|
|
|
Codes and Ciphers |
|
Racketeering Records Analysis Unit Federal Bureau of Investigation Washington, DC |
For as long as man has had
the ability to communicate, secrecy has been sought. Over the
centuries various methods of secret writing, or cryptography,
have been developed for numerous purposes. The two major categories
of cryptographic systems are ciphers and codes, both of which
are used extensively by criminals to conceal clandestine records,
conversations, and writings.
Cryptology is the scientific study of cryptography and includes
cryptanalytics, which deals with methods of solving cryptographic
systems. This article is an introduction to the variety of secret
writing encountered in law enforcement and describes the role
of FBI cryptanalysts in examining and deciphering these criminal
codes and ciphers.
Back
to the top
Ciphers involve the replacement
of true letters or numbers (plain text) with different characters
(cipher text) or the systematic rearrangement of the true letters
without changing their identities to form an enciphered message.
Cipher systems have been common since ancient times and vary
in degree of complexity and sophistication. The Enigma Cipher
Machine used by the Germans during World War II, for example,
was thought to be unbreakable. Only after the fighting had concluded
did it become known that the Allies had broken the cipher and
had been reading secret German communications throughout the
war.
Criminals have a long history of using cipher systems. During
the Prohibition Era, rum runners in ships off the East and West
Coasts of the United States used a variety of cipher systems,
including advanced cipher machines, to communicate with their
confederates on shore. The United States Coast Guard and the
Department of Commerce pooled their resources to intercept and
decipher the rum runners' messages. In 1969 the Zodiac Killer,
who terrorized California's Bay Area during the 1960s and 1970s,
sent a three-part cipher message to area newspapers explaining
his motive for killing. This complex cipher used more than fifty
shapes and symbols to represent the 26 letters of the alphabet
but was broken in hours by a high school history teacher and
his wife.
Criminals typically use homemade, simple substitution cipher
systems which use a single cipher text character to replace a
plain text character. Those most likely to use such ciphers include
criminals involved in clandestine activities that require incriminating
records, such as drug trafficking, loansharking, and illegal
bookmaking. Incarcerated criminals also use cipher systems to
communicate with cohorts inside and outside of prison.
Back to
the top
Simple Substitution Ciphers
A relatively basic
form of substitution cipher is the Caesar Cipher, named for its
Roman origins. The Caesar Cipher involves writing two alphabets,
one above the other. The lower alphabet is shifted by one or
more characters to the right or left and is used as the cipher
text to represent the plain text letter in the alphabet above
it.
Plain Text | |||||||||||||||||||||||||
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | A |
Cipher Text |
Plain Text: | L | U | C | K | Y | D | O | G |
Cipher Text: | M | V | D | L | Z | E | P | H |
Plain Text | |||||||||||||||||||||||||
S | E | C | R | T | L | Y | A | B | D | F | G | H | I | J | K | M | N | O | P | Q | U | V | W | X | Z |
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
Cipher Text |
Solving Simple Substitution Ciphers
If the cryptanalyst
knows which language the cipher was written in and has enough
cipher text to work with, simple substitution ciphers can often
be solved easily. Cryptanalysts use the following procedures
when decrypting an unknown cipher:
! The cipher text message is identified from other
cipher text or plain text on the document.
! The number of different cipher text characters or combinations are counted to determine if the characters
or combinations represent plain text letters, numbers, or
both letters and numbers.
! Each cipher text character is counted to determine
the frequency of usage.
! The cipher text is examined for patterns, repeated
series, and common combinations.
After these analyses have been completed, the cryptanalyst begins to replace cipher text characters with possible plain text equivalents using known language characteristics. For example:
! The English language is composed of 26 letters. However, the nine high-frequency letters E, T, A, O, N, I, R, S, and H constitute 70 percent of plain text.
! EN is the most common two-letter combination, followed by RE, ER, and NT.
! Vowels, which constitute 40 percent of plain text, are often separated by consonants.
! The letter A is often found in the beginning of a word or second from last. The letter I is often third from the end of a word.
Using these and many other
known language characteristics, a cryptanalyst can often decipher
a simple substitution cipher with little difficulty.
Back to
the top
Keyword
Number Ciphers
Most criminal ciphers
are used to conceal numbers, especially telephone numbers, addresses,
weights, and money amounts. Keyword number ciphers are the most
common system for encrypting numbers and are used in the same
manner as keyword alphabet ciphers. Normally these keywords are
ten-letter words with no repeat letters.
