It’s an Enigma: How and Why I Did It.

First of all, a little background, I work in as an advertising creative in addition to trying to launch the web-based startup, I’ve also had a long-time interest in puzzles and ciphers. For a decade or so, every time a new, big assignment came across my desk, I would invariably suggest to my creative partner, “How about we do a puzzle that leads to a big party hosted by [client’s name]!”

Finally, my partner suggested that I just create a puzzle myself to get it out of my system—no doubt, so I would also stop proposing it every time a new creative brief crossed our desk. My fantasy was that I would create something that would follow the trajectory of a viral stunt like LonleyGirl15, except I wanted to use Twitter as the launching point since it was the latest hip-new-thing-that-everyone’s-doing. I did it for no other reason than I thought it would be fun and entertaining—and in this economy, I’ve got some time on my hands.[sup]1[/sup]

The first riddle was to crack the elementary code I used in some of my tweets. As @3outof4, I started tweeting about the usual stuff everyone else does in order to gain a small following before occasionally tossing coded gibberish into the mix. At this point, I had two friends helping me disseminate the existence of the puzzle on Twitter: @SharkJumper and @RBlaine1942. Additionally, we were each tasked with creating awareness elsewhere on the web. Being familiar with the Straight Dope Message Board—on which I was already a member—that’s what I chose to employ. My friends chose to devise absurd, attention-getting scenarios that they never attempted to follow through on. Although all the sleuthing for the puzzle was performed entirely on the SDMB, that’s just the way things turned out, not the way they were intended.

I chose ROT13 for the first puzzle, because it was simpler than a substitution cipher, and there are several websites that can turn ROT13 encrypted text into clear text with the push of a button. As a clue to deciphering the code, I Photoshopped a ROT13 tattoo on the back of my user icon.

To generate awareness of the puzzle, I posted my first thread on the SDMB: “What Code Is This Twitter User Using? What Is She Saying?” I quickly received an answer, but no one expressed any interest in pursuing the puzzle any further, so I started a second thread: “Puzzle: Anyone in Miami Beach, Austin, Cambridge or San Francisco Able to Help With T[his?]

The next riddle used Google Map’s Street View to identify four CDs I’d had hidden in newspaper boxes in different cities. The one in Cambridge was quickly discovered, but there didn’t seem to be any participants in Austin or Miami. To move things along, I asked my friend, @Foible, in Austin who’d hidden the CD for me to pretend to find it in the hope that it would pique more interest from people in the other cities.

Unfortunately, I made a mistake when I asked a friend-of-a-friend to hide the CD in San Francisco: I used to live in San Francisco and know many people there, but my creative partner wanted to help out and asked me to let his friend hide that CD. She might just be the flakiest person on Earth. Although I provided detailed instructions and pre-cut strips of duct tape in the envelope I mailed her containing the CD, I have my doubts whether she followed the directions at all. I wouldn’t be surprised if she used scotch tape to stick the CD to the side of a lamp post. Worst of all, when I learned that someone had gone to retrieve the CD but found the newspaper box empty, she didn’t respond to e-mail messages, phone calls or texts for about 24 hours. (“I rarely check those things,” she eventually acknowledged, which qualifies her as one of only a handful of people in tech-savvy San Francisco still living in the 80s.)

I’d personally placed the clue in Miami Beach while on a trip and know that CD was there, is there and will be there until the Rapture. Unfortunately, since no one ever made an attempt to find it, I figured the best option to generate momentum would be to post the contents of the CDs online and hope that would produce more interest—but for a while: zilch.

In fact, at that point, I gave up on the whole puzzle. I stopped posting to the threads I’d started or doing anything else to generate interest. I assumed it had reached a dead end.

Imagine my surprise several days later when I saw a new thread, “It is an enigma .” started by indian. Indian had seen a comment I’d left in response to a blog post on the New York Times website, and by shear coincidence, was also a member of the SDMB. Completely unaware of my first thread, he started his own.

The next puzzle involved arranging four PDF files (titled 0N3, 7W0, 7HR33 and F0UR) to assemble a string of letters along a spiral. This produced what was almost a Fibonacci spiral, but solving the puzzle using the Fibonacci sequence produced decoy Twitter user accounts. However as my Twitter name @3outof4 suggested, page 7HR33 was superfluous. Removing that page and folding pages 7W0 and F0UR so they met produced a proper Fibonacci spiral.

