Codebreaking puzzle- Breach at Whitehall

Normally, at this time of year, **Biotop **produces one of his fantastic CIA codebreaking puzzles. This year, I thought I’d steal the format and make one of my own…


At 23:05 on Thursday 13th October, Essex police received a call from Catherine Stone, reporting that her husband Dominic was missing.

Stone works an an HVAC engineer. On Thursday morning, he left his home at 08:00 as normal and spent the day working on heating system maintenance in part of the UK Treasury building in Whitehall, London. Stone works as part of a two-man team with a colleague, Peter Bergen, who lives alone in the same town as Stone. Police attempted to contact Bergen at his home but found his house to be unoccupied. Neither of the two men has been heard from since.

The next day, Friday 14th October, the van that Stone and Bergen drove to work was found abandoned in woodland thirty miles from London.

CCTV footage and keycard access logs from the Treasury building for Thursday the 13th were reviewed by police, who discovered the following:
[ul]
[li]Stone and Bergen’s van is seen arriving at the Treasury building at 09:45, approximately 45 minutes later than scheduled.[/li][li]Two men matching Stone and Bergen’s appearance leave the van, each carrying tool bags, and enter the building using keycards. Their bags are X-ray scanned and checked without incident. The facial recognition access system was not working that day, so the two mens’ identity was only checked visually by the guard on duty. Subsequent analysis of the footage highlighted several differences between the facial features of the two men on the CCTV and Stone/ Bergen.[/li][li]Police conclude from the above that Stone and Bergen were intercepted on their way to work on Thursday morning, and two men with roughly the same appearance took their place and gained access to the Treasury.[/li][li]CCTV footage from the rest of the day shows the two unknown men working in several locations across various floors. CCTV coverage is not complete inside the Treasury so it is possible that the two men gained access to other areas. Footage from inside the Cabinet Office, an adjoining interconnected building, shows a possible sighting of the two men near a basement boiler room.[/li][/ul]

One important clue has been found. A search of the abandoned van revealed a partially-burned fragment of notepad paper under the front passenger seat. Written in pencil on the paper were an apparently random sequence of words and letters, which the police believe to be a coded message either sent or received by the two men.

All attempts to extract meaning from the message have been unsuccessful. Can you break the code and find out what is going on?


EMBARGO ABPCDBE HOMIEST OPTEEDO CKDEIAY
ABLUEIT QUFRPDS LINENNS REOCCUR MAENHDY
QUIETEN RAKTLED OPENWAY BLGLOBE HOSERUR
LIPVTST TRANSIT RAISINS GRWHMEM GR/EEDY
TRNWWDO BLUECGO MACHTEN CKOHLED REFEEDS

Anyone else taking a look at this? I’ve just entered the words into excel but haven’t put much thought into it yet. Curious if I’m alone here…

Glancing at it. See if anything pops out.

2 Qs, 6 Us and 4 Ys so lets figure out how we get some "YOU"s put of this.

The letters look to follow a normal English distribution. More E’s than anything. Lots of T, A, N. I wonder if they are just scrambled.

Reports are coming in of another serious security breach. The incident took place at the Devonport Naval Base in Plymouth, in the west of England. Two men were able to infiltrate the base shortly after 11:00 on Monday 17th October by concealing themselves inside a delivery vehicle. Security camera footage shows the two men gaining entry to a server farm on the grounds of the base. Approximately ten minutes later, a guard on patrol discovered the men as they exited the building and challenged them. One of the two men drew a taser and incapacitated the guard, and the two men were able to escape over the base perimeter wall before back up teams were able to respond.

It does not appear that any equipment was taken from the server farm, but several of the servers showed signs of having been tampered with. MI5 agents are now working with police to attempt to trace the men. Image analysis of the video from the base security cameras indicates an 80% probability that the two men were the same individuals who infiltrated the Treasury building on Thursday.

In their struggle to overcome the guard, one of the two men dropped some items that were recovered by RN security personnel investigating the scene. The first of these items appears to be some kind of micro-electromechanical surveillance drone, resembling a miniature robotic spider, but of a type not familiar to MI5 or the CIA. The second item recovered was a crumpled sheet of notepad paper, resembling the one previously found by police in the abandoned van. Again, this sheet of paper bore a series of mysterious words, which are reproduced below.

The fear is growing that this is part of a coordinated assault on the UK. Can anyone crack the code before it is too late?


POWRNET CLHTULU FLUORIN EYESEAR ERIBIRD AMNESIA
REMEDLY HOTRDOG TESELOG TENCRYP LICO/PO FLQOPPY
ERSATZZ THEMWHO MONOPOD SEASBLU CALCIUM CERSRUB
EYDF/PY AMGDECH REDLWRD BATNHOD CEOMENT SPLOTCH
MOEWHZZ LINMENT SPENHUB HOAUWUM THIOOYP LEAPOIN
ACUTELY SEVMSHO ACTOEAP LENSCAP CLEOSET BAA/AIA
CALEDAR

Given the serious nature of these incidents, GCHQ has directed its communications surveillance system, codenamed DoubleSix, to search all internet and mobile data traffic for possible coded messages.

DoubleSix reports that the following message, which shows a high degree of structural similarity to the previous codes, was sent yesterday by SMS from a mobile phone in the vicinity of Devonport, and received by another phone located in central London. Both phones were prepaid ‘burners’, purchased anonymously, and have not been used since.


