Masonic Cipher

The centuries old Masonic cipher uses two tic-tac-toe diagrams and two X patterns to represent the letters of the alphabet. Letters are enciphered using the patterns formed by the intersecting lines and dots.

The name Bob Smith would be encrypted as follows:

Tic-Tac-Toe Cipher

As mentioned above, a variation of the Masonic cipher used to encrypt numbers is the tic-tac-toe cipher. Using this pattern, each number can be enciphered with the character that is formed by the intersecting lines surrounding each number. The 0 is enciphered using an X.

His lawyer, Andrew Savage, has said in past that al-Marri poses no threat to the U.S. Many find this hard to swallow given that, as per al-Marri’s own admission in his plea agreement, he trained at Al Qaeda camps and found refuge in terrorist safe houses in Pakistan between 1998 and 2001. During this training period, al-Marri learned to handle weapons and communicate in code. He arrived in the U.S. on a student visa exactly one day before September 11, and promptly input the phone numbers of Al Qaeda contacts into his PDA.

At least at the time, Al Qaeda was using the techniques we’ve all read about in books to carry out its pre-attack communications, including pre-paid calling cards and simple codes. They also used information found online with search engines when planning their operations.

In the days following the 9/11 attacks, the man behind them – Khalid Shaikh Mohammed – was supposed to use his free hotmail email account to direct an agent to carry out another attack. When al-Marri arrived in the U.S., he created five new email accounts to communicate with Mohammad. He emailed his cell phone number to him using a simple “10-code.” He used the same code to store the phone numbers of his terrorist buddies, subtracting the actual digits in each telephone number from the number ’10.’ Six, for example, becomes four. Any emails containing words were also encrypted – addressed to ‘Muk’ and signed ‘Abdo;’ the details of this cipher were kept in an address book found in a safe house in Pakistan.

Al-Marri researched cyanide gas using the Internet and covered his cyber trail using special software. He identified dams, waterways and tunnels in a U.S. almanac. The details about the gas and U.S. sites in the filed document corroborate U.S. government intelligence that Al Qaeda had plans to attack those specific sites using cyanide gas.

On top of the five years al-Marri already spent in prison as an enemy combatant of the U.S., he can now be sentenced to up to 15 years.

photo courtesy of www.daylife.com

A standard touch-tone telephone keypad can be used to create a number cipher that is more difficult to break than a keyword system.

Using the telephone keypad at the bottom of this page, the criminal (or spy) can substitute numbers with the letters corresponding to the telephone button. The numbers 0 and 1 have no corresponding letters, which can throw both those encrypting and decrypting off. Sometimes the letters Q and Z are substituted for the numbers 0 and 1 because older telephone keypads omitted the letters Q and Z. The telephone number (202) 324-5678, for example, could be enciphered any of the following ways:

BBQ DAG KMRV
CQA FBI JNPX
AQB ECH LOST

Telephone keypad systems can use all 26 letters in the alphabet and thus are easily confused with enciphered words. Any cryptanalyst worth his/her salt will find out through further analysis of the letter combinations that there is no possibility that the cipher text conceals words. The downside (or the upside, depending which side you happen to be on) is that once identified, telephone keypad ciphers are easily decrypted.

Keyword Number Ciphers:

Most criminal use ciphers to hide numbers, especially telephone numbers, addresses, weights, and money amounts (doesn’t take a wiz kid to figure out why, hey?). Keyword number ciphers are the most common system for encrypting numbers and are used in the same manner as keyword alphabet ciphers (see Part I). Normally the keywords involved are ten-letter words with no repeat letters.

Plain Text:         1     2     3     4      5      6      7     8     9      0
Cipher Text:      B     L     A     C     K     H     O     R     S     E

Foreign language keywords are often used. The following is an example of a drug ledger that used a Spanish keyword cipher:

While decrypting the cipher, the cryptanalyst made the initial assumption that the letters represented numbers. If A+A+A = A, as set forth on the right-hand column, then A must equal 0 or 5. Using the same logic, if A+Q+Q = A, then Q must equal 5 and A must be 0. The cryptanalyst continued until he was able to establish the following relationships:

Plain Text:        0     1      2     3     4      5      6     7     8     9
Cipher Text:     A     T     S                    Q     R     O           M

Further analysis of other cipher text and anagramming the cipher text letters into an intelligible word revealed the following reverse order key:

(“my orchestra” in Spanish)
Plain Text:         9     8     7      6      5      4     3     2     1     0
Cipher Text:     M     I     O     R     Q     U     E     S     T     A

You’re all over it? Not so fast – number ciphers do not always use a keyword. An drug dealer in an Arizona prison sent a letter to a cohort instructing her to mail a shipment of drugs to the following Georgia address:

Box BFC
GCDI Abercorn Drive
Savannah, GA 31206

Huh??

