GCHQ (UK Government Communications Headquarters) publicly used an online puzzle to recruit codebreakers in 2013, yet the far tougher puzzle that inspired it, Cicada 3301, still refuses to say who, or what, is behind it.
The numbers don’t lie. Between 2012 and 2014, someone coordinated the placement of QR codes on five continents, created bootable Linux operating systems, and designed cryptographic challenges that demanded skills directly applicable to signals intelligence work. They claimed to be a privacy-focused “think tank”, but the resources required and the methods used look remarkably like covert recruitment.
Three years of elaborate puzzles point to serious money and purpose. It’s not a question of whether a government could do this. It’s whether anyone else could have.
First Sightings – 4 January 2012 and What Followed
It started with a single image posted anonymously to 4chan. Black background, white text, cicada logo. The message was simple: “Hello. We are looking for highly intelligent individuals. To find them, we have devised a test.”
The puzzle that followed was a rabbit hole of cryptography and global logistics.
The image contained a hidden message, extractable using OutGuess steganography software (which extracts hidden data from images). That led to a Caesar cipher (a simple code where letters are shifted by a fixed number). The cipher pointed to a specific book passage. The book reference gave a phone number. The phone number played an automated message with another prime number puzzle. The prime number led to a website countdown timer.
When the countdown reached zero on 9 January 2012, it revealed 14 GPS coordinates spanning the globe. Physical QR codes (square barcodes readable by smartphones) had been placed at each of the following locations: Warsaw, Paris, Seattle, Seoul, and ten other major cities. Each code contained the same message directing solvers to yet another website.
This wasn’t some teenager in a basement. Coordinating physical drops across five continents requires meticulous planning, adequate resources, and a dedicated team on the ground. The kind of logistics that suggests institutional backing.
The puzzle ran for exactly one month.
On 5 February 2012, Cicada 3301 posted a PGP-signed message (cryptographically authenticated using Pretty Good Privacy encryption): “We have now found the individuals we sought. Thus, our month-long journey ends.”
Then they did it again.
4 January 2013: another image, another puzzle. This time, involving Aleister Crowley’s The Book of the Law, a custom Linux ISO called “Cicada OS” (a bootable operating system file), audio steganography challenges, and fresh GPS coordinates for new physical clues worldwide. The complexity had escalated dramatically.
4 January 2014: the third and final major puzzle. This introduced the Liber Primus, a 74-page book written in an unknown runic script. Only 18 pages have been successfully decoded. The rest remains unsolved more than a decade later.
Three annual releases. Each more sophisticated than the last. Each requiring the exact skill set prized by cryptographic agencies: steganography (the art of hiding data inside other files), cipher analysis, programming, mathematical reasoning, and operational security using tools like Tor (anonymous internet browsing system) and PGP.
Timeline: Puzzles and Precedents
-
4 Jan 2012
First Sighting
An image appears on the anonymous 4chan forum with a simple message: "Hello. We are looking for highly intelligent individuals. To find them, we have devised a test". The first Cicada 3301 puzzle begins.
-
9 Jan 2012
The World Is a Puzzle
After a series of cryptographic steps, solvers are led to a website revealing 14 GPS coordinates. Physical QR codes are discovered in cities across five continents, including Warsaw, Paris, and Seoul, demonstrating significant real-world coordination.
-
Feb 2012
Recruitment Concludes
A PGP-signed message appears: "We have now found the individuals we sought. Thus our month-long journey ends". This implies a successful selection process.
-
4 Jan 2013
They Return
Exactly one year later, a new puzzle appears. This iteration is more complex, involving Aleister Crowley's "The Book of the Law", a custom bootable Linux OS, and new physical clues. The pattern is established.
-
Jun 2013
The Context Changes
The Guardian and The Washington Post begin publishing Edward Snowden's leaks about NSA surveillance programmes. The public image of signals intelligence agencies is permanently altered, creating documented recruitment challenges.
-
4 Jan 2014
The Liber Primus
The third puzzle introduces the 'Liber Primus', a 74-page book of runes. It is the most complex challenge yet, and much of it remains unsolved to this day.
-
Jan-Feb 2014
A Method Worth Copying
As the third Cicada puzzle runs, the US Navy launches "Project Architeuthis", a puzzle-based recruitment challenge explicitly inspired by Cicada 3301. Official bodies are now adopting the technique.
-
May 2014
NSA Posts a Puzzle
The NSA's @NSACareers Twitter account posts its own cryptographic puzzle. The use of public puzzles as a recruitment and engagement tool by intelligence agencies is now an open strategy.
What Cicada Says About Itself
According to their own PGP-authenticated communications, Cicada 3301 described itself as recruiting for “an international group” focused on “constructing a society based on ideals of liberty, privacy, security”. They explicitly denied involvement in illegal activities and distanced themselves from hacker groups using their name.
Marcus Wanner, who solved the 2013 puzzle, reported being invited to a private forum where successful solvers were questioned about their views on information freedom and online privacy. Those who passed this ideological screening were then asked to work on projects advancing the group’s stated aims.
