Cannot See, a book about visual thinking and dyslexia, “It’s not hard for a dyslexic to think ‘out of the box’ because they have never been in the box.”

Thankfully, Regan eventually realized that cooperation was in his best interest, and he revealed that each of the elaborate three-digit codes concealed a backdoor key built into the code itself.

Regan designed them this way so that, if he forgot the actual details of the encryption, all he would need is the starter word, a spark that would unlock the built-in key and help him decode the entire message.

This backdoor key system worked in a similar fashion to the Vigenere cipher, where a keyword or key phrase served as the entry point for a longer string of encrypted text. The trouble is… you need to know the cipher word or source in order to crack the code.

For example, during World War II, German agents in Europe used Daphne du Maurier’s Rebecca as the basis of a code for transmitting intelligence from Cairo to support a campaign by the Axis powers against the Allies in North Africa.

The discovery of the book among the possessions of two German radio operators who didn’t read English ultimately led to the breaking of the code, which in turn led to the capture of the German spies in Cairo.

Regan revealed the cipher words for the various hiding spots in state parks — which used cipher words from sources as peculiar as Regan’s own high school yearbook — and soon, the FBI recovered all but one of the buried parcels.

But Regan couldn’t remember the cipher word for the last one.

Daniel Olson would then step in, having learned some of Regan’s techniques as they uncovered the other parcels, and partially decrypting the remaining message enough to spark Regan’s memory. Regan finally came up with the last cipher key, and the final parcel was recovered.

Yes, once again, puzzly perseverance had saved the day!

Regan was found guilty on two counts of attempted espionage and one of gathering national defense information, and sentenced to life imprisonment with parole. Which, quite honestly, is getting off easy, considering that prosecutors were seeking the death penalty for his treasonous acts. (If prosecutors had gotten their way, he would’ve been the first person executed for espionage since the Rosenbergs in the ’50s.)

For the full story, including more in-depth explanations of Regan’s elaborate encryptions, check out The Spy Who Couldn’t Spell by Yudhijit Bhattacharjee.


Thanks for visiting PuzzleNation Blog today! Be sure to sign up for our newsletter to stay up-to-date on everything PuzzleNation!

You can also share your pictures with us on Instagram, friend us on Facebook, check us out on TwitterPinterest, and Tumblr, and explore the always-expanding library of PuzzleNation apps and games on our website!

The Gravity Falls Cipher Hunt!

It’s sad when your favorite show goes away, particularly when it feels like there could have been so much more to enjoy. As someone who routinely seems to discover hidden gems on TV, only for them to vanish a season or two into promising runs, I know this better than most. (Alas, Brimstone, Now and AgainTwin Peaks, Better Off Ted, and others…)

The fans of the Disney Channel animated series Gravity Falls endured similar sadness when the show wrapped up its two-season run earlier this year. (Although it was the decision of the showrunner to end the show and not the network in this case, it was still a sad day for fans.)

From the Wikipedia article on this Twin Peaks-fueled program:

For their summer vacation, 12-year-old twins Dipper and Mabel Pines are dropped off from their home in Piedmont, California to the fictitious town of Gravity Falls, Roadkill County, Oregon to live with their Great Uncle Stan Pines (often shortened to Grunkle Stan), who runs a tourist trap called Mystery Shack. Things are not what they seem in this small town, and with the help of a mysterious journal that Dipper finds in the forest, they begin unraveling the local mysteries.

The show was big on supernatural storytelling and puzzles to unravel, even including ciphers at the end of each episode that incorporated classic encryption techniques like Caesar ciphers, Vigenere ciphers, and others. This is pretty high-level stuff for a show that’s supposedly for kids. (Then again, plenty of adults enjoy a quality animated show, and Gravity Falls was critically acclaimed for good reason.)

In the series finale of the show, there was a brief shot of a statue of the show’s villain Bill Cipher, but it appeared to be a photograph rather than an animated image.

Speculation immediately ran rampant as fans wondered if there was really a Bill Cipher statue somewhere.

And there was.

Cue the Gravity Falls Cipher Hunt, a world-spanning puzzle hunt launched on July 20, 2016, where fans teamed up to crack clues offered by show creator Alex Hirsch, all in the hopes of tracking down this mysterious statue.

Although the main thrust of the hunt was centered around the United States, clues appeared in places as far-flung as Russia and Japan, requiring a truly global effort of cooperative fandom to crack each mystery.

And the creator himself was astonished when the entire hunt was solved in just two weeks, as fans pieced together the last fragment of the puzzle on August 2: a missing section of parchment that corresponded to a map of a forest in Reedsport, Oregon.

[Click here for a rundown of the entire puzzly saga.]

Awaiting the intrepid solvers was not only did the statue of Bill Cipher, but a treasure chest with messages that could only be read under black light. Also, in a truly brilliant bit of fan service, there was a sash and crown inside the chest that would anoint the wearer as the mayor of Gravity Falls! (Hirsch even went on to say that this appointment is now canon for the show!)

