Analysis of Criminal Codes and Ciphers Forensic Science Communications
Analysis of Criminal Codes and Ciphers Forensic Science
Communications
Introduction
For
as long as man has had the ability to communicate, secrecy has been sought.
Over the centuries various methods of secret writing, or cryptography, have
been developed for numerous purposes. The two major categories of cryptographic
systems are ciphers and codes, both of which are used extensively by criminals
to conceal clandestine records, conversations, and writings.
Cryptology is the scientific study of cryptography and includes cryptanalytics, which deals with methods of solving cryptographic systems. This article is an introduction to the variety of secret writing encountered in law enforcement and describes the role of FBI cryptanalysts in examining and deciphering these criminal codes and ciphers.
Cryptology is the scientific study of cryptography and includes cryptanalytics, which deals with methods of solving cryptographic systems. This article is an introduction to the variety of secret writing encountered in law enforcement and describes the role of FBI cryptanalysts in examining and deciphering these criminal codes and ciphers.
Ciphers
involve the replacement of true letters or numbers (plain text) with different
characters (cipher text) or the systematic rearrangement of the true letters without
changing their identities to form an enciphered message. Cipher systems have
been common since ancient times and vary in degree of complexity and
sophistication. The Enigma Cipher Machine used by the Germans during World War
II, for example, was thought to be unbreakable. Only after the fighting had
concluded did it become known that the Allies had broken the cipher and had
been reading secret German communications throughout the war.
Criminals have a long history of using cipher systems. During the Prohibition Era, rum runners in ships off the East and West Coasts of the United States used a variety of cipher systems, including advanced cipher machines, to communicate with their confederates on shore. The United States Coast Guard and the Department of Commerce pooled their resources to intercept and decipher the rum runners' messages. In 1969 the Zodiac Killer, who terrorized California's Bay Area during the 1960s and 1970s, sent a three-part cipher message to area newspapers explaining his motive for killing. This complex cipher used more than fifty shapes and symbols to represent the 26 letters of the alphabet but was broken in hours by a high school history teacher and his wife.
Criminals typically use homemade, simple substitution cipher systems which use a single cipher text character to replace a plain text character. Those most likely to use such ciphers include criminals involved in clandestine activities that require incriminating records, such as drug trafficking, loansharking, and illegal bookmaking. Incarcerated criminals also use cipher systems to communicate with cohorts inside and outside of prison.
Criminals have a long history of using cipher systems. During the Prohibition Era, rum runners in ships off the East and West Coasts of the United States used a variety of cipher systems, including advanced cipher machines, to communicate with their confederates on shore. The United States Coast Guard and the Department of Commerce pooled their resources to intercept and decipher the rum runners' messages. In 1969 the Zodiac Killer, who terrorized California's Bay Area during the 1960s and 1970s, sent a three-part cipher message to area newspapers explaining his motive for killing. This complex cipher used more than fifty shapes and symbols to represent the 26 letters of the alphabet but was broken in hours by a high school history teacher and his wife.
Criminals typically use homemade, simple substitution cipher systems which use a single cipher text character to replace a plain text character. Those most likely to use such ciphers include criminals involved in clandestine activities that require incriminating records, such as drug trafficking, loansharking, and illegal bookmaking. Incarcerated criminals also use cipher systems to communicate with cohorts inside and outside of prison.
Simple Substitution Ciphers
A relatively basic form of substitution cipher is the Caesar Cipher, named for its Roman origins. The Caesar Cipher involves writing two alphabets, one above the other. The lower alphabet is shifted by one or more characters to the right or left and is used as the cipher text to represent the plain text letter in the alphabet above it.
A relatively basic form of substitution cipher is the Caesar Cipher, named for its Roman origins. The Caesar Cipher involves writing two alphabets, one above the other. The lower alphabet is shifted by one or more characters to the right or left and is used as the cipher text to represent the plain text letter in the alphabet above it.
Plain Text
|
|||||||||||||||||||||||||
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
J
|
K
|
L
|
M
|
N
|
O
|
P
|
Q
|
R
|
S
|
T
|
U
|
V
|
W
|
X
|
Y
|
Z
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
J
|
K
|
L
|
M
|
N
|
O
|
P
|
Q
|
R
|
S
|
T
|
U
|
V
|
W
|
X
|
Y
|
Z
|
A
|
Cipher Text
|
In this
example, the plain text K is enciphered with the cipher text L. The phrase
'Lucky Dog' would be enciphered as follows:
Plain Text:
|
L
|
U
|
C
|
K
|
Y
|
D
|
O
|
G
|
Cipher Text:
|
M
|
V
|
D
|
L
|
Z
|
E
|
P
|
H
|
Ciphers
can be made more secure by using a keyword to scramble one of the alphabets.
