This article was downloaded by: [110.3.244.32] Publisher: Taylor & Francis

Transcription

This article was downloaded by: [110.3.244.32] Publisher: Taylor & Francis
This article was downloaded by: [110.3.244.32]
On: 09 August 2013, At: 22:53
Publisher: Taylor & Francis
Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered
office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK
Cryptologia
Publication details, including instructions for authors and
subscription information:
http://www.tandfonline.com/loi/ucry20
Breaking the BTK Killer's Cipher
Jeanne Anderson
Published online: 08 Jul 2013.
To cite this article: Jeanne Anderson (2013) Breaking the BTK Killer's Cipher, Cryptologia, 37:3,
204-209, DOI: 10.1080/01611194.2013.797047
To link to this article: http://dx.doi.org/10.1080/01611194.2013.797047
PLEASE SCROLL DOWN FOR ARTICLE
Taylor & Francis makes every effort to ensure the accuracy of all the information (the
“Content”) contained in the publications on our platform. However, Taylor & Francis,
our agents, and our licensors make no representations or warranties whatsoever as to
the accuracy, completeness, or suitability for any purpose of the Content. Any opinions
and views expressed in this publication are the opinions and views of the authors,
and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content
should not be relied upon and should be independently verified with primary sources
of information. Taylor and Francis shall not be liable for any losses, actions, claims,
proceedings, demands, costs, expenses, damages, and other liabilities whatsoever or
howsoever caused arising directly or indirectly in connection with, in relation to or arising
out of the use of the Content.
This article may be used for research, teaching, and private study purposes. Any
substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing,
systematic supply, or distribution in any form to anyone is expressly forbidden. Terms &
Conditions of access and use can be found at http://www.tandfonline.com/page/termsand-conditions
Cryptologia, 37:204–209, 2013
ISSN: 0161-1194 print
DOI: 10.1080/01611194.2013.797047
Breaking the BTK Killer’s Cipher
JEANNE ANDERSON
Downloaded by [110.3.244.32] at 22:53 09 August 2013
Abstract For over 30 years, a serial killer terrorized Kansas and the surrounding
areas, his modus operandi: Bind, Torture, Kill. While many are exceedingly
familiar with the notorious BTK murders, few are aware of the existence of a
cipher written by the BTK killer. This article introduces the BTK killer, the cipher
system he employed, and the cryptanalysis of the enciphered message that he
himself could not remember how to break.
Keywords bifid, BTK, cryptanalysis, Cryptanalysis and Racketeering Records
Unit, Dennis Rader, fractionating cipher, serial killer
In the winter of 1974, a young family—husband, wife, son, and daughter—were
brutally murdered inside their Wichita, Kansas home. Unbeknownst to law enforcement at the time, these homicides marked the gruesome inception of the BTK killer’s
reign of terror. This serial killer’s self-described technique for his victims was to
‘‘bind them, [torture] them, kill them, B.T.K.’’ [1, pp. 43–44].
The 17 years following this initial slaughter yielded another six violent murders
by the BTK killer. After 1991, the killing appeared to stop, but fear continued to
linger as all leads turned cold, and a suspect had yet to be apprehended. Then, in
2004, the BTK killer resurfaced. Media outlets in Wichita began to receive streams
of written communications that, while igniting fear of additional murders, proved to
be the opportunity law enforcement needed to catch the killer. The communications
validated the BTK killer’s identity by including pieces of evidence from the crime
scenes and details that had never been released to the public. This reemergence
seemed to be triggered out of concern with claiming credit for his murders and
ensuring that Robert Beattie, the author of a new book on the BTK killer, informed
the world that BTK was still alive and well.
In March of 2004, a letter was sent to the Wichita Eagle newspaper with the
sender’s name listed on the envelope as ‘‘Bill Thomas Killman’’ [1, p. 239]. Details
about this communication were kept very private, as it contained evidence relating
to the previously unsolved murder of Vicki Wegerle. Wegerle’s murder occurred in
1986, 18 years before receipt of this letter, and her murder had not previously been
attributed to the BTK killer. The contents of this envelope changed that entirely. At
the time of her murder, Vicki Wegerle’s driver’s license had been taken. The envelope
sent to the newspaper contained a photocopy of her driver’s license, three photocopied photographs of the crime scene, and a hand-drawn BTK symbol. Additionally,
the text string in Figure 1 was included at the top of the page.
This article is not subject to United States copyright law.