And, as it turns out, they found the statue just in time, as a property dispute between neighbors has led the statue to be taken in by police until the situation is resolved!

This is not only an outstanding example of real-world puzzling in its own right, but a wonderful thank you from a creator to his fans, providing one last challege, one last story, to the people who’d most appreciate it. Nicely done, Mr. Hirsch, and nicely done, Gravity Falls fans!

[Also, nicely done to Owen, and his mom, friend of the blog Chris Begley, for bringing this story to my attention.]


Thanks for visiting PuzzleNation Blog today! Be sure to sign up for our newsletter to stay up-to-date on everything PuzzleNation!

You can also share your pictures with us on Instagram, friend us on Facebook, check us out on TwitterPinterest, and Tumblr, and explore the always-expanding library of PuzzleNation apps and games on our website!

The Mystery of the Kryptos Sculpture

[Image courtesy of Kryptos.arcticus.com.]

If I told you that one of the most famous unsolved encrypted messages in the world isn’t lurking in the works of Da Vinci or in some vast government warehouse like the Ark of the Covenant, but rather as part of a sculpture only twenty-five years old, you might be surprised.

You’d probably be less surprised to discover that said sculpture is located in front of the headquarters of the CIA, though.

Kryptos, a flowing sculpture made of petrified wood and copper plating over a small pool of water, was revealed to the world in 1990. Masterminded by artist Jim Sanborn, it was apparently designed to both challenge and honor the Central Intelligence Agency. And for decades now, it has proven to be a top-flight brain teaser for codebreakers both professional and amateur.

From an article on Wired.com:

It all began in 1988 when the CIA Fine Arts Commission commissioned local artist James Sanborn to create a cryptographic sculpture for a courtyard on the CIA campus. Sanborn completed the two-part sculpture in 1990, which included stones laid out in International Morse code near the front entrance of the CIA campus, and a 12-foot-high, verdigrised copper, granite and petrified wood sculpture. The latter, which is the more famous part of Kryptos, was inscribed with four encrypted messages composed from some 1,800 letters carved out of the copper plate.

[Image courtesy of The Magazine.org.]

There are four distinct sections, utilizing different forms of encryption. And amazingly, the fourth section continues to elude codecrackers to this very day.

It took nearly a decade before anyone announced a solution to the first three encryptions. A computer scientist named Jim Gillogly announced in 1999 that he had cracked passages 1, 2, and 3 with computer assistance.

The CIA, not to be one-upped, then revealed that one of their own employees, an analyst named David Stein, had solved those same three passages the year before, using only pencil, paper, and lunchtime man-hours.

But a 2013 Freedom of Information Act request into records of the National Security Agency revealed that an NSA team actually cracked those same three passages back in 1993 as part of a friendly rivalry between the NSA and CIA, provoked by former NSA director and then-deputy CIA director William O. Studeman.

[Image courtesy of G.A. Matiasz.]

Passage 1 employs a Vigenère cipher, a letter-shifting cipher that has been used for centuries, also known as a periodic polyalphabetic substitution cipher, if you want to get fancy with it.

The message, penned by Sanborn himself, reads Between subtle shading and the absence of light lies the nuance of iqlusion. [Iqlusion is an intentional misspelling of “illusion.”]

Passage 2 also employs a Vigenère cipher, but utilizes a different keyword than Passage 1. The message, also composed by Sanborn, points toward something hidden nearby:

It was totally invisible. How’s that possible? They used the earth’s magnetic field. x The information was gathered and transmitted undergruund to an unknown location. x Does Langley know about this? They should: it’s buried out there somewhere. x Who knows the exact location? Only WW. This was his last message. x Thirty eight degrees fifty seven minutes six point five seconds north, seventy seven degrees eight minutes forty four seconds west. x Layer two. [Again, there’s an intentional misspelling here with “undergruund.”]

Passage 3 uses a transposition cipher, which relies on the positioning of given letters in order to properly spell out a message. The message is inspired by the words of Howard Carter, the archaeologist who opened King Tut’s tomb:

Slowly, desparatly slowly, the remains of passage debris that encumbered the lower part of the doorway was removed. With trembling hands I made a tiny breach in the upper left-hand corner. And then, widening the hole a little, I inserted the candle and peered in. The hot air escaping from the chamber caused the flame to flicker, but presently details of the room within emerged from the mist. x Can you see anything? q [Again, there’s an intentional misspelling with “desparatly.”]

[Image courtesy of Unmuseum.org.]

Although some codebreakers believe the misspellings of “iqlusion,” “undergruund,” and “desparatly” are simply Sanborn’s crafty attempts at misdirection, others believe they are clues hinting at how to crack Passage 4, which is only 97 characters long.

Sanborn has even offered hints to help frustrated solvers in their efforts to unravel the mystery of Passage 4. In 2006, he revealed that letters 64 through 69 in the passage, NYPVTT, decrypt to “Berlin.”