One such project was CAKES (Cicada Anonymous Key Escrow System), described as cryptographic software to protect user privacy. Wanner and other “winners” were tasked with developing this system for their anonymous benefactors.
The February 2012 message claimed they had “found the individuals we sought”, implying a selection process with specific targets in mind. Later statements warned against collaboration and emphasised they wanted “leaders, not followers”.
We want the best, not the followers.
This language suggests careful psychological profiling alongside technical assessment.
But here’s what doesn’t fit. A think tank is meant to produce various outputs, including research, software, and campaigns. So, after recruiting the world’s brightest for years, what did Cicada 3301 actually make?
No research papers, no software releases, no public campaigns.
Either this think tank was remarkably secretive about its work, or the recruitment led somewhere else entirely.
The Intelligence Recruitment Hypothesis
The skills tested by Cicada 3301 read like a job specification for signals intelligence (SIGINT) work.
Steganography and cryptanalysis formed the core challenges. Solvers needed to extract hidden data from images and audio files, break various cipher systems, and understand both classical and modern encryption methods. These are fundamental SIGINT capabilities.
Technical proficiency requirements included Linux system administration, Tor network navigation, PGP encryption, and programming skills. They were testing for people who already used the same tools spies use to stay anonymous.
The psychological screening tells its own story. They asked successful solvers about information freedom and online privacy. Were they fishing for people who’d be comfortable with the moral grey areas of surveillance work? The emphasis on individual initiative and the discouragement of collaboration mirror the operational requirements of classified work. Techniques refined in programmes like MK-Ultra, where psychological assessment was key to recruitment.
Most tellingly, the global coordination required suggests resources beyond most private groups. Placing physical clues across five continents without leaving obvious trails requires operational capability typically associated with state-level actors.
The historical precedent is clear. Intelligence agencies have used public puzzles for recruitment since at least 1942, when the British War Office recruited Bletchley Park codebreakers through Daily Telegraph crosswords.
GCHQ ran online cryptographic challenges in 2011 and 2013, calling them “successful” recruitment campaigns.
The US Navy launched Project Architeuthis in 2014. They openly said they copied Cicada 3301’s methods to find cryptologic warfare officers.
The timing is worth noting. These puzzles ran through 2013 and 2014, right when the NSA’s reputation was in the toilet thanks to Snowden. They couldn’t get the talent they needed through normal channels anymore. Too many potential recruits had moral objections.
Think about it… If you’re an agency that suddenly can’t attract top cryptographers because they think you’re the bad guys, what do you do? An anonymous puzzle that filters for exactly the skills you need, wrapped in privacy advocacy rhetoric? That’s one way to solve your recruitment problem.
Contradictions and Missing Links
There is one major hole in the intelligence recruitment theory. Nobody can prove that a single solver went on to work for the NSA or GCHQ.
Despite extensive investigation, no confirmed case exists of a Cicada 3301 solver being subsequently hired by any government agency. Marcus Wanner and other successful participants report being invited to work on privacy software projects, not joining intelligence services.
FOIA requests (Freedom of Information Act requests) specifically mentioning “Cicada 3301” appear in CIA logs from 2016, but the responses are either heavily redacted or return “no records found”. This could indicate successful compartmentalisation of a classified programme, or simply that no such programme existed.
Key evidence has vanished. Original 4chan threads containing the initial puzzles are gone. The platform’s ephemeral nature means most early posts exist only as screenshots. Tor hidden services used in the challenges disappeared after limited access periods. Even community-maintained archives have suffered link rot over the years. This systematic erosion of evidence follows patterns seen in other suppressed research, where inconvenient findings simply disappear from the record.
The solvers themselves present contradictions. Joel Eriksson, who tackled the 2012 puzzle, reached a final Tor site that simply displayed “We want the best, not the followers” before shutting down. He was too late to register his contact details. Other solvers report similar dead ends or invitations to projects that subsequently vanished.
Here’s the strangest part. Cicada 3301 kept banging on about privacy, freedom, and fighting censorship. That’s the opposite of what surveillance agencies do. Unless, of course, that was the whole point. What better way to attract privacy-minded hackers than to pretend you’re on their side?
The money question is tricky. Yes, planting clues worldwide takes serious cash and coordination. But the technical side? A few dedicated people with decent funding could run the servers and websites. We can’t find who paid for it, but that doesn’t mean it was the CIA.
Three Gaps in the Evidence
Vanished Artefacts: Key evidence has decayed over time. Original puzzle posts on 4chan are gone, and the Tor hidden services used as part of the challenge were taken down after limited access periods. We are left with community-archived screenshots, many of which now have broken links.
Official Silence: FOIA requests mentioning “Cicada 3301” exist in CIA logs. But the official responses are either “no records found” or heavily redacted. This is a common tactic for classified programmes, but it is not proof that one existed.