Don’t despair! Note that the cipher text letters are all within the first nine letters of the alphabet. If A is assumed to equal 0, then the following key results:

Plain Text:        0     1      2      3     4     5      6      7     8     9
Cipher Text:     A     B     C     D     E     F     G     H     I     J

The key can be verified by checking the resulting street address. If the key turns out to be invalid, you can try moving the 0 to the end of the number series and assume that A = 1 instead. In this example, the first assumption was actually correct. A tiny notation “A = 0” was found in the lower right-hand corner of the prison letter, confirming the key. Not too smart having the answer to cracking the code and the coded letter all on the same piece of paper, was it?

There are two major categories of cryptographic systems: ciphers and codes. Criminals frequently use both to conceal clandestine records, conversations and writings. Officially, cryptology is the scientific study of cryptography and includes cryptanalytics, which deals with methods of solving cryptographic systems. Over time, we’ll be sharing a variety of secret writing systems encountered by law enforcement officials. You’ll also get a sneak peak into some of the approaches groups like the FBI use to solve these deceptive systems.

Cipher Systems:

Ciphers involve the replacement of true letters or numbers (plain text) with different characters (cipher text) or the systematic rearrangement of the true letters without changing their identities to form a coded message.

Believe it or not, cipher systems have been common since antiquity, and some are more complex and sophisticated than others. During WWII, the Germans used the Enigma Cipher Machine, which they thought to be unbreakable. Only after the war did it come out that the Allies had figured out the cipher and had been intercepting secret German communications throughout the war.

Over the course of history, criminals like rum runners during Prohibition and the Zodiac Killer that terrorized the Bay Area in the 60s and 70s have used cipher systems. Criminals usually employ home-brewed, simple substitution cipher systems. Those likely to use such ciphers are criminals involved in secret activities that involve incriminating records (think drug trafficking, loansharking, and illegal bookmaking). Imprisoned criminals also use cipher systems to communicate with supporters both inside and outside of prison.

Lesson I: Simple Substitution Ciphers:

The Caesar cipher is relatively basic – a substitution cipher named for its Roman origins. It involves writing two alphabets, one above the other. The lower alphabet is shifted by one or more characters to the right or left and is used as the cipher text to represent the plain text letter in the alphabet above it.

Plain Text
A     B     C      D     E     F     G     H     I     J     K     L     M     N     O     P     Q     R     S     T     U     V     W     X     Y     Z
B     C     D     E     F     G     H     I     J     K     L     M     N     O     P     Q     R     S     T     U     V     W     X     Y     Z     A
Cipher Text

In this example, the plain text K is enciphered with the cipher text L. The name ‘Dan Gordon’ would be enciphered as follows:

Plain Text:       D     A     N     G     O     R     D     O     N
Cipher Text:     E     B     O     H     P     S     E     P     O

This cipher’s pretty easy to break, but they can be made far more challenging (and secure) by using a keyword to scramble one of the alphabets. Keywords can be placed in the plain text, the cipher text or both, and any word can be used as a key if repeated letters are dropped. Here the word SECRETLY (minus the second E) is used as the plain text keyword.

Plain Text
S     E     C     R     T     L     Y     A     B     D     F     G     H     I     J     K     M     N     O     P     Q     U     V     W     X     Z
A     B     C     D     E     F     G     H     I     J     K     L     M     N     O     P     Q     R     S     T     U     V     W     X     Y     Z
Cipher Text

Getting the hang of it? Don’t forget that the cipher text may utilize numbers, symbols or even letter combinations to represent plain text characters.

Solving Simple Substitution Ciphers:

If the cryptanalyst knows which language the cipher was written in and has enough cipher text to work with, simple substitution ciphers can often be solved quickly and easily. Cryptanalysts use the following procedures when cracking an unknown cipher:

• The cipher text message is identified from other cipher text or plain text on the document
• The number of different cipher text characters or combinations are counted to determine if the characters or combinations represent plain text letters, numbers or both
• Each cipher text character is counted to determine the frequency of usage
• The cipher text is examined for patterns, repeated series, and common combinations

After these analyses are complete, the cryptanalyst starts to replace cipher text characters with possible plain text equivalents using known language characteristics. For example:

• The English language is composed of 26 letters, but the nine high-frequency letters E, T, A, O, N, I, R, S, and H constitute 70 percent of plain text
• EN is the most common two-letter combination, followed by RE, ER, and NT
• Vowels, which constitute 40 percent of plain text, are often separated by consonants
• The letter A is often found in the beginning of a word or second from last
• The letter I is often third from the end of a word

Using these and many other known language characteristics, a cryptanalyst can often decipher a simple substitution cipher with little difficulty.

To learn more, stay tuned for Cracking Codes: Part II…