Plain Text: | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 |
Cipher Text: | B | L | A | C | K | H | O | R | S | E |
Plain Text: | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
Cipher Text: | A | T | S | Q | R | O | M |
Plain Text: | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
Cipher Text: | M | I | O | R | Q | U | E | S | T | A |
Plain Text: | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
Cipher Text: | A | B | C | D | E | F | G | H | I | J |
Telephone Keypad Ciphers
A
telephone keypad can be used to create a number cipher that is
more difficult to break than a keyword system.
|
|
|
|
|||||||||
|
|
|
|||||||||
|
|
|
Masonic
Cipher
The
centuries old Masonic Cipher uses two tic-tac-toe diagrams and
two X patterns to represent the letters of the alphabet. Letters
are enciphered using the patterns formed by the intersecting
lines and dots.
Tic-Tac-Toe
Cipher
A
variation of the Masonic Cipher used to encrypt numbers is the
tic-tac-toe cipher. Using this pattern, each number can be enciphered
with the character that is formed by the intersecting lines surrounding
each number. The 0 is enciphered using an X.
Ciphers are
created by replacing individual characters of plain text with
cipher text characters. Codes differ from cipher systems in that
code text may represent letters, numbers, words, or phrases.
Codes are typically used to add two elements to communications:
secrecy and brevity. Military and espionage code systems place
the greatest emphasis on secrecy; civilian agencies and corporations
use technical codes for brevity, often with no concern for security.
Criminals use codes for both purposes. Unlike cipher systems
which can be deciphered using set procedures and techniques,
codes cannot be deciphered without some knowledge of what the
writer is attempting to conceal.
Back
to the top
Sports
Bookmaking Codes
Illegal
bookmaking operations require detailed business records to record
wagers placed, game lines and outcomes, bettor names, and account
balances. On the basis of these record-keeping needs, bookmakers
typically make extensive use of codes. Brevity is the main purpose
for the codes, but the codes also provide an element of secrecy.
Some bookmaking operations rely on specialized codes known only
to the bookmaker and his clerks, but many bookmaking codes are
well known among bookmakers throughout the United States.
The following are examples of how a sports bookmaking operation
can encode a losing $1000 wager on the Dallas Cowboys plus 6
½ points:
K100-DAL+ 6- | 200X | L |
Dave-Cowboys | +6' | Dime | -1100 |
Dave-#23 | +6- | 10 | -1100 |
Dave-Boys+6- | 200T | X |
Horse Race Bookmaking Codes
Horse wagering codes
differ from sports wagers, because the terminology and information
requirements are unique. A wager on horse #4, Lucky Star, in
the third race at Pimlico Track could be written as follows.
P/3 | #4 | 5-2-2 | W | 4.2/2.3/1.9 |
BP | Pim-3 | Lucky | Star | X5X |
Numbers Bookmaking Codes
Numbers
wagers indicate the number drawing, the bettor, the number wagered
on, and the amount and type of wager.
TICCO | Mid | 435 | 2C |
Drug
Codes
Drug
records normally consist of dates, accounts, units, prices, and
sometimes drug types. Drug traffickers often use codewords to
disguise their activity, and these are limited only by the imagination
of the drug trafficker. Typically different codewords are used
in conversation to differentiate between drug types. For example,
the code white indicates cocaine, and green indicates marijuana.
Back
to the top
Pager
Codes
Pager
codes are popular among street drug dealers and are often used
by regular drug customers to communicate with sellers. The following
is an example of a series of coded pager messages between a drug
purchaser and a seller.
772 111 | The code 772 is the identity of the customer inquiring about the price of one ounce of cocaine. |
007 1150 | The code 007 is the identity of the seller, and the price for one ounce is $1150. |
772 222 432 | Account 772 wants to purchase two ounces of cocaine, and the seller is asked to call 772's cell telephone number (432 is the telephone number prefix). |
823 | 95 | 12 | 333 |
The ciphers
and codes presented are examples of the many cryptographic systems
used by criminals. Many of the ciphers and codes in this article
can be easily decrypted, but in some instances, deciphering a
code or cipher requires special training.
The Racketeering Records Analysis Unit (RRAU) of the Federal
Bureau of Investigation's Laboratory in Washington, DC, is staffed
with qualified cryptanalysts who have specialized training in
the areas of cryptanalysis, drug trafficking, money laundering,
and racketeering activities. The services of RRAU are available
to assist federal, state, and local law enforcement agencies
in the analysis of clandestine business records relating to illegal
gambling, drug trafficking, money laundering, loansharking, and
prostitution. RRAU examiners and analysts are available for expert
testimony, pretrial advice and assistance, and on-site examinations
and consultations. For additional information, contact the RRAU
at the following:
Federal Bureau of Investigation
Racketeering Records Analysis Unit
Room 4712
935 Pennsylvania Avenue, NW
Washington, DC 20535
Telephone: (202) 324-2500
Facsimile: (202) 324-1090
E-mail: labrrau@fbi.gov
FORENSIC SCIENCE COMMUNICATIONS JANUARY 2000 VOLUME 2 NUMBER 1
|