Cicada 3301 was some sort of a group of cryptography, privacy enthusiasts who tried to form an online fraternity. They try to imitate the Rhodes-Milner-Stead secret society with no name, and no rituals and no membership. They posted a set of puzzles over a few years which people had to solve to join them.
Here is the entire Cicada Playbook for how they design their puzzles:
- Steganography: Outguess-able images. Steganographic methods involving audio files and boot-sectors
- Classic ciphers: Book-codes, Substitution ciphers, Esoteric scripts
- Geo-coded shenanigans: Geocoded locations with QR codes
- Social Media and TOR: Hidden services. Hidden URLs, subreddits/twitter
- Basic Modern Cryptanalysis: Weak RSA key cracking
- Basic Programming and DevOps: Basic Network Programming, and TOR hidden service administration.
Based on 13 QR codes they posted in nations aligned with the USA around 2012 shows there were ~13 members in it in 2012.
Compare this to the MI6/GHCQ recruitment playbook:
- Steganography: x86 instructions which print clues. hypothetical RISC machines which need to be emulated to get clues.
- Advanced Modern Cryptanalysis: pre-image attacks, differential cryptanalysis, etc.
- Social Media and TOR: Hidden URLs
MI6/GHCQ puzzles are vastly superior to Cicada puzzles. So my best guess is that Cicada isn’t as great as we think they are. Moreover, the emphasis on the practical nature of the puzzles i.e. network programming, and DevOps points to the possibility that they are activist by nature.