Written on July 8, 2010 at 12:43 pm by

CYBERCOM’s Secret Code Demystified

Filed under Education & Culture, Technology {29 comments}
USCYBERCOM Logo

Click for larger image.

By Petty Officer 2nd Class Elliott Fabrizio

Did you know there is a secret message in U.S. Cyber Command’s logo?

A close inspection of the logo’s inner gold ring will reveal this 32-character code: 9ec4c12949a4f31474f299058ce2b22a.

A Washington Post headline asks, ‘Can you crack the Cyber Command code?’, and Wired.com offers a free t-shirt to the first one to accurately crack the code.

With that incentive, guesses poured into Wired.com’s comments bar. People guessed everything from “in God we trust” to “Soylent Green is people”. Well, I cracked the code, but you can keep my t-shirt. (Wired.com shirts aren’t exactly babe magnets.)

The code is Cyber Command’s mission statement:

USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

The encryption uses an old message-digest algorithm, called MD5, created back in 1991. You can create MD5 hash from any string of 256 characters or less. In short, you can make one of those 32-digit codes (MD5 hash) from anything ranging from the word “apple” to an elaborate mission statement.

As much as I wish the opposite, I’m no genius for figuring it out. This isn’t exactly the Da Vinci Code. Nobody wake up Tom Hanks. As usual, the Internet does all the work for you.

Running an internet search for an MD5 de-crypter will essentially take you to a free website that does just that. Punch in 9ec4c12949a4f31474f299058ce2b22a. Searching for an ‘MD5 hash generator’ will let you reverse the process or make exciting new codes with your friends.

A Cyber Command official confirmed that the code is their mission statement and said this code is simply part of the symbolism in the logo and not a secret, a contest or a trick.

“The computer code ties the command back to the early days of computer networking,” said Cyber Command’s Public Affairs Officer Lt. Cmdr. Steve Curry.

U.S. Cyber Command centralizes the Defense Department’s Internet operations and provides the capability to combat cyberspace threats.

Code cracked, case closed and maybe I will take that t-shirt now.

  • Raikia

    “Punch in 9ec4c12949a4f31474f299058ce2b22a. Searching MD5 hash generator will let you reverse the process or make exciting new codes with your friends.”

    MD5 hashes cannot be “reversed”. It is a one way algorithm that may either be brute-forced (every permutation tested), or a hacked via “lookup” (involving anything from comparing the hash with a hash of a known plaintext word, to rainbow tables).

    Someone had already plugged in the mission statement into whatever website you used to “decrypt” the hash and it just compared the known hashes.

  • Rsisk1101

    I with Raikia calling BS on this one. I run the text through the MD5 algorithm and come out with a different hash. I would have thought the hash would have been the same, otherwise what’s the use of the hash? Anyway, I’m stumped why a Cyber Command official would confirm the answer, oh wait, he’s anonymous so it cannot be confirmed. *facepalm*

    Normal Text: USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.
    Md5 Hash: b3d67af54e4b6f541f932be3c053ac6f

  • Brad

    I’m no expert, so feel free to build on or debunk what I’m about to say, but: both of you are right and wrong.

    Md5 can’t simply be “converted” back to regular text with some formula etc. On the surface this would mean decrypters are BS – and they very well may be.

    However, the decrypters available online work through a database of pre-calculated strings stored with their original text. Using one of these databases, one would find that the text has been stored by someone to match that code.

    Thus, while it isn’t a literal “conversion” to the original text, it’s still capable of producing it should someone have added it earlier.

    For those curious, the text you Have to enter:
    USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

    Be sure to use a generator that can handle the full text (several web-based ones only allow 255 characters), and be sure to copy that text Exactly: no spaces before or after the paragraph, as even THIS will avalanche the entire code into something else.

  • Elliott

    That last comment blinded me with science. If you want to see for yourself you can punch the code on the logo (9ec4c12949a4f31474f299058ce2b22a) into this site: . Then if you so choose, you can take the mission statement and encrypt it again on this site: . Don’t be afraid to copy paste, because when encoding text into MD5 hash changing even capitalization will produce a different code. So, there is a different code for “hello there” and “Hello There”. Now if you want you can decrypt this code for a message and a throwback to the 1983 classic A Christmas Story. 4bcd81a2c77fef2fe908763ff712f83f.

