Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for June 16th, 2018

Who’s Ian Smirlis or Giannhs Smyrlhs and Why Were They Hosting and Domain Owner of cicada3301.org in 2015?

leave a comment »

From Reddit /r/cicada3301:

  • On April 19, 2015, cicada3301.org went live, displaying the ASCII Cicada emblem seen in some of 3301’s tor sites and a countdown clock heading to August 17 2015, 10:33 AM, calibrated to the user’s clock. The metaheader of the countdown page reads “Willkommen” – ‘Welcome’ in German.
  • Upon reaching 0, most people report that the clock begins counting back up from 10:33 on August 17. (This is the case for this author.) It is unclear if this is intended or a default function of the basic countdown script used.
  • The index loads only for certain users – for those unable to view the index, see these screenshots. (imgur link)
  • Besides the index, there are four pages in the site’s navigation: an overview of the Gematria Primus, a description of the “technomystical” Cicadian order who hold 3301 sacred, the entire translated portion of the Liber Primus, and a description of Cicadian “broods” (which seem akin to congregations.)
  • No part of the site’s HTML or Javascript seems unusual in any significant way, though further investigation may yield some break on this front
  • No PGP has been found anywhere on the site.

Lately I have been in a mood to look into the more darker and deeper corners of the darknet and one of the more interesting goups/puzzles/mysteries is the Cicada3301 group. While I was messing about with the Liber Primus and such, I decided to poke around cicada3301.org, which was a domain and site that popped up in 2015 and purported to be a part of the whole thing. It has been determined by Redditor’s that this is a fake site not part of the official 3301 and later on in fact 3301 said that all messages will be signed with a pgp key, and this site did not have it as far as I know. So this site is ostensibly just someone who is enamored with the whole thing or, maybe, someone affiliated. If you look at the site you can see some content that makes me wonder if they aren’t somehow a part of it. One of the things that I kinda key on is the whole “brood” discussion, but I could just be a bit crazy and not know when the term first came out in the public eye after one of the solvers talked about how cicada3301 is alleged to work as a group with “broods” of intelligent individuals working for the higher ups doing… “things”…

Wayback cicada3301.org_1

Wayback Cicada3301.org_2

Anyway, having stumbled on the site because I have not been paying close attention all these years, I decided to take a look at this site in Domain Tools because the Redditor’s seem to lack an account on this service. What I was able to determine was that the site was originally started/owned by a guy named Ian Smirlis, or Giannhs Smyrlhs out of Athens Greece. Now, this is interesting because once I started digging in on the names and the email address I started to find some odd things about our pal Ian.

Screenshot from 2018-06-15 16-21-13

Ian Smirlis is a kind of enigma on his own. Looking online for traces of the name you only come up with a few and what you get are, well, odd. For starters, one of the first hits you get is for a YouTube channel that he has out there. When you look at that channel you see five uploads and not much else. In fact, when you look closely, there is no bio page at all. Nothing else about this channel leads you to any further information about Ian at all. No favorites, no comments, no email address, nada. Now, if you look at the videos he has uploaded the first one in the group turns out to be the most interesting of the lot, save for a weird interest in “The Elephant Man” that he has. The first video is called “SCIgen talk

The SCIgen talk is the story about three MIT students who “fooled the world of scientific journals” using a program called SCIgen which is a paper generator intended to fool CFP judges and audiences. The video is really funny and the article linked here is a good read. Clearly these MIT kids are tricksters and it turns out that all three of them are now working in the tech area with jobs that concern information security and encryption technologies. It certainly is funny to me that this Smirlis character, also in the software and engineering field has their video as a direct upload to his pretty information free YouTube channel.

Watch the video and see just how amused these guys were with pulling off the talks they did with at least one audience member in attendance. However, ok, you might say, what do these guys have to do with Cicada3301 and this Smirlis guy’s alleged fake Cicada site? Well, if you look deeper at the article linked above about how these MIT guys fooled the establishment, there is mention at the bottom of the second gen of the SCIgen program called SCIpher that will steganographically hide messages in “innocuous scientific conference advertisements

ORLY?