Address correspondence to Jeanne Anderson, Federal Bureau of Investigation, CRRU,
2501 Investigation Parkway, Quantico, VA 22135, USA. E-mail: [email protected]
204
Breaking the BTK Killer’s Cipher
205
Downloaded by [110.3.244.32] at 22:53 09 August 2013
Figure 1. Ciphertext submitted in 2004 letter to the Wichita Eagle.
The Federal Bureau of Investigation’s (FBI) Cryptanalysis and Racketeering
Records Unit (CRRU) received copies of this text string shortly after the handoff
from the Wichita Eagle to the Wichita Police Department. CRRU cryptanalysts
worked tirelessly on this potential cipher, but to no avail. At the time of this letter,
the BTK killer had only seven known victims, so it was theorized that the ‘‘7’’ could
refer to known victims, and the ‘‘14’’ could refer to the total number of victims,
known and unknown, or to the BTK killer’s total intended victims. With no
additional information available and all attempts leading nowhere, work on this
potential cipher moved no farther than these theories.
In 2005, in a series of exchanges between the BTK killer and the police, BTK
asked if floppy disks were traceable or if he could use them to communicate anonymously. Police cryptically replied that ‘‘it will be OK’’ [3]. The BTK killer, though
later shocked that police would dare to deceive him, proceeded to send a package
containing a floppy disk to a Wichita television station. Once passed to the police,
metadata easily recovered from this disk provided the name ‘‘Dennis’’ and association to a Lutheran church [1, p. 319]. A quick Internet search yielded a deacon
in this church named Dennis Rader (Figure 2), his address, and that his family
owned a black Jeep similar to one observed on a surveillance camera during one
of his message drops. Investigators went a step further to confirm his identity; they
received positive results after testing DNA evidence from the BTK crime scenes
against DNA from Rader’s daughter that they had obtained via subpoena. Soon
after this, in May of 2005, the police took Dennis Rader into custody. He proceeded
to confess to 10 murders and provide graphic details about each. Rader is currently
serving 10 consecutive life sentences in prison, one for each of his victims [3].
It was not until Dennis Rader’s interrogation that the first clues emerged regarding the still unsolved 2004 cipher, yet even with those clues, it remained unbroken.
During the interrogation, investigators requested that Rader decipher the message.
Figure 2. Dennis Rader. (Source: http://en.wikipedia.org/wiki/Dennis_Rader; accessed 2
January 2013.) (Color figure available online.)
206
J. Anderson
Downloaded by [110.3.244.32] at 22:53 09 August 2013
He tried but failed. Rader filled up sheets of notebook paper attempting to solve his
cipher, but despite being the author of the message, Rader could not remember how
to decipher it. He maintained that it was enciphered using a ‘‘German Fraction
code’’ from World War II he had learned during his four years in the Air Force.
He further claimed that the message, when deciphered, would read, ‘‘Let Beatty
[sic] know for his book’’ [2, p. 235] and used the keyword ‘‘PJ Piano.’’ Rader referred
to his murders as ‘‘Projects,’’ which he abbreviated ‘‘PJs.’’ ‘‘PJ Piano’’ referred to
Vicki Wegerle’s murder because Rader said he heard her playing the piano when
he entered her home to murder her.
The FBI’s cryptanalysts now had what should have been more than enough
information to piece together Rader’s system:
Ciphertext:
Alleged plaintext:
Alleged key:
Alleged system:
GBSOAP7-TNLTRDEITBSFAV14
LET BEATTY KNOW FOR HIS BOOK
PJ PIANO
German Fraction code
FBI cryptanalysts identified the bifid cipher as a very likely possibility for the
‘‘fraction code’’ that Rader referred to. David Kahn traced the origin of the bifid
cipher system to Félix Marie Delastelle’s book, Traité Élémentaire de Cryptographie,
published in 1902. Kahn described this as a ‘‘fractionating system’’ [4, p. 242–243], a
name that Rader could easily have altered to what he called a ‘‘fraction code.’’ Years
later, despite devoting countless hours to the cipher, little progress had been made.
With all this information, the fact that the system still had not been pieced together
made it clear that something or someone was wrong.
In 2012, CRRU received a copy of one sheet of the BTK killer’s working notes
found after his arrest in what Rader referred to as his ‘‘mother lode’’ [3]. This single
piece of paper would provide all of the information needed to finally put this cipher
to rest. The note showed not only the effort Rader expended to encipher his message,
but also revealed the mistakes that had been made throughout the encipherment and
transcription process that had caused the solution to the ‘‘GBSOAP7TNLTRDEITBSFAV14’’ cipher to elude cryptanalysts for so long.