And in 2014, Sanborn revealed that letters 70 through 74, MZFPK, decrypt to “clock.” So the message has something to do with the Berlin Clock, although Sanborn has stated “there are several really interesting clocks in Berlin.”

[Image of the Berlin Clock courtesy of Secret City Travel.com.]

Amazingly, even if someone does crack Passage 4 someday, that’s not the end of the journey. All four passages are part of a riddle to unravel to truly solve the Kryptos puzzle, and apparently, doing so requires you to be on CIA property. That’s no small feat.

Jim Sanborn has truly created a beautiful, diabolical puzzle for the ages here. I wonder who will step up to finally solve this masterpiece.


Thanks for visiting PuzzleNation Blog today! Be sure to sign up for our newsletter to stay up-to-date on everything PuzzleNation!

You can also share your pictures with us on Instagram, friend us on Facebook, check us out on TwitterPinterest, and Tumblr, and explore the always-expanding library of PuzzleNation apps and games on our website!

Let’s crack some Confederate codes!

[A table for cracking Vigenere ciphers.]

Cryptography is probably the only puzzly skill in history upon which lives have depended. The movements of troops, plans for invasion, locations of key officers, spies, and personnel… all of these vital pieces of information have been encoded numerous times across numerous conflicts, all in the hopes of keeping that data from prying eyes.

It’s not as if anyone has to solve a crossword to prevent a Dennis Hopper-esque madman from wreaking havoc on Los Angeles, or the outcome of a pivotal battle hinged on someone finding all the words in a word seek faster than the enemy.

But cryptography is both a delightful diversion and deadly serious, depending on the context.

Which makes it all the more curious that it took more than a hundred years for a Confederate message from the Civil War to be decoded.

The coded message was first displayed in The Museum of the Confederacy in Richmond, Virginia in 1896, after being donated by Captain William A. Smith, a member of Walker’s Greyhounds, a division of Texans fighting for the Confederacy.

The actual message was unknown. The rolled-up slip of paper was tied with a linen thread and placed in a small glass vial along with a .36-caliber lead pistol bullet, and stoppered shut. (The bullet was included in order to make the vial heavy enough to be tossed into the river and sink if the scout carrying it was in danger of being captured.)

The mysterious message was meant for General John C. Pemberton, the Confederate general attempting to protect and defend Vicksburg from the army of Union Major General Ulysses S Grant. The same general who would surrender Vicksburg to Grant on July 4, 1863 after 47 days under siege.

But the message never got to Pemberton. Instead, it ended up as part of a Civil War museum, its message undelivered, its code unbroken.

Until 2008, when curiosity among museum staff led to an unveiling a century later than intended. The message was photographed and then returned to the glass vial, which itself was then returned to its display.

And the message intended for General Pemberton?

SEAN WIEUIIZH DTG CNP LBNXGK OZ BJQB FEQT FEQT XZBW JJOA TK FHR TPZWK PBW RYSQ VOWPZXGG OEPF EK UASFKIPW PLVO JKZ HMN NVAEUD XYE DWRJ BOYPA SX MLV FYYRDE LVPL MEYSIN XY FQEO NPK M OBPC FYXJFHOHT AS ETOV B OCAJDSVQU M ZTZV TPJY DAW FQTI WTTJ J DQGOAIA FLWHTXTI QMTR SEA LVLFLXFO.

Unlike many simple coding techniques, this is not a Caesar cipher where each letter is simply another letter of the alphabet in disguise. (Every E is actually an L, every F an M, etc.)

This is a Vigenere cipher, where a key word or phrase is required to unlock the letter substitution involved. For centuries, this cipher was considered unbreakable, though this was no longer the case by the time of the Civil War. (The Union regularly cracked coded Confederate messages.)

By 2008, Vigenere ciphers were easily cracked by amateur and professional cryptographers alike, and the Confederate message was finally revealed to the world:

Gen’l Pemberton, you can expect no help from this side of the river. Let Gen’l Johnston know, if possible, when you can attack the same point on the enemy’s line. Inform me also and I will endeavor to make a diversion. I have sent some caps. I subjoin despatch from Gen. Johnston.

Essentially, the message means that the reinforcements Pemberton was hoping for to shore up Vicksburg’s defenses weren’t coming.

But the message never got to the general, because before the scout arrived with the bad news, Vicksburg had already fallen, and Pemberton had surrendered.

So instead, the scout, having somehow realized from afar that Vicksburg was lost, returned to his camp and handed the unopened message to a Captain Smith, the same man who would later donate the message to the Museum.

And an enduring mystery was born.

[I learned of this story in the book Hidden Treasures: What Museums Can’t or Won’t Show You by Harriet Baskas, which also inspired my post a few weeks ago about the Morris Museum music box.]

Thanks for visiting PuzzleNation Blog today! You can share your pictures with us on Instagram, friend us on Facebook, check us out on TwitterPinterest, and Tumblr, and be sure to check out the growing library of PuzzleNation apps and games!