ASHPRAY MEFSOTE MEDC/LS EXPANSE FUWPCZZ
MISOTON STOROZZ YYENERG DBIGBIR IDSOTNS
STROLLS QQLAOIR FUSIONS QUIETTT BEACLKK
QUSGHSS SANSRKA BRDOLTY OM/CASE IDMNOAY
ACOERTI ACTRESS OMYTHLE YYTENON RLHAAOW
BENNETT COEESUM MISTOOK QQOSAKA TRRMWRY
NLSGROW TRINITY NLIEUTE DBAENOK RLSGGRG
EXLYDKK RANDTUM SAFEDRY COSMETI BRAILLE

Not sure if you’d be willing to answer this, but does the “story” contain any clues, or is it just window-dressing?

The DoubleSix system has made another discovery that could shed some light on the mystery.

The following is the contents of an email sent to a disposable one-time email address at 19:25 on Thursday 13th October- the same day that the initial breach was made at the Treasury building.

The email contents show obvious similarities with the coded message discovered in the abandoned van the following day- but with equally obvious differences.

DoubleSix analysts believe this to be a retransmission of the original message- in other words, the same message, encoded by the same system, but with a different result. Could this provide the vital clue?


EMBARGO TRNWWDO OPENWAY HOSERUR RAISINS HOMIEST TRANSIT CKDEIAY
GR/EEDY ABLUEIT MACHTEN BLUECGO QUFRPDS GRWHMEM REFEEDS LINENNS REOCCUR
QUIETEN OPTEEDO MAENHDY RAKTLED BLGLOBE
LIPVTST ABPCDBE
CKOHLED

Somehow I have just discovered this puzzle. It is going to take me several days to have time to work on it. In the meantime, I thought I would bring it to the forefront to see if others have had any luck.

I have, ahem, disentangled the messages. I’m not sure how much I should give away, but the key for me was the most recent intercept, which suggests that

the codewords may be transmitted in any order, or at least in more than one order. How, then, to place them in the correct order, before decoding them?

HANGNUT STAYTDY SCYEOAK BLHAOAN SKEOUGH PRD/WAR
COPYMAN DISBODY AQUAYED AQRUOTH COIYADS NER/AOK
SCORNED PRESAGE DIBDGGH HADRTIL UNOYRAR SEEUAIL
BLESBOK SECONDS NEEDYQU UNCOUTH STHEYGE SKEOAUT

these are lower-case

Every message has a / at least once, wonder if that suggests a switch in the coding of some type.

Great work by **Ximenean **and septimus! Any insights into the solving process? I’ll post an epilogue to the story later.

I approached it thinking that if it’s like Biotop’s puzzles, then the code, while initially baffling, was probably going to be straightforward and elegant in its actual mechanism. So anything too convoluted was out.

TexCat’s observation suggested that it was more likely to be a transposition cipher than a substitution cipher.

I assumed from the start that the dictionary words and near-words that occur throughout the messages were just red herrings.

As I said, the last intercept gave me an inkling that it involved finding the correct order for the codewords. I’d like to say that I reasoned this out with clear-eyed logic, but the truth is more that, having spent so long looking at the codewords, I finally started to notice similarities between some of them (I think deliberately made more noticeable in the later messages), and then I remembered that I was supposed to be putting them in sequence, and the lightbulb went on.

My tip would be to start with the last message (the ASHPRAY one) and look for something in common between codewords.

And I’m kicking myself now, because looking at it again there’s something pretty basic that I could and should have tried which, while not cracking the code directly, does yield a big clue. By which I mean

arranging the codewords in alphabetical order.

As I PM’ed to hammos1, this was almost the first thing I tried — not so much because it seemed like a good idea, but more out of an old hacker’s habit!

Can anyone provide some more insight? I’ve tried what you guys have suggested and while I now see what some of the codewords have in common, I still don’t get it.

As I mentioned in the other thread, work habits may make a big difference in ease of solution.

I hardly ever use paper and pencil these days, except for maps or graphics. I copied the puzzle into a file which I then edited with vi. Pencil never touched paper. I’m curious how others approach such problems:

  • Computer text editors like I do?
  • Paper and pencil?
  • old-fashioned index cards??
  • Pure brain, staring at original problem??

I wouldn’t attempt such puzzles except with my usual computerized work habits. And note that I use a general-purpose text processor like vi (or emacs) rather than MSWord. ***By default I use a fixed-pitch (Courier) font ***— this is so helpful for MANY purposes that for a while Google was smart enough to single out the Usenet group rec.puzzles and use Courier font there! (No longer; The Don’t Be Evil corporation has happily adopted Do Be Stupid as its new motto!)

Warning: Unspoilered partial spoiler follows.

At one point I had the following form of OP’s puzzle in my edit buffer:


EM BAR GO
AB PCD BE
HO MIE ST
OP TEE DO
CK DEI AY
AB LUE IT
QU FRP DS
LI NEN NS
RE OCC UR
MA ENH DY
QU IET EN
RA KTL ED
OP ENW AY
BL GLO BE
HO SER UR
LI PVT ST
TR ANS IT
RA ISI NS
GR WHM EM
GR /EE DY
TR NWW DO
BL UEC GO
MA CHT EN
CK OHL ED
RE FEE DS


I typed :1,$!sort -k 3 . Enlightenment ensued!
~ ~ ~ ~ ~ ~

ETA: In both this puzzle and mine, the key first step is to place the words into a correct order.

~ ~ ~ ~ ~ ~

:o But at least hammos1’ puzzle is attracting interest 3 weeks later. My own puzzle, similar to hammos and not MUCH more difficult, IMO, is about to fall off the page.

Take heart. This puzzle disappeared from the front page too, but that doesn’t mean people have quit. I once posted a puzzle and was shocked when it rose from the dead solved months later.