Keywords can be placed in the plain text, the cipher text, or both, and any
word can be used as a key if repeated letters are dropped. Here the word SECRETLY
(minus the second E) is used as the plain text keyword.
Plain Text
|
|||||||||||||||||||||||||
S
|
E
|
C
|
R
|
T
|
L
|
Y
|
A
|
B
|
D
|
F
|
G
|
H
|
I
|
J
|
K
|
M
|
N
|
O
|
P
|
Q
|
U
|
V
|
W
|
X
|
Z
|
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
J
|
K
|
L
|
M
|
N
|
O
|
P
|
Q
|
R
|
S
|
T
|
U
|
V
|
W
|
X
|
Y
|
Z
|
Cipher Text
|
It
is important to remember that the cipher text may utilize numbers, symbols, or
letter combinations to represent plain text characters.
Solving Simple Substitution
Ciphers
If the cryptanalyst knows which language the cipher was written in and has enough cipher text to work with, simple substitution ciphers can often be solved easily. Cryptanalysts use the following procedures when decrypting an unknown cipher:
If the cryptanalyst knows which language the cipher was written in and has enough cipher text to work with, simple substitution ciphers can often be solved easily. Cryptanalysts use the following procedures when decrypting an unknown cipher:
!
The cipher text message is identified from other
cipher text or plain text on the document.
! The number of different cipher text characters or combinations are counted to determine if the characters
or combinations represent plain text letters, numbers, or
both letters and numbers.
! Each cipher text character is counted to determine
the frequency of usage.
! The cipher text is examined for patterns, repeated
series, and common combinations.
cipher text or plain text on the document.
! The number of different cipher text characters or combinations are counted to determine if the characters
or combinations represent plain text letters, numbers, or
both letters and numbers.
! Each cipher text character is counted to determine
the frequency of usage.
! The cipher text is examined for patterns, repeated
series, and common combinations.
After
these analyses have been completed, the cryptanalyst begins to replace cipher
text characters with possible plain text equivalents using known language
characteristics. For example:
!
The English language is composed of 26 letters. However, the nine
high-frequency letters E, T, A, O, N, I, R, S, and H constitute 70 percent of
plain text.
! EN is the most common two-letter combination, followed by RE, ER, and NT.
! Vowels, which constitute 40 percent of plain text, are often separated by consonants.
! The letter A is often found in the beginning of a word or second from last. The letter I is often third from the end of a word.
! EN is the most common two-letter combination, followed by RE, ER, and NT.
! Vowels, which constitute 40 percent of plain text, are often separated by consonants.
! The letter A is often found in the beginning of a word or second from last. The letter I is often third from the end of a word.
Using
these and many other known language characteristics, a cryptanalyst can often
decipher a simple substitution cipher with little difficulty.
Keyword Number Ciphers
Most criminal ciphers are used to conceal numbers, especially telephone numbers, addresses, weights, and money amounts. Keyword number ciphers are the most common system for encrypting numbers and are used in the same manner as keyword alphabet ciphers. Normally these keywords are ten-letter words with no repeat letters.
Most criminal ciphers are used to conceal numbers, especially telephone numbers, addresses, weights, and money amounts. Keyword number ciphers are the most common system for encrypting numbers and are used in the same manner as keyword alphabet ciphers. Normally these keywords are ten-letter words with no repeat letters.
Plain Text:
|
1
|
2
|
3
|
4
|
5
|
6
|
7
|
8
|
9
|
0
|
Cipher Text:
|
B
|
L
|
A
|
C
|
K
|
H
|
O
|
R
|
S
|
E
|
Foreign
language keywords are often used. The following is an example of a drug ledger
that used a Spanish keyword cipher:
While decrypting the cipher, the cryptanalyst made the assumption that the letters represent numbers. If A+A+A = A, as set forth on the right-hand column, then A must equal 0 or 5. Using the same logic, if A+Q+Q = A, then Q must equal 5 and A must be 0. The cryptanalyst continued until the following relationships were established:
While decrypting the cipher, the cryptanalyst made the assumption that the letters represent numbers. If A+A+A = A, as set forth on the right-hand column, then A must equal 0 or 5. Using the same logic, if A+Q+Q = A, then Q must equal 5 and A must be 0. The cryptanalyst continued until the following relationships were established:
Plain Text:
|
0
|
1
|
2
|
3
|
4
|
5
|
6
|
7
|
8
|
9
|
Cipher Text:
|
A
|
T
|
S
|
Q
|
R
|
O
|
M
|
Further
analysis of other cipher text and anagramming the cipher text letters into an
intelligible word revealed the following reverse order key:
Plain Text:
|
9
|
8
|
7
|
6
|
5
|
4
|
3
|
2
|
1
|
0
|
Cipher Text:
|
M
|
I
|
O
|
R
|
Q
|
U
|
E
|
S
|
T
|
A
|
(my
orchestra in Spanish)
|
Number
ciphers do not require a keyword. An incarcerated drug dealer in an Arizona
prison sent a letter to a cohort instructing her to mail a shipment of drugs to
the following Georgia address:
Box BFC
GCDI Abercorn Drive
Savannah, GA 31206
The cipher text letters are all within the first nine letters of the alphabet. If
A is assumed to equal 0, then the following key would result.