Since no one was able to make any progress on this puzzle, I provided the answer myself. This was the only complete solution I provided, although, I did occasionally drop hints for other puzzles to point dopers in the right direction. I tried to divulge as little information as possible, and I hope that I did so only when absolutely necessary.[sup]2[/sup]

Inspired by “number stations” which broadcast blocks of random numbers intended for spies in the field to receive instructions, I decided to produce something similar using the text from books in the public domain—and thus readily available—as the pad for my cipher. The user’s Twitter icon would indicate which book to use. I took the unusual step of including numerals in the cipher incase the pad or message contained numbers so I wouldn’t have to spell them out. I simplified the process of encrypting and decrypting messages using Excel and custom written AppleScripts. (Not being a programmer, I wanted to mention this so I could give myself a pat on the back.)

In the old days, messages would routinely be a standard length to prevent eavesdroppers from deducing anything from the length of the message. For example, if an agent transmitted a message and received a two-letter reply, one might rightfully infer that a question had been asked, and the answer was, ”No.” On the other hand, using poor encryption protocol, I made all the extra characters Xs to make deciphering less tedious.

I initially chose the phrase “it’s an enigma” for no other reason than its association with Germany’s Enigma machine and Churchill’s quote, “Russia is a riddle wrapped in a mystery inside an enigma.” I then started playing with anagrams for three reasons: 1) there was an abundant supply, 2) they could provide hints to facilitate finding the solutions to some of the puzzles, and 3) it gave me a naming convention so I didn’t have to start from scratch every time I needed a new name, URL, etc.

The idea for a paragraph that required the solver to pick the first letter of each line seemed fairly common, however, depending on the typeface, the lines would break in different places. Also, one of the line breaks was entirely dependant on the inclusion of a comma. That’s why I included the suggestion to use Times New Roman and proper punctuation. Personally, I was very pleased with myself for the content of the paragraph because I was able to write something that worked without sounding too clumsy.[sup]3[/sup]

I spent an enormous amount of time trying to code’s automated reply e-mail so it contained an embedded HTML image and not just an attached file. My intent was to have the formula and hyperlinks in the e-mail, eliminating the need for the website, but I absolutely could not figure out how to do it. The attached image in the reply e-mail should have been visible. It worked in my tests weeks before using Google Labs’ Canned Response, and I’ve no idea why it failed when needed. The image recipients should’ve seen was a scaled-down version of the formula it linked to.[sup]4[/sup]

The math formula was created by a friend, because math is not my strong suit.[sup]5[/sup] To make the formula more difficult, I choose to replace some of the numbers with photographs containing numbered objects and gave them varying eight-digit names and tags. I chose eight digits because that was the number of digits in the password for the downloadable ZIP file. As a Photoshop wiz, I was familiar with the Digimarc Watermark plugin that comes with every copy of the application, and again, used the user’s icon to provide a hint. When the Flickr image files were opened in Photoshop and the Digimark plugin “Read Watermark…” selected, the true value of the missing number in the formula would be revealed.

Of course, that produced a number, but the password was comprised of letters. That’s why I named the PDF files from the second puzzle using 1337 speak. The formula’s solution, 84531355 spells BASELESS in 1337.

Originally, there were only going to be three dollar bills and three tracks in the audio file. My idea was to markup the serial numbers to somehow generate a URL, however, I had a “Eureka!” moment when I realized that dollar bills were marked with different letters depending on which of the 12 federal reserve banks issued them. I then searched for a word comprised solely of letters available on the front of a dollar bill. I thought “demonetise” was perfect because it reflected the fact that I was defacing U.S. currency, and as a less-common, alternate spelling, it wouldn’t be obvious.

I went to the local bank and got 10 bills lettered A through J and cut out the appropriate letter from each. (Fact: Es are very difficult.) I mailed them to friends in 8 different cities who agreed to leave them in the care of someone who’s job required contact with the public. I kept the last two and hid them in New York.

I’d originally intended for each of the 10 locations in the audio clue to be spoken in a different language. First, I tried using Google’s Translation service and Nuance’s text-to-speech function to automatically generate the audio files, but when I played the results to foreign language-speaking friends, they howled with laughter at how bad the results were. I realized I had to find native speakers to help me out, and as luck would have it, a class I was auditing at NYU had numerous international students. I brought a list of the locations, asked several to translate them into their native tongue and had them read the results into the microphone on my computer. Problem solved! Except that I hadn’t switched the input source on my computer, so when I got home I found that I had track after track of silence. Ultimately, I relied on a friend who speaks multiple languages (damn European showoffs and their fluency) to record a few, and my sister provided the track spoken in Gibberish. I read the remainder.

I was in a panic on Tuesday evening when the receptionist at Microsoft told a doper that the dollar bill in her possession was missing a T. Without knowing the Federal Reserve bank that issued the bill, I’d no way of knowing whether I’d made the mistake or she had—and until I did, I there was no way to correct it, because my fix might cause new problems down the line.