    Very respectfully
    MC2 Fabrizio

  • http://jibenow.com/brianfactor B

    Uh, guys, they’re using the 32 bit md5 hash. Maybe that’s why you got something else. Oh, and an md5sum, as I understand it, is also different.

    Here’s the decrypted I used:
    Got the same thing John did.

    Also ran it the other way through this:

    Worked both ways because md5 hashes FOR STRINGS can be reversed. Now and md5sum FOR A FILE or something of considerable length can’t. That’s because reversing an 8 bit character has very few permutations.

    ><> B

  • MaggieL

    Dayum. MD5 *Website*?

    None of you Sierra Hotel cryptoguys have Linux?

  • Matthew Williams

    I tried this yesterday and got a different hash. I copied and pasted the Mission Statement from the US Cyber Command Fact Sheet, which had an extra comma when compared to the Mission Statement above:

    From the fact sheet:
    USCYBERCOM plans, coordinates, integrates, synchronizes, and conducts

    From this article (and presumably, some other source):
    USCYBERCOM plans, coordinates, integrates, synchronizes and conducts

    I wanted that t-shirt :(

  • http://www.defense.gov Kyle Hill

    Nerdy comment of the day from a Department of Defense web developer:

    Raikia is mostly right. Unless you’re running a network of supercomputers (and I’m sure we’ve got some lying around), it’s impossible to properly brute force-decrypt the message from an md5 hash, since the hashing process itself removes a lot of the message’s content. You would have to simply try every single combination of text as the message, from just one character out through millions and billions, in order to find one that produces the hash you’re looking for.

    However, decrypting md5 hashes using methods such as “rainbow tables” can work a little better, which is why the US military and our intelligence agencies have moved away from that particular protocol and towards more secure, modern ones for our important data and communications.

  • NA

    Elliott,

    md5decrypter.com is a database of hashes, and not an actual decrypter.

    To prove the point, allow me to challenge you with this hash:

    e5baf1859e944b21e770b497a6b1fe8e

  • John

    Not a decrypter but a database. Someone previously typed the mission statement into MD5Encrypter.com and stored the statement and code in a table for future reverse lookup.

    “MD5Decrypter.com allows you to input an MD5 hash and search for its decrypted state in our database.”

  • David

    I think the point they were trying to make, Elliott, was that the only reason you can decrypt it on md5decrypter, is because somebody has already encrypted it on the same site. It’s not actually “decrypting” anything, that’s just a name. It’s simply comparing what you enter to a database of known strings. To test it yourself, invent a new sentence on another encrypter (eg, ). No common phrases, something new and different. I used, “we don’t live in a yellow submarine”. Take the resulting md5 key to md5decrypter and enter it. It will come back unknown, because it hasn’t been encrypted on their database. Now, go to the encrypter tab on the same site, and enter the same original sentence. It will provide you with the same md5 key, and now it will show up in the decrypter as well. It’s just a database. There are no real md5 decryption sites out there, they all just compare to their own databases of already known results.

  • Vince

    Elliot,

    The reason you were able to decrypt it on that website is because someone added it to their database (probably while checking the text as part of the contest).

    There’s no way to take a MD5 and “decrypt” it. You can only match it with precomputed hashes.

    For example I’ve taken this line in your article: “Code cracked, case closed, and maybe I will take that t-shirt now.” and hashed it with MD5.

    The hash turns out to be 0a510e72ce3abf6c7d5857f79fb63faf. Now if I try to run this on the so called “decrypter”, then you get the error message “A decryption for this hash wasn’t found in our database”.

    Why, because they haven’t computed the hash to these random sentences. So it’s not really decrypting the hash and if it wasn’t for someone adding it to the database (which by chance happened because everyone was feverishly trying to win this contest) you would not have been able to decrypt it on the website.

  • Mark

    I took the mission statement, being very careful to select only the text, ending period and no quotes before copying and pasting to a web MD5 hasher. Got the exact value as in the logo. Just one bit of difference would change the hash result. Nothing too sinister. Really just an inside joke. But if they can put it on their logo then they’ve got the right stuff in my book.

  • Eddie

    I agree, to create the same MD5 hash, you MUST have the EXACT SAME SALT VALUE as the ones that created the one used in the logo.

    That is why running it through an encrypter shows a different value.