Gee, isn’t there a lot of hidden messages in the whole Cicada3301 thing? Oh yeah, there are. In fact, to me this all seems to click a bit. I mean, these guys took on the scientific establishment and, well, they all have the chops to pull off a lot of what we have seen in the Ciacada3301 arc right? Also, what if a group of MIT students, not content to fool with the scientific community decided to move on to bigger and better things by fucking with the “internet” with hidden messages and a story line to get some giggles? It does kinda sound like an MIT prank in a way to my mind.

…But back to Ian Smirlis…

The thing that keyed for me is that maybe this guy isn’t real or that the name was an anagram. I spent some time on that idea and so far he seems real enough but still kinda sketch. The other name on the domain registry definitely turns up even less on the net. Giannhs Smyrlhs has a Google+ page and not much else on the Goog. He has some followers and I went down that rabbit hole a while and decided it was chaff.

Alrighty then Giannhs…

So, what am I left with here? Well, I find it interesting that these characters are so sketch and that but for a fuck up on the domain reg, the site would have remained anonymous unless you pay Domain Tools a chunk of dough for the service to look at historical WHOIS.

TAKE THAT GDPR!

The connections with the MIT guys and the whole SCIpher and SCIgen thing also kinda makes me wonder. Also, the fact that there is so much mythos around the Cicada in Greek history as well kinda makes me wonder. See for yourselves if you feel like reading up:

Cicada’s in Ancient Greece: Orkin

Cicada Mythology: Wikipedia

All of it is interesting to say the least. Whoever Smirlis is, whatever he is up to, he is pretty serious about Cicada3301 at the very least. Now with these other clues, I just wonder if he is somehow involved or has some knowledge and is tipping the hat ever so subtly to the MIT guys on this one…

Just something to make you go HMMMMMMMMMM….

K.

UPDATE: I got an email from Ian and well, he says he has nothing to do with Cicada3301, he was only interested in it and wanted his information taken down. I have smudged out his personal info from the WHOIS image but the post stands.

K.

UPDATE 2: So I was in the darknet looking at Hunchly’s scrape of urls and came across the following address: http://honmnaapxzpk2rg7.onion/blogs/3301.html on there I see at the bottom of the page something interesting…

Screenshot from 2018-06-26 09-40-00

Whaaaaat? Some rando guy in the darknet is saying that 3301 is really a group of MIT students who wanted to play with people and ciphers…

NO. WAY.

UPDATE 3: Sooooo it turns out the snippet I found in the darknet is paralleling a post on Reddit two years ago by someone named “Dave” The post was made on Reddit 1/7/17 and was deleted soon after (comments are here)

Screenshot from 2018-06-26 10-15-59

So what Dave is saying here in 2017 is that Cicada was 4 guys from MIT who decided to troll the internet and it got outta hand. Gee, why does that sound familiar? Oh yea, I said as much by looking into this fake Cicada site and the links to the three MIT guys video that Smirlis made.

Please note I came to this independently and am now finding out more by looking at links sent to me by Switch’d on Twitter. It also is interesting that Smirlis posts the link to the video of the MIT students troll in 2014.

Screenshot from 2018-06-26 10-26-13

Does this mean Smirlis knows something or that he was making a guess? Does it mean that he is “Dave” ?? It is amusing to see all the comments where people are like “NO WAY MAN, THIS IS ILLUMINATI LEVEL SHIT!”

But wait, now can anyone confirm the vulnerabilities that Dave speaks of in the pages that they put up? Also, it makes TOTES sense they would use a VM for all this and that it all gets out of hand so they back off.

All I have to say is that this is all rather interesting. Especially since we have not seen the Cicada for a while. Oh, and yeah, in my traversing the players here I also did come across a connections DeviantArt page and her drawings look kinda like the same hand as that which made the grand grimoir “Liber Priumus” so there is that too.

What do you guys think? I already know the Redditor’s thought rather little of my last post…

Evidence kinda mounts.

HEY DAVE! SPEAK TO ME!

K.

Written by Krypt3ia

2018/06/16 at 12:38

Posted in Uncategorized