As far as my “finding” the clue in Chicago, that’s a perfect example why I’m the definition of a misanthrope. I mailed the clue to a “friend” who agreed to hide it, and he kept saying he’d “do it tomorrow.” Eventually, tomorrow came, and there was no clue in Chicago, so I had to pretend to find it myself. If you type Chicago into Google Maps and zoom in using street view, Panda Express is the first business you’ll see.

I’d created the location image clue weeks ago and uploaded it to Google—which I was using to host all the related sites—and occasionally updated the image so it’s name contained the appropriate date. On Wednesday, when I realized people were getting close to that clue, I decided to double check everything and discovered that Google was stripping the meta data from the image. The file was supposed to contain the GPS coordinates for the meeting place and an (arguably humorous) note that I would be wearing an “Enigma” nametag. As I was frantically searching for a workaround, the site started getting hits.

I tried different methods for using Google and Flickr to host the image without success and briefly uploaded the file to my own server before realizing that it would provide a definitive link between myself and Here Come Dots.

Finally, I asked everyone on my AIM buddy list if they could host the file. My friend, @Foible, from Austin who’d hidden and “found” the CD there was the first to reply, and so I used his server unaware that it would provide the first clue linking myself with Here Come Dots

I was extremely surprised at how easy it was to solve the last puzzle using a method that I wouldn’t even consider bruit force. (I had no idea that Dreamhost provided a easily-accessible list of newly-registered domains.) However, I was stunned when sadrobot determined the location of the final clue so quickly—and apparently without the use of the GPS data embedded in the image.[sup]6[/sup]

Do I consider the puzzle a success? Yes and no. My fantasy that it would be an internet phenomenon didn’t materialize, but I always knew that was very unlikely. However, people did invest the time and energy to figure out the puzzles I created, and that’s still very rewarding. There are a few things I’m disappointed about though: First, I didn’t know that password-protected ZIP files were so trivially susceptible to a bruit-force attack. Second, I didn’t realize it would be so easy to work out the solution to the dollar bill riddle with so few pieces of the puzzle. However, these were mistakes I made when creating the puzzle, and I’m genuinely fascinated at the ingenuity employed to circumvent them. Frankly, it’s reminiscent of the methods used by Alan Turing and others at Bletchley Park.

The one thing that surprised me the most, was the lack of curiosity about why the puzzle existed. I’d assumed that the conspiracy theorists among us would insist that it was just a viral marketing stunt, and everyone would be disappointed when it turned out to be a promotion for some brand of toothpaste or whatnot.

Anyway, thanks for playing. I’m happy to answer any questions.

[sup]1[/sup] For the record, it took an enormous amount of work. Not only did I have to create and distribute the puzzles, I spent six weeks establishing a linty of identities with false backgrounds and posting histories to act as shills if needed. The only “character” I didn’t create was the one that led to my unmasking: Here Come Dots. I’d been using the online persona Morris Cody and his associated user name Here Come Dots for a while, and it never occurred to me that I ought to have a pseudonym for my pseudonym.

[sup]2[/sup] I am very, very remorseful that my role as Here Come Dots was uncovered, and sincerely hope it hasn’t soured the sense of accomplishment dopers feel about ultimately solving the entire puzzle. I’d contemplated issuing a vigorous denial, but the evidence became too overwhelming. I even went as far as giving a friend access to my Twitter and SDMB account so Here Come Dots could tweet and post while I was in a bar surrounded by witnesses.

[sup]3[/sup] I made one mistake, though: when I picked the name Ian Gaitsmen in the paragraph, I forgot to change @ImagineAnts name from Gina A. M. Stein.

[sup]4[/sup] If you’re interested, received only four requests for the next puzzle plus one e-mail informing me that the image wasn’t being displayed.

[sup]5[/sup] Side note: In fifth grade math class, we were each paired up with another student, and we switched partners about once a month. The teacher had us swap papers to grade our homework, and I was able to convince all of my partners that, “Hey, if you don’t do the assignment and I don’t do the assignment, we can both report the other got two or three wrong without having to do any of the work. As a result, I essentially skipped fifth-grade math remain at a pretty much a fourth-grade level to this day.

[sup]6[/sup] Sadrobot was absolutely not involved in any way with the creation or execution of this puzzle. His discoveries in no way relied on any insider information, and he deserves full credit for his accomplishments.

I haven’t been following this whole saga(until now), but I don’t think your use of this Board was entirely within our generally accepted practises and rules. Since I’m behind the curve on this one, I’ll spend some time reading your posts and talking to the other General Questions Mods as well as the other Mods/Admins on the Board.

I’ll just close this for now. Stay tuned.

samclem Moderator, General Questions