“I Helped Solve the Final Zodiac Killer Cipher” – with David Oranchak

Andrew Hammond: Welcome to SpyCast, the official podcast of the International Spy Museum. My name is Andrew Hammond, the museum's historian and curator. Each week we explore some aspects of the past, present, or future of intelligence and espionage. If you enjoy the episode, please consider leaving us a five-star review. If you want to dig deeper into the content of the episode, you can find links to further resources, suggested readings, and full transcripts at cyberwire.com/podcast/spycast. Coming up next on Spycast.

David Oranchak: If we hadn't zeroed in on that, we would have lost that needle in the haystack because that was exactly one out of 650,000 different variations that produced even the slightest hint of the real solution of the 340.

Andrew Hammond: This week's guest is David Oranchak. David was born in 1974, the same year that the Zodiac Killer wrote his final message to the world. Forty-six years later, David will be part of a small team of codebreaking enthusiasts who cracked the so-called Zodiac 340 Cipher because it had 340 characters. This was considered a holy grail in the world of cryptography. For almost 50 years, the message eluded even the best crypt analysts from across the field. Here's what you'll take away from this week's episode, the difference between codes and ciphers, how David and his team cracked the 340 Cipher, the cryptological methods used by the Zodiac Killer, why it remained uncrackable for so long, the effect the solving of the 340 Cipher had on the case, and the history of cryptography and its importance to intelligence, The original podcast on intelligence since 2006, we are SpyCast. Now sit back, relax, and enjoy the show. Okay. Well, thanks ever so much for speaking to me this morning, Dave. I'm really excited to talk to you, especially because you're a part of a team that helped to crack the seemingly uncrackable Zodiac cipher 340. Just to begin, can you tell our listeners are you a Zodiac guy who got into ciphers? Are you a cipher guy who got into Zodiac? Or is it a little bit of both?

David Oranchak: Well, actually, it's kind of neither --

Andrew Hammond: Neither. Okay.

David Oranchak: -- because my main interest was computer programming. You know, when I was a kid, I was fascinated with computers and kind of bringing them to life with computer programs and, you know, making games and graphics displays and interesting things like that. And so that kind of captured my imagination when I was young. So, when I grew up, I decided, okay. I'm going to become a computer programmer or software developer as a career path. And so that's kind of where my life had gone. And then in 2007, years into my software development career, and the Zodiac case had come into the news again because of the David Fincher film that had come out, which was, you know, his retelling of the Robert Graysmith book which had popularized the case back in the 80s. And I had seen the 340 Cipher mentioned as part of that and saw it on a website. I think it was one of these Zodiac-specific websites that had come up over the years. And then the cipher just intrigued me because it had been unsolved for so long. And it seemed like a thing that -- where the answer could possibly be within reach because of, you know, my computer programming background and my interest in puzzles. So I thought, hey. Maybe this is something that I could dig into. And, of course, it wasn't so easy.

Andrew Hammond: So how long were you working on it in total, then, until it was cracked? And was it December 2020?

David Oranchak: It was December 2020. I started looking at it around 2007. Let's see. What's that, 13 or 14 years approximately, working on it on and off as a hobby, you know, just picking it up where I could. And, yeah. There was a lot of effort going into collecting information about it and researching it, trying a bunch of experiments, communicating with other crypto researchers and Zodiac case researchers and so forth and trying to kind of sort through a lot of information and investigating that thing.

Andrew Hammond: And before we get into the team that you're a part of and you had the cipher in more depth, can you just tell us -- give our listeners a brief overview, the Zodiac ciphers, what are we talking about here? There's a certain number. There's ones that were solved. There's ones that are unsolved. There's ones that are recently solved. Just give them a sort of overview of what we're talking about here, please.

David Oranchak: Sure. So the Zodiac Killer was a killer that operated in Northern California in the late '60s. And nobody knows who he is still, to this day. There are thousands of suspects that have been looked at and so far nothing definitive about who he might have been. And he was initially attacking young couples in isolated areas, like lovers' lanes, where they would pull up in cars and late at night, and the killer would show up and attack them. There was another couple that was attacked during the day. They were having a picnic at Lake Berryessa, and they were attacked by the killer. After his first few crimes, he started to -- kind of a letter writing campaign where he was basically sending letters, like threatening letters to newspapers where he was kind of bragging about his crimes and taunting authorities, you know, saying that he couldn't be caught, he couldn't be cracked, and so forth. Then he sent a series of cryptograms in three parts to three different newspapers. And that cipher is known as the 408 cipher because, when you add up all three parts, it ends up being 408 characters long. And he had included letters with each one that basically said, Hey, newspapers. You better publish this on your front page. Otherwise, I'm going to go on a killing rampage. So he was trying to extort the newspapers to -- you know, to publish his letters and amplify his persona and get his name out there. I think he was really interested in seeing his name in the papers and getting all this attention for his crimes.