The mother lode note proved immediately that CRRU had been correct in the
conclusion that the bifid system had been used. To encipher a message using a bifid
cipher, one first creates a Polybius square, or checkerboard, and then obtains coordinates for the plaintext message using this matrix. An additional layer of complexity
can be added in creating this matrix by using a keyword mixed alphabet.1 Figure 3
shows Rader’s matrix from the mother lode notes.
This matrix uses keyword ‘‘PIANO’’ and combines J=K rather than the I=J combination used in most Polybius squares. As seen in Figure 3, Rader erred in combining
X=Y; Y stands alone in the next cell. Using a bifid cipher as intended next involves
compiling coordinates for the plaintext message. For example, using the Figure 2
matrix, the coordinates for ‘‘PJ PIANO’’ should be ‘‘1=1, 3=3, 1=1, 1=2, 1=3, 1=4,
1=5.’’ Rader’s next deviation from the standard bifid system was in reversing the
coordinates. Rather than using standard row=column order for the coordinates,
1
The CRRU had tried several matrices, keying them with ‘‘PJIANO’’ (rather than PJ
PIANO, since P should only be used once in the matrix), PIANO, BTK, etc., the matrix used
to encipher the ‘‘GBSOAP . . . ’’ cipher was among those tried.
Breaking the BTK Killer’s Cipher
207
Downloaded by [110.3.244.32] at 22:53 09 August 2013
Figure 3. Matrix for the BTK killer’s bifid system.
Rader wrote them as column=row coordinates. Therefore, using Rader’s system, the
coordinate listing above would be reversed to yield ‘‘1=1, 3=3, 1=1, 2=1, 3=1, 4=1,
5=1.’’ Figure 4 shows Rader’s working notes as he compiled the column=row coordinates for the plaintext ‘‘PJ PIANO.’’
Figure 5 shows step-by-step encipherment of ‘‘PJ PIANO,’’ described as follows.
Once the coordinates are compiled as in Figure 4, the bifid system indicates that they
should be read in pairs horizontally, left to right, with the top set of coordinates (in
the BTK’s system, column coordinates) followed by the bottom set (here, row coordinates). When read in pairs, the new ‘‘PJ PIANO’’ coordinates become ‘‘1=3, 1=2,
3=4, 5=1, 3=1, 1=1, 1=1.’’ These new coordinates are then referenced to the original
matrix to produce ciphertext. Using Figure 3’s matrix, these coordinates (read
column=row) become ‘‘GBSOAPP.’’ The first portion of the ciphertext sent in 2004
to the Wichita Eagle read ‘‘GBSOAP7,’’ thus showing Rader’s next mistake. With
this first portion of the intended plaintext message being ‘‘PJ PIANO,’’ it is clear that
Rader was adding a checksum of sorts to remind him how many characters he enciphered. The ‘‘7’’ refers to the seven letters in ‘‘PJ PIANO.’’ Rather than transcribing
Figure 4. BTK compiling column=row coordinates for ‘‘PJ PIANO,’’ the first portion of his
message and his code name for Vicki Wegerle’s murder. (Color figure available online.)
Figure 5. Step by step encipherment of ‘‘PJ PIANO’’ using Rader’s system.
Downloaded by [110.3.244.32] at 22:53 09 August 2013
208
J. Anderson
the correct ciphertext, however, Rader omitted one of the ‘‘P’’s and ‘‘GBSOAPP’’
became ‘‘GBSOAP,’’ only six characters. It is clear that the second ‘‘P’’ is essential
to breaking this message, as reversing this system using the ciphertext BTK provided
yields ‘‘VAGIAN,’’ rather than the intended ‘‘PJ PIANO.’’
The second portion of the enciphered BTK message, separated from the first
portion by a hyphen, involves similar missteps by Rader. In following his system to
encipher ‘‘LET BEATTIE KNOW,’’ Rader should have used the Figure 3 matrix
to find his column=row coordinates and then compiled all the column coordinates
sequentially followed by all of the row coordinates. Instead, he ran out of room on
his notes sheet and wrote his message in two lines, as shown in Figure 6. He compiled
the first line’s column coordinates, the first line’s row coordinates, and then the
second line’s column coordinates and the second line’s row coordinates.