    I would also suspect that they may have even had CR or CRLF pairs in the text, too.

  • Mike

    Elliott, your technique of using google is only possible because the hash has been cracked and added to the database. It had to have been, at one time, cracked. MD5 hashes (or any hash for that matter) is extremely difficult to solve when there are no databases that contain the given hash (this is usually the case). Please educate yourself before posting. Read here:

  • solar

    Without a newline I get 6c4a71daddd2edd690bac6d3d2018a15 and with the newline I’m also getting 5a7a7c3fa0be751ed3350bb5184623ee

    Linux host so no \r either.

    Elliott Fabrizio please back up your statement that “Well, I cracked the code”.

    If html formatting is the problem, then please post a raw file that matches the exact 32 char md5sum.

  • Elliott

    I’m excited to see this much buzz about my first tech blog, especially from so many people much more computer savvy than myself. Certain posts demand I retract taking credit for cracking the code, and of course I will. Everybody now knows it was Jemele Hill the wired.com contest winner, or perhaps it was it Sean-Paul Correll, the Panda Security Researcher. Multiple stories circulate. I only took credit jokingly. All I really did was independently decipher what the code was using my computer skills, limited as they may be. Through this blog I’ve learned more about MD5 hash than I’d ever really wanted to know, but I sincerely appreciate all the cyber experts taking time to both school me and set the record straight on alpha numeric message digest encryptions. The main point I wanted to get home is there is a unique element in the Cyber Command Logo, and it represents a throwback to early days of Internet coding while embedding the command’s mission statement into the logo at the same time. Well played CYBERCOM.
    Very respectfully,
    MC2 Fabrizio

  • http://myhoustonlocksmith.com Houston Locksmith

    Man, this is really hard to do!
    How about an easier code?

  • http://itrogran Trograncic Ivan

    Person who invented that play is good enough to project a plan how to discover terorrists in Afghanistan etc,,,by installing small autonome dissimulable cameras near roads and points: full contacts 24 hr with an “air reader controling their site images and having their position”. If someone takes the gadget nice small camera…air reader controler will locate new site of location. Camera will not have any movable-complicated piece…it will be just a window-view at many places night and day. As small as possible not reflecting on sun and no condensation on view-eye part. Medal for invention and award for modern technics gadget-assistance in army. Sizes…max golf ball. Ready?Go!

  • Alpha Bravo

    Normal Text: The impossible just takes a little longer.
    Md5 Hash: 3b3a1387127082b1f5ccbe50a82f665d

  • Neo

    Lol I cant believe a government website linked to this blog with invalid information. Like everyone said, md5 is a one way hashing algorithm. To reverse it you must apply brute force algorithms in combination with other tools. The only way to check if the mission statements hash is: 9ec4c12949a4f31474f299058ce2b22a, is to run the mission statement through a MD5 hash generator. I ran the mission statement through php’s md5() function and got the hash on the logo.

  • D@nzFreak

    The answer to the code are IP’s of 4 servers which are filtered, 1 from Czech, another from korea, from US, and UK

  • aqfj

    C4I AF NQK SMI HQ

  • aqfj

    9ec4c12949a4f31474f299058ce2b22a
          ↓

          ↓
    USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to:
    direct the operations and defense of specified Department of Defense
    information networks and; prepare to, and when directed,
    conduct full spectrum military cyberspace operations
    in order to enable actions in all domains,
    ensure US/Allied freedom of action in cyberspace
    and deny the same to our adversaries.

  • http://www.itcomputerservers.com Servers

    Here's me doubting it would have taken alot longer to crack without a.MD5 convertor, eh!

  • 5uit

    check out 42.93.F8.6E for another fun code to break.

  • Proforma7i

    32-bit, the exact number of characters in the inner gold ring. This is an encrypted four-batch of bytes, that refer to the platform computer that generated the seal, graphically, and with text. Not quite Enigma, but without decryption, the message is impossible to decypher.

  • http://www.podiumsigns.com Podium Signs

    Is the t-shirt still available?

  • http://www.mactonweb.com seo bangalore

    A very good blog, thanks for updating.

Connect to Facebook
Facebook		 Connect on Twitter
Twitter		 Email
Email		 Subscribe to Blog Posts
Blog Posts		 Subscribe to Comments
Comments

AWS Twitter Feed

Facebook