Andrew Hammond: And just briefly, did the newspapers publish them on their front page as he asked? 111 They did. They did. The papers did publish the ciphers. And then, within about three days, a school teacher named Donald Harden and his wife, Betty, had cracked the ciphers. And their solution was verified and sent to the authorities and so forth. And they use basically traditional pen and paper, you know, manual methods for cracking ciphers, much as people did with recreational cryptograms that would appear in newspapers and magazines in those days. So they used similar techniques of trial and error, looking for patterns. Just want to back up on a couple of things that you mentioned there. So I find the Lake Berryessa Zodiac killing, like, particularly chilling, as featured in the movie too. This is in broad daylight, as a couple that are just having a picnic like lovers all over the world. And Zodiac comes and, as I understand it, ties them up. And one of them goes on to live afterwards, but one of them dies; is that correct?

David Oranchak: That's right. Yeah. The man survived. And the woman I think died two days later. So she was alive for a little while. She gave some witness description of the attack, along with Bryan who will also gave his description. But they never really saw the killer's face because he was wearing this bizarre costume, the black hood. And he had, like, this tunic or cover on that had a -- his trademark, circle crosshairs, like circle cross symbol, which he had also signed his letters with. And then he also wrote on their car door the list of dates for their -- for his previous crimes. And that, too, had the crosshairs symbol.

Andrew Hammond: And you mentioned the man, Bryan. Is he still with us, or has he passed now?

David Oranchak: I believe he's still alive. I think he was an attorney for a while, and he may still be an attorney. I'm not sure. But, yeah. He's still around. And I think he had a cameo in the -- in the David Fincher film as well.

Andrew Hammond: He did. Wow. I don't know how you come back from that, and his girlfriend at the time watched him being stabbed in the back.

David Oranchak: Yeah. That's awful. It's difficult to contemplate. And that scene in the movie is hard to watch just how horrifying that must have been. And they were still alive. You know, he left them for dead. And somehow he managed to free himself and -- or they helped each other. I can't remember exactly. But he managed to get loose and, like, crawled his way back to the road and got help.

Andrew Hammond: And I love the story of the schoolteacher, the husband and wife couple that had cracked the 408 cipher. The women could guess that it would probably start with the word I and continued from there. This is a -- this is a great story.

David Oranchak: Yeah, it is. It's one of the unique aspects about this case is how it kind of encourages everyday people to get involved with the investigation because there's so much material out there. There are the letters, the ciphers. Now the police reports are available. There's a lot of information out there particular to this case, and it gives a lot of material for people to dig into. And with the Hardens, I believe Donald gave his wife a lot of credit because he was ready to give up on it. And she was very persistent and kept trying different ideas. And, like you mentioned, she had these insights about how he might be starting out the message and guessing what he would be writing about. You know, obviously, he'd be writing about his crimes. So that was important to kind of get into the mindset of the killer in order to come up with the solution to the cipher. And over the years, as people have been trying to solve the 340, they've used that technique to different degrees. And in a lot of cases, they end up with the wrong answer because it turns in kind of -- to kind of a creative writing exercise where they project what they think the killer might be saying. And then they try to manipulate the cipher so it can kind of support their -- their hypothesis or theory about -- about what it might be saying. So if there's a difficult -- a difficulty in in codebreaking, where you want to get into the mindset of who's writing the message, but you also need to use proper methods to show that your work is correct.

Andrew Hammond: And I want to go on to the difference between the 408 cipher and the 340 Cipher and also the techniques that were used to -- to unpack them. But I think before we get there, if we could just go over very briefly -- go over a couple of terms of art, just before we begin. So you mentioned cryptogram. What is a cryptogram?

David Oranchak: So a cryptogram is typically just a way of hiding a message using a simple technique. Most of the time, it's using what's known as substitution. So a substitution cipher is basically where you take a plaintext message, you know, normal bit of text; and then you replace each letter with a different letter symbol. So you just have a -- what's known as a key, which tells you which symbol or letter is assigned for which letter from the original message. So that's simple substitution, and that's probably one of the most common types of cryptograms. The other kind that's very common is what's known as transposition, which is where, instead of just replacing symbols or replacing letters with symbols, you're changing the reading order in a predetermined way that usually follows a simple rule like, for instance, writing a message out in columns and then reading it out in rows. So you end up with something that looks like random text. But if you reverse the process, you'll come back to the original message. So it's kind of a way of hiding a message using a simple rule.

Andrew Hammond: An example of that would be the Caesar cipher that we discuss at the museum where, you know, you have an alphabet, and then you have an alphabet underneath it that maybe starts five letters later. So A is G, B is H, those types of things.

David Oranchak: That's right. Yeah. Caesar cipher is one of the oldest cryptographic methods, and it relies on a simple shift, where you just shift the alphabet by a certain positions and write it underneath the original alphabet. That makes it easy to reconstruct the key. So all you have to do is tell the recipient, we're using a shift of 10, for instance. And then they can go, okay. I only have to write you know, the shifted alphabet by 10 characters underneath, and then I've got my key to decrypt the message.