One would have had to know the exact line-by-line breakup that Rader used when
writing the plaintext message in order to cryptanalyze it successfully. Using this two line
message breakup, the new coordinates Rader created were as follows: ‘‘4=4, 4=1, 4=3,
4=4, 2=4, 3=2, 4=2, 2=1, 4=4, 1=2, 3=4, 5=2, 3=1, 1=5.’’ Using the Figure 3 matrix, this
ciphertext becomes ‘‘TNLTRDEITBSFAV.’’ The final ‘‘14’’ is meant to be the checksum for the 14 characters of the message ‘‘LET BEATTIE KNOW.’’ This portion’s
checksum matches the number of ciphertext characters, as Rader did not err by omitting
anything from this portion as he did in the first section. Using the correct system and
key, but without knowing Rader’s line-by-line breakup, the message would have
decrypted to ‘‘ENTQNDLTWE(J=K)INW.’’ Had Rader extracted his new coordinates
by considering the entire message’s column coordinates and then row coordinates,
rather than line-by-line, the correct ciphertext for his plaintext message would have been
‘‘TNLTRSFDEITBAV.’’ While this contains the same letters, their transposed order
produces a completely different message when decrypted. Some might suggest that
Rader intended to make the system more secure by intentionally breaking up the message into a period of 10 (in this case, a period of 10 would explain the line break after the
first 10 ciphertext characters); however, in analyzing the entirety of his working notes, it
is clear that he does not remain consistent with a period of 10. His notes indicate that he
did indeed run out of room on the paper, and it was this that prompted the line break.
This is further confirmed as he later attempts to continue the message as one continuous
stream, rather than in the 10- and four-letter portions he previously enciphered.
Despite being unable to decipher his own ciphertext, Rader seemed to view this
as an obvious system with a message that should have been read immediately. In
Figure 6. BTK compiling column=row coordinates for the second portion of his message.
Breaking the BTK Killer’s Cipher
209
Table 1. Comparison between alleged details from the interrogation and actual
details as proven through the mother lode working notes
Alleged
Actual
Downloaded by [110.3.244.32] at 22:53 09 August 2013
Ciphertext GBSOAP7-TNLTRDEITBSFAV14 GBSOAP TNLTRDEITBSFAV
Plaintext
LET BEATTY KNOW FOR
PJ PIANO LET BEATTIE
HIS BOOK
KNOW
Key
PJ PIANO
PIANO
System
German Fraction Code
Bifid Cipher
retrospect, Rader’s multitude of errors in enciphering and transcribing his message
help explain why his ciphertext was not broken sooner. With differences between
the alleged and actual plaintext and key (Table 1) in addition to Rader’s flawed
work, the working notes obtained from Rader’s ‘‘mother lode’’ were essential in
reconstructing the system the BTK killer used. Though the content of the plaintext
message turned out to be similar to Rader’s allegation, verifying this was highly
important. While Rader was taken aback when law enforcement tricked him into
providing information on a disk, lies from a serial killer would be significantly less
surprising. Dennis Rader’s exhaustive confessions turned the details of his killing
spree into public record which law enforcement verified; now, the contents of his
enciphered message are also public and verified.
Acknowledgements
This is publication 13-04 of the Laboratory Division of the FBI. The views expressed
in this article are those of the author and do not necessarily reflect the official policy
or position of the FBI or the U.S. Government. This work was prepared as part of
their official duties. Title 17 U.S.C. 105 provides that ‘‘copyright protection under
this title is not available for any work of the United States Government.’’ Title 17
U.S.C. 101 defines a United States Government work as a work prepared by an
employee of the United States Government as a part of that person’s official duties.
About the Author
Jeanne Anderson studied mathematics and economics at Georgetown College and
Oxford University. She is currently a cryptanalyst in the Cryptanalysis and
Racketeering Records Unit of the Federal Bureau of Investigation.
References
1. Beattie, R. 2005. Nightmare in Wichita. New York: New American Library.
2. Douglas, J. and J. Dodd. 2008. Inside the Mind of BTK: The True Story Behind the
Thirty-Year Hunt for the Notorious Wichita Serial Killer. San Francisco: Jossey-Bass.
3. Hansen, M. 2006. ‘‘How the Cops Caught BTK,’’ ABA Journal. http://www.abajournal.
com/magazine/article/how_the_cops_caught_btk/ (accessed 6 November 2012).
4. Kahn, D. 1996. The Codebreakers: The Comprehensive History of Secret Communication
from Ancient Times to the Internet. New York: Scribner.