The Silent “Winners”: There is no verifiable proof that a single solver was hired by an intelligence agency as a result of the puzzles. Accounts from those who succeeded vary, from being invited to work on private software projects to reaching dead ends. The lack of any verifiable, long-term outcome is a major hole in the recruitment theory.
Alternative Explanations We Still Have to Test
Private Cypherpunk Collective
This theory fits like a glove. Cypherpunks have been preaching privacy and cryptography since the 1990s. The puzzles test exactly what they care about. But here’s the problem. Could a group of privacy activists coordinate physical drops in Warsaw, Sydney, and Seattle all on the same day? That’s a lot of plane tickets and trusted contacts for people who supposedly hate being tracked.
Elaborate ARG or Social Experiment
The game-like structure and community engagement fit ARG (Alternate Reality Game) patterns. Some researchers, including cryptography expert Elonka Dunin, have suggested it might “just be one group of people in a chat room giggling”. But most ARGs have eventual reveals or commercial tie-ins. Cicada 3301’s sustained secrecy breaks this pattern.
Marketing Stunt
Companies have used cryptographic puzzles for talent recruitment. Google’s 2004 billboard campaign successfully identified top engineers through mathematical challenges. But Cicada 3301 ran for years without any brand ever surfacing. Either the marketing failed completely, or it was never marketing at all.
The evidence doesn’t cleanly support any single theory. Each explanation accounts for some aspects while struggling with others. This ambiguity might itself be intentional. A sophisticated operation would naturally obscure its true purpose.
What we can establish is capability and methodology. Cicada 3301 demonstrated the technical expertise, operational security, and global reach to execute a complex, multi-year recruitment programme. Whether they were recruiting for government agencies, private organisations, or ideological causes remains an open question.
Evidence Matrix - Four Theories Weighed
| Evidence / Characteristic | Intel Agency Recruitment | Private Collective/Think Tank | ARG/Social Experiment/Hoax | Marketing Stunt |
|---|---|---|---|---|
| High Puzzle Complexity | + (Tests relevant skills) | + (Core interest of such groups) | + (Intellectual challenge is key) | +/- (Could be too niche) |
| Global Physical Clues | + (Suggests significant resources) | - (Resource intensive) | +/- (High effort for a hoax) | - (High cost for no brand reveal) |
| Lack of Monetisation | + (Not expected for agency op) | + (Not primary goal) | + (Can be non-commercial) | -- (Opposes marketing goal) |
| No Final Reveal | + (Expected for covert op) | +/- (Could remain private) | -- (Unusual for most ARGs) | -- (Defeats marketing purpose) |
What Remains Unsolved and Why It Matters
The biggest clue we have is also the biggest problem… the Liber Primus. It is a 74-page book written in runes that Cicada distributed during the 2014 puzzle. Here’s the issue: more than a decade on, solvers have only managed to translate 18 pages. The bits we can read talk about what you might expect: knowledge, privacy, and security. The remaining 56 pages are still encrypted solid, and whatever answers Cicada had are likely locked inside.
The 56 pages could contain direct statements of purpose, organisational structure, or even identity markers. But they’ve resisted all decryption attempts for over a decade. Either the encryption is exceptionally sophisticated, or the key requires information not yet available to public solvers.
The silence of the “winners” is equally significant. If Cicada 3301 was genuine recruitment for any organisation, some participants should eventually surface with verifiable accounts. The continued absence of such testimony suggests either exceptional operational security or outcomes different from what most theories predict.
State and corporate recruiters continue mimicking Cicada’s methods, proving its influence regardless of origin. The US Navy’s Project Architeuthis and GCHQ’s ongoing puzzle campaigns demonstrate that the model works for identifying technical talent. This practical adoption validates the core insight: public cryptographic challenges effectively screen for skills valuable to classified operations.
So we’re left with the same questions. Who paid for the plane tickets and servers? What happened to the ‘winners’? And why are intelligence agencies officially silent while copying the methods?
This isn’t just about solving an old internet mystery. Cicada 3301 showed everyone how to find and filter technical talent without ever showing your face. Now, every agency and tech company runs similar puzzles. They learned that the best way to find people who can break codes is to give them codes to break.
Until a creator or verified “winner” speaks with documents, the gap between declared ideals and suspected motives stays open. The investigation continues, driven by evidence rather than speculation. Sometimes the most important mysteries are the ones that remain unsolved, not because the truth is hidden, but because the truth reveals capabilities that prefer to stay in the shadows.
The real mystery isn’t who Cicada 3301 was. The mystery is what they proved was possible.
Source
Sources include: PGP signed Cicada 3301 messages and image artefacts archived by solvers (2012 2014); detailed solver testimonies such as Connor Tumbleson’s technical walkthroughs (2019 2024); mainstream reports including NPR’s The Internet’s Cicada (2014); intelligence agency statements and recruitment puzzles from GCHQ and the US Navy (2011 2014); CIA FOIA request logs referencing “Cicada 3301” (2016); academic analyses of post Snowden cryptography and recruitment.
Comments (0)