This article was downloaded by: [110.3.244.32] Publisher: Taylor & Francis
Transcription
This article was downloaded by: [110.3.244.32] Publisher: Taylor & Francis
This article was downloaded by: [110.3.244.32] On: 09 August 2013, At: 22:53 Publisher: Taylor & Francis Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Cryptologia Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/ucry20 Breaking the BTK Killer's Cipher Jeanne Anderson Published online: 08 Jul 2013. To cite this article: Jeanne Anderson (2013) Breaking the BTK Killer's Cipher, Cryptologia, 37:3, 204-209, DOI: 10.1080/01611194.2013.797047 To link to this article: http://dx.doi.org/10.1080/01611194.2013.797047 PLEASE SCROLL DOWN FOR ARTICLE Taylor & Francis makes every effort to ensure the accuracy of all the information (the “Content”) contained in the publications on our platform. However, Taylor & Francis, our agents, and our licensors make no representations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose of the Content. Any opinions and views expressed in this publication are the opinions and views of the authors, and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be relied upon and should be independently verified with primary sources of information. Taylor and Francis shall not be liable for any losses, actions, claims, proceedings, demands, costs, expenses, damages, and other liabilities whatsoever or howsoever caused arising directly or indirectly in connection with, in relation to or arising out of the use of the Content. This article may be used for research, teaching, and private study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. Terms & Conditions of access and use can be found at http://www.tandfonline.com/page/termsand-conditions Cryptologia, 37:204–209, 2013 ISSN: 0161-1194 print DOI: 10.1080/01611194.2013.797047 Breaking the BTK Killer’s Cipher JEANNE ANDERSON Downloaded by [110.3.244.32] at 22:53 09 August 2013 Abstract For over 30 years, a serial killer terrorized Kansas and the surrounding areas, his modus operandi: Bind, Torture, Kill. While many are exceedingly familiar with the notorious BTK murders, few are aware of the existence of a cipher written by the BTK killer. This article introduces the BTK killer, the cipher system he employed, and the cryptanalysis of the enciphered message that he himself could not remember how to break. Keywords bifid, BTK, cryptanalysis, Cryptanalysis and Racketeering Records Unit, Dennis Rader, fractionating cipher, serial killer In the winter of 1974, a young family—husband, wife, son, and daughter—were brutally murdered inside their Wichita, Kansas home. Unbeknownst to law enforcement at the time, these homicides marked the gruesome inception of the BTK killer’s reign of terror. This serial killer’s self-described technique for his victims was to ‘‘bind them, [torture] them, kill them, B.T.K.’’ [1, pp. 43–44]. The 17 years following this initial slaughter yielded another six violent murders by the BTK killer. After 1991, the killing appeared to stop, but fear continued to linger as all leads turned cold, and a suspect had yet to be apprehended. Then, in 2004, the BTK killer resurfaced. Media outlets in Wichita began to receive streams of written communications that, while igniting fear of additional murders, proved to be the opportunity law enforcement needed to catch the killer. The communications validated the BTK killer’s identity by including pieces of evidence from the crime scenes and details that had never been released to the public. This reemergence seemed to be triggered out of concern with claiming credit for his murders and ensuring that Robert Beattie, the author of a new book on the BTK killer, informed the world that BTK was still alive and well. In March of 2004, a letter was sent to the Wichita Eagle newspaper with the sender’s name listed on the envelope as ‘‘Bill Thomas Killman’’ [1, p. 239]. Details about this communication were kept very private, as it contained evidence relating to the previously unsolved murder of Vicki Wegerle. Wegerle’s murder occurred in 1986, 18 years before receipt of this letter, and her murder had not previously been attributed to the BTK killer. The contents of this envelope changed that entirely. At the time of her murder, Vicki Wegerle’s driver’s license had been taken. The envelope sent to the newspaper contained a photocopy of her driver’s license, three photocopied photographs of the crime scene, and a hand-drawn BTK symbol. Additionally, the