Box BFC
GCDI Abercorn Drive
Savannah, GA 31206
The cipher text letters are all within the first nine letters of the alphabet. If
A is assumed to equal 0, then the following key would result.
Plain Text:
|
0
|
1
|
2
|
3
|
4
|
5
|
6
|
7
|
8
|
9
|
Cipher Text:
|
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
J
|
The
key can be verified by checking the resulting street address. If this key is
proved to be invalid, try moving the 0 to the end of the number series and
assume that A = 1 instead. In this example, the first assumption
proved to be correct. The notation A = 0 was found in the lower right-hand
corner of the prison letter, confirming the key.
Telephone Keypad Ciphers
A telephone keypad can be used to create a number cipher that is more difficult to break than a keyword system.
A telephone keypad can be used to create a number cipher that is more difficult to break than a keyword system.
|
Using
the above telephone keypad, the criminal can substitute numbers with the
letters corresponding to the telephone button. Numbers 0 and 1 can be
substituted with Q and Z (older telephone keypads do not have the letters Q or
Z). The telephone number (202) 324-5678, for example, could be enciphered any
of the following ways:
B Q B
|
|
D A G
|
K M R V
|
|
C Q A
|
|
F B I
|
J N P X
|
|
A Q B
|
|
E C H
|
|
L O S T
|
Telephone
keypad systems may use all 26 letters in the alphabet and thus are easily
confused with enciphered words. Further analysis of the letter combinations,
however, will disprove the possibility that the cipher text conceals words.
Once identified, telephone keypad ciphers are easily decrypted.
Masonic Cipher
The centuries old Masonic Cipher uses two tic-tac-toe diagrams and two X patterns to represent the letters of the alphabet. Letters are enciphered using the patterns formed by the intersecting lines and dots.
The centuries old Masonic Cipher uses two tic-tac-toe diagrams and two X patterns to represent the letters of the alphabet. Letters are enciphered using the patterns formed by the intersecting lines and dots.
|
|
|
|
The
name Bob Smith would be encrypted as follows:
|
Tic-Tac-Toe Cipher
A variation of the Masonic Cipher used to encrypt numbers is the tic-tac-toe cipher. Using this pattern, each number can be enciphered with the character that is formed by the intersecting lines surrounding each number. The 0 is enciphered using an X.
A variation of the Masonic Cipher used to encrypt numbers is the tic-tac-toe cipher. Using this pattern, each number can be enciphered with the character that is formed by the intersecting lines surrounding each number. The 0 is enciphered using an X.
|
|
Ciphers
are created by replacing individual characters of plain text with cipher text
characters. Codes differ from cipher systems in that code text may represent
letters, numbers, words, or phrases. Codes are typically used to add two
elements to communications: secrecy and brevity. Military and espionage code
systems place the greatest emphasis on secrecy; civilian agencies and
corporations use technical codes for brevity, often with no concern for
security. Criminals use codes for both purposes. Unlike cipher systems which
can be deciphered using set procedures and techniques, codes cannot be
deciphered without some knowledge of what the writer is attempting to conceal.
Sports Bookmaking Codes
Illegal bookmaking operations require detailed business records to record wagers placed, game lines and outcomes, bettor names, and account balances. On the basis of these record-keeping needs, bookmakers typically make extensive use of codes. Brevity is the main purpose for the codes, but the codes also provide an element of secrecy. Some bookmaking operations rely on specialized codes known only to the bookmaker and his clerks, but many bookmaking codes are well known among bookmakers throughout the United States.
The following are examples of how a sports bookmaking operation can encode a losing $1000 wager on the Dallas Cowboys plus 6 ½ points:
Illegal bookmaking operations require detailed business records to record wagers placed, game lines and outcomes, bettor names, and account balances. On the basis of these record-keeping needs, bookmakers typically make extensive use of codes. Brevity is the main purpose for the codes, but the codes also provide an element of secrecy. Some bookmaking operations rely on specialized codes known only to the bookmaker and his clerks, but many bookmaking codes are well known among bookmakers throughout the United States.