text string in Figure 1 was included at the top of the page. This article is not subject to United States copyright law. Address correspondence to Jeanne Anderson, Federal Bureau of Investigation, CRRU, 2501 Investigation Parkway, Quantico, VA 22135, USA. E-mail: [email protected] 204 Breaking the BTK Killer’s Cipher 205 Downloaded by [110.3.244.32] at 22:53 09 August 2013 Figure 1. Ciphertext submitted in 2004 letter to the Wichita Eagle. The Federal Bureau of Investigation’s (FBI) Cryptanalysis and Racketeering Records Unit (CRRU) received copies of this text string shortly after the handoff from the Wichita Eagle to the Wichita Police Department. CRRU cryptanalysts worked tirelessly on this potential cipher, but to no avail. At the time of this letter, the BTK killer had only seven known victims, so it was theorized that the ‘‘7’’ could refer to known victims, and the ‘‘14’’ could refer to the total number of victims, known and unknown, or to the BTK killer’s total intended victims. With no additional information available and all attempts leading nowhere, work on this potential cipher moved no farther than these theories. In 2005, in a series of exchanges between the BTK killer and the police, BTK asked if floppy disks were traceable or if he could use them to communicate anonymously. Police cryptically replied that ‘‘it will be OK’’ [3]. The BTK killer, though later shocked that police would dare to deceive him, proceeded to send a package containing a floppy disk to a Wichita television station. Once passed to the police, metadata easily recovered from this disk provided the name ‘‘Dennis’’ and association to a Lutheran church [1, p. 319]. A quick Internet search yielded a deacon in this church named Dennis Rader (Figure 2), his address, and that his family owned a black Jeep similar to one observed on a surveillance camera during one of his message drops. Investigators went a step further to confirm his identity; they received positive results after testing DNA evidence from the BTK crime scenes against DNA from Rader’s daughter that they had obtained via subpoena. Soon after this, in May of 2005, the police took Dennis Rader into custody. He proceeded to confess to 10 murders and provide graphic details about each. Rader is currently serving 10 consecutive life sentences in prison, one for each of his victims [3]. It was not until Dennis Rader’s interrogation that the first clues emerged regarding the still unsolved 2004 cipher, yet even with those clues, it remained unbroken. During the interrogation, investigators requested that Rader decipher the message. Figure 2. Dennis Rader. (Source: http://en.wikipedia.org/wiki/Dennis_Rader; accessed 2 January 2013.) (Color figure available online.) 206 J. Anderson Downloaded by [110.3.244.32] at 22:53 09 August 2013 He tried but failed. Rader filled up sheets of notebook paper attempting to solve his cipher, but despite being the author of the message, Rader could not remember how to decipher it. He maintained that it was enciphered using a ‘‘German Fraction code’’ from World War II he had learned during his four years in the Air Force. He further claimed that the message, when deciphered, would read, ‘‘Let Beatty [sic] know for his book’’ [2, p. 235] and used the keyword ‘‘PJ Piano.’’ Rader referred to his murders as ‘‘Projects,’’ which he abbreviated ‘‘PJs.’’ ‘‘PJ Piano’’ referred to Vicki Wegerle’s murder because Rader said he heard her playing the piano when he entered her home to murder her. The FBI’s cryptanalysts now had what should have been more than enough information to piece together Rader’s system: Ciphertext: Alleged plaintext: Alleged key: Alleged system: GBSOAP7-TNLTRDEITBSFAV14 LET BEATTY KNOW FOR HIS BOOK PJ PIANO German Fraction code FBI cryptanalysts identified the bifid cipher as a very likely possibility for the ‘‘fraction code’’ that Rader referred to. David Kahn traced the origin of the bifid cipher system to Félix Marie Delastelle’s book, Traité Élémentaire de Cryptographie, published in 1902. Kahn described this as a ‘‘fractionating system’’ [4, p. 242–243], a name that Rader could easily have altered to what he called a ‘‘fraction code.’’ Years later, despite devoting countless hours to the cipher, little progress had been made. With all this information, the fact that the system still had not been pieced together made it clear that something or someone was wrong. In 2012, CRRU received a copy of one sheet of the BTK killer’s working notes found after his arrest in what Rader referred to as his ‘‘mother lode’’ [3]. This single piece of paper would provide all of the information needed to finally put this cipher to rest. The note showed not only the effort Rader expended to encipher his message, but also revealed the mistakes that had been made throughout the encipherment and transcription process that had caused the solution to the ‘‘GBSOAP7TNLTRDEITBSFAV14’’ cipher to elude cryptanalysts for so long. The mother lode note proved immediately that CRRU had been correct in the conclusion that the bifid system had been used. To encipher a message using a bifid cipher, one first creates a Polybius square, or checkerboard, and then obtains coordinates for the plaintext message using this matrix. An additional layer of complexity can be added in creating this matrix by using a keyword mixed alphabet.1 Figure 3 shows Rader’s matrix from the mother lode notes. This matrix uses keyword ‘‘PIANO’’ and combines J=K rather than the I=J combination used in most Polybius squares. As seen in Figure 3, Rader erred in combining X=Y; Y stands alone in the next cell. Using a bifid cipher as intended next involves compiling coordinates for the plaintext message. For example, using the Figure 2 matrix, the coordinates for ‘‘PJ PIANO’’ should be ‘‘1=1, 3=3, 1=1, 1=2, 1=3, 1=4, 1=5.’’ Rader’s next deviation from the standard bifid system was in reversing the coordinates. Rather than using standard row=column order for the coordinates, 1 The CRRU had tried several matrices, keying them with ‘‘PJIANO’’ (rather than PJ PIANO, since P should only be used once in the matrix), PIANO, BTK, etc., the matrix used to encipher the ‘‘GBSOAP . . . ’’ cipher was among those tried. Breaking the BTK Killer’s Cipher 207 Downloaded by [110.3.244.32] at 22:53 09 August 2013 Figure 3. Matrix for the BTK killer’s bifid system. Rader wrote them as column=row coordinates. Therefore, using Rader’s system, the coordinate listing above would be reversed to yield ‘‘1=1, 3=3, 1=1, 2=1, 3=1, 4=1, 5=1.’’ Figure 4 shows Rader’s working notes as he compiled the column=row coordinates for the plaintext ‘‘PJ PIANO.’’ Figure 5 shows step-by-step encipherment of ‘‘PJ PIANO,’’ described as follows. Once the coordinates are compiled as in Figure 4, the bifid system indicates that they should be read in pairs horizontally, left to right, with the top set of coordinates (in the BTK’s system, column coordinates) followed by the bottom set (here, row coordinates). When read in pairs, the new ‘‘PJ PIANO’’ coordinates become ‘‘1=3, 1=2, 3=4, 5=1, 3=1, 1=1, 1=1.’’ These new coordinates are then referenced to the original matrix to produce ciphertext. Using Figure 3’s matrix, these coordinates (read column=row) become ‘‘GBSOAPP.’’ The first portion of the ciphertext sent in 2004 to the Wichita Eagle read ‘‘GBSOAP7,’’ thus showing Rader’s next mistake. With this first portion of the intended plaintext message being ‘‘PJ PIANO,’’ it is clear that Rader was adding a checksum of sorts to remind him how many characters he enciphered. The ‘‘7’’ refers to the seven letters in ‘‘PJ PIANO.’’ Rather than transcribing Figure 4. BTK compiling column=row coordinates for ‘‘PJ PIANO,’’ the first portion of his message and his code name for Vicki Wegerle’s murder. (Color figure available online.) Figure 5. Step by step encipherment of ‘‘PJ PIANO’’ using Rader’s system. Downloaded by [110.3.244.32] at 22:53 09 August 2013 208 J. Anderson the correct ciphertext, however, Rader omitted one of the ‘‘P’’s and ‘‘GBSOAPP’’ became ‘‘GBSOAP,’’ only six characters. It is clear that the second ‘‘P’’ is essential to breaking this message, as reversing this system using the ciphertext BTK provided yields ‘‘VAGIAN,’’ rather than the intended ‘‘PJ PIANO.’’ The second portion of the enciphered BTK message, separated from the first portion by a hyphen, involves similar missteps by Rader. In following his system to encipher ‘‘LET BEATTIE KNOW,’’ Rader should have used the Figure 3 matrix to find his column=row coordinates and then compiled all the column coordinates sequentially followed by all of the row coordinates. Instead, he ran out of room on his notes sheet and wrote his message in two lines, as shown in Figure 6. He compiled the first line’s column coordinates, the first line’s row coordinates, and then the second line’s column coordinates and the second line’s row coordinates. One would have had to know the exact line-by-line breakup that Rader used when writing the plaintext message in order to cryptanalyze it successfully. Using this two line message breakup, the new coordinates Rader created were as follows: ‘‘4=4, 4=1, 4=3, 4=4, 2=4, 3=2, 4=2, 2=1, 4=4, 1=2, 3=4, 5=2, 3=1, 1=5.’’ Using the Figure 3 matrix, this ciphertext becomes ‘‘TNLTRDEITBSFAV.’’ The final ‘‘14’’ is meant to be the checksum for the 14 characters of the message ‘‘LET BEATTIE KNOW.’’ This portion’s checksum matches the number of ciphertext characters, as Rader did not err by omitting anything from this portion as he did in the first section. Using the correct system and key, but without knowing Rader’s line-by-line breakup, the message would have decrypted to ‘‘ENTQNDLTWE(J=K)INW.’’ Had Rader extracted his new coordinates by considering the entire message’s column coordinates and then row coordinates, rather than line-by-line, the correct ciphertext for his plaintext message would have been ‘‘TNLTRSFDEITBAV.’’ While this contains the same letters, their transposed order produces a completely different message when decrypted. Some might suggest that Rader intended to make the system more secure by intentionally breaking up the message into a period of 10 (in this case, a period of 10 would explain the line break after the first 10 ciphertext characters); however, in analyzing the entirety of his working notes, it is clear that he does not remain consistent with a period of 10. His notes indicate that he did indeed run out of room on the paper, and it was this that prompted the line break. This is further confirmed as he later attempts to continue the message as one continuous stream, rather than in the 10- and four-letter portions he previously enciphered. Despite being unable to decipher his own ciphertext, Rader seemed to view this as an obvious system with a message that should have been read immediately. In Figure 6. BTK compiling column=row coordinates for the second portion of his message. Breaking the BTK Killer’s Cipher 209 Table 1. Comparison between alleged details from the interrogation and actual details as proven through the mother lode working notes Alleged Actual Downloaded by [110.3.244.32] at 22:53 09 August 2013 Ciphertext GBSOAP7-TNLTRDEITBSFAV14 GBSOAP TNLTRDEITBSFAV Plaintext LET BEATTY KNOW FOR PJ PIANO LET BEATTIE HIS BOOK KNOW Key PJ PIANO PIANO System German Fraction Code Bifid Cipher retrospect, Rader’s multitude of errors in enciphering and transcribing his message help explain why his ciphertext was not broken sooner. With differences between the alleged and actual plaintext and key (Table 1) in addition to Rader’s flawed work, the working notes obtained from Rader’s ‘‘mother lode’’ were essential in reconstructing the system the BTK killer used. Though the content of the plaintext message turned out to be similar to Rader’s allegation, verifying this was highly important. While Rader was taken aback when law enforcement tricked him into providing information on a disk, lies from a serial killer would be significantly less surprising. Dennis Rader’s exhaustive confessions turned the details of his killing spree into public record which law enforcement verified; now, the contents of his enciphered message are also public and verified. Acknowledgements This is publication 13-04 of the Laboratory Division of the FBI. The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of the FBI or the U.S. Government. This work was prepared as part of their official duties. Title 17 U.S.C. 105 provides that ‘‘copyright protection under this title is not available for any work of the United States Government.’’ Title 17 U.S.C. 101 defines a United States Government work as a work prepared by an employee of the United States Government as a part of that person’s official duties. About the Author Jeanne Anderson studied mathematics and economics at Georgetown College and Oxford University. She is currently a cryptanalyst in the Cryptanalysis and Racketeering Records Unit of the Federal Bureau of Investigation. References 1. Beattie, R. 2005. Nightmare in Wichita. New York: New American Library. 2. Douglas, J. and J. Dodd. 2008. Inside the Mind of BTK: The True Story Behind the Thirty-Year Hunt for the Notorious Wichita Serial Killer. San Francisco: Jossey-Bass. 3. Hansen, M. 2006. ‘‘How the Cops Caught BTK,’’ ABA Journal. http://www.abajournal. com/magazine/article/how_the_cops_caught_btk/ (accessed 6 November 2012). 4. Kahn, D. 1996. The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet. New York: Scribner.