The following are examples of how a sports bookmaking operation can encode a losing $1000 wager on the Dallas Cowboys plus 6 ½ points:
K100-DAL+ 6-
|
200X
|
L
|
K100 is
a coded account designation representing a bettor. The hyphen (-) after the
numeral 6 indicates the line at 6 ½. The X indicates a multiplication by 5,
thus 200X = $200 X 5, or $1000. The L indicates a losing wager.
Dave-Cowboys
|
+6'
|
Dime
|
-1100
|
Here
the name of the bettor is given. The apostrophe after the six indicates the
half point in the line. Dime means a $1,000 wager. No win or lose
indicator is present. Instead the bookmaker notes the amount owed by the bettor
for the losing wager.
Dave-#23
|
+6-
|
10
|
-1100
|
In this
example, the team name is substituted by its unique rotation number. Team
rotation numbers are assigned on a weekly basis and can be found in sports
schedules. The bookmaker dropped the 00 in the wager amount, thus the 10
represents a $1000 wager.
Dave-Boys+6-
|
200T
|
X
|
Boys
is a slang name for the Dallas Cowboys. The 200T indicates 200 X 5 as in the
first example. The X indicates a losing wager.
|
Team names are substituted by code numbers in the above sports wagers. The arrows indicate over or under wagers on the total score of the game. The bookmaker has dropped the zeros to conceal the true amounts of money wagered: the numeral 1 indicates a $100 wager and the ½ indicates a $50 wager.
Horse Race Bookmaking Codes
Horse wagering codes differ from sports wagers, because the terminology and information requirements are unique. A wager on horse #4, Lucky Star, in the third race at Pimlico Track could be written as follows.
Horse wagering codes differ from sports wagers, because the terminology and information requirements are unique. A wager on horse #4, Lucky Star, in the third race at Pimlico Track could be written as follows.
P/3
|
#4
|
5-2-2
|
W
|
4.2/2.3/1.9
|
P/3
indicates the third race at Pimlico, and #4 is the horse number. The 5-2-2
indicates a $5 wager to win and $2 wagers to place and show. The W indicates
the horse won. The dollar amounts indicate payoff amounts for the win, place,
and show.
BP
|
Pim-3
|
Lucky
|
Star
|
X5X
|
Here
the code BP represents the bettor. Pim-3 indicates the track and race. X5X
denotes a $5 wager to place. No wager is made on the win or show positions.
Numbers Bookmaking Codes
Numbers wagers indicate the number drawing, the bettor, the number wagered on, and the amount and type of wager.
Numbers wagers indicate the number drawing, the bettor, the number wagered on, and the amount and type of wager.
TICCO
|
Mid
|
435
|
2C
|
Here
account TICCO placed a $2 combination wager on number 435 on the midday lottery
drawing.
Drug Codes
Drug records normally consist of dates, accounts, units, prices, and sometimes drug types. Drug traffickers often use codewords to disguise their activity, and these are limited only by the imagination of the drug trafficker. Typically different codewords are used in conversation to differentiate between drug types. For example, the code white indicates cocaine, and green indicates marijuana.
Drug records normally consist of dates, accounts, units, prices, and sometimes drug types. Drug traffickers often use codewords to disguise their activity, and these are limited only by the imagination of the drug trafficker. Typically different codewords are used in conversation to differentiate between drug types. For example, the code white indicates cocaine, and green indicates marijuana.
Pager Codes
Pager codes are popular among street drug dealers and are often used by regular drug customers to communicate with sellers. The following is an example of a series of coded pager messages between a drug purchaser and a seller.
Pager codes are popular among street drug dealers and are often used by regular drug customers to communicate with sellers. The following is an example of a series of coded pager messages between a drug purchaser and a seller.
772 111
|
The code 772 is the identity of the customer inquiring
about the price of one ounce of cocaine.
|
007 1150
|
The code 007 is the identity of the seller, and the price
for one ounce is $1150.
|
772 222 432
|
Account 772 wants to purchase two ounces of cocaine, and
the seller is asked to call 772's cell telephone number (432 is the telephone
number prefix).
|
Pager
codes can also be used by traffickers who are transporting drugs over long
distances.
823
|
95
|
12
|
333
|
The
code 823 is the identity of a drug courier traveling on Interstate 95 at Exit
12. The code 333 indicates everything is fine. If the driver wanted to
communicate that he or she had been delayed by vehicle repairs or stopped by
police, the code 999 (stopped for repairs) or 911 (under arrest) could be used.
The
ciphers and codes presented are examples of the many cryptographic systems used
by criminals. Many of the ciphers and codes in this article can be easily
decrypted, but in some instances, deciphering a code or cipher requires special
training.
Source
– FBI
Reality
views by sm –
Wednesday,
April 03, 2013
Tags
– Ciphers Codes Science
2 comments:
that was cool!
@MEcoy
thanks.