Andrew Hammond: And a code is different. So a code, like, for the Culper spy ring. So the civilian spy ring set out by George Washington in the American Revolutionary War, George Washington as Agent 711. So that's not necessarily replacing G-E-O-R-G-E. He's referred to as Agent 711 rather than the -- rather than having a cipher; that's correct?

David Oranchak: Right. Yeah. Cipher tends to refer to where you replace individual units like letters and sometimes even pairs of letters, fragments of text, whereas code tends to be larger units that you're replacing like entire words or phrases, names and important numbers and things. And those tend to be -- those tend to involve larger keys, so to speak, where the key could be like an entire book, where you have to look up, you know, the substitution from a -- from a big list of words and phrases. And those can be very difficult to crack if you don't have that book because of the size of the -- of the number of substitutions.

Andrew Hammond: And sometimes you can combine both the ciphers and the codes. I'm thinking of JN-25, the Japanese naval code that they used in the Pacific, and that was both a codebook and used ciphers as well to make it doubly difficult to try to understand what was actually going on.

David Oranchak: Right. Yeah. And the -- one of the greatest challenges there is to just identify the system being used because, if you have a piece of encrypted text and you don't know what the system is, you're going to have a lot of difficulty figuring out what strategy to use to exploit any weaknesses in all the existing systems. Or if it's just a substitution cipher, then there are lots of weaknesses that you can take advantage of. But if there's a mixture of all of, like, ciphers and codes together, then you have to be very careful about distinguishing those components of that scheme and -- and coming up with the appropriate attack.

Andrew Hammond: To help you digest this episode, here is a brief interlude on the term crypt, which is usually a prefix or woven into a word, as in cryptocurrency and encrypted. It derives from the Greek kryptos, and it is usually associated with secrecy, hiddenness, and concealment. Think of cryptofascist or cryptocommunist. A cryptogram is a text written in code, cryptogram. Encrypted means to turn a plain message into a secret, hidden, or concealed message. More properly, to turn plaintext into ciphertext. Decrypted is the reverse. They turn ciphertext into plain text, that is, they turn a hidden message into a plain message that we can read. Cryptography is the art and science of encryption. Cryptanalysis is the art and science of decryption. Cryptology, meanwhile, refers to both cryptography and cryptanalysis and really all the associated systems, machines, people and history. More modern terms that we have are cryptocurrency, which received its name because it's an alternative currency that uses encryption to verify transactions. And a cryptid which is a creature whose reported existence is unproved. Think of Bigfoot, Yeti, or the Loch Ness Monster, cryptozoology, meanwhile, is the study of these creatures. And final term of art before we move on to 340, you mentioned paper and pencil. So could you just tell our audience what that means? Is that literally paper and pencil? You're sitting there like you would with Find a Word or a puzzle or a book on sitting on the plane or something, or is it a bit broader than that but it's not quite encompassing?

David Oranchak: Sure. Yeah. When I say paper and pencil or pen and -- pen and paper, I tend to be referring to what's known as classical cryptography, which are methods that you don't -- don't require modern technology like computers and use complicated mechanical devices in order to do the substitution, transpositions, and all the other schemes that you can think of to hide messages. So these are things that people can do out in the field with the simple equipment, with literally a pen and paper or something similar to both encrypt and decrypt messages. So, given the key, you can just follow the simple procedure to both apply the encryption method and to reverse it to get the original message, whereas, when you get into the modern era, we start to have computers and sophisticated technology and complicated mechanical machines to actually implement these -- these schemes. So you can't use simple equipment any more to -- to both implement and to decrypt the messages. You have to have this technology. For instance, modern cryptography that we experience every day relies on very advanced methods that computers implement in order to protect important information, like your banking information, your private documents and so forth. You have -- you can't really do any of that with pen and paper. So the technology has come a long way since the classical era, which had been thou --

Andrew Hammond: Consists of most of human history.

David Oranchak: Thousands of years of, you know, this arms race of, you know, trying to out clever your enemy with ways of hiding information using simple methods.

Andrew Hammond: Just help me understand how that's periodized. So you have classical cryptography, which you mentioned. And what comes after it? Is it modern cryptography or another Enigma? So electromechanical devices? That's somewhere in between the paper and pencil and modern? Is that -- is that an outlier period, or is that also classified as modern cryptography?

David Oranchak: Yeah. I think, I would say that Enigma is a good example of modernizing the ways in which people had been doing cryptography in the past because it uses -- it's comprised of simple substitution at its core. But every time you press a key on that Enigma machine, it's changing the configuration of rotors. So there's a completely different substitution key for the next letter. But it's a deterministic or a predictable arrangement based on your starting condition for the machine. So when you have the settings correct -- and that's what the Germans had to do. They had to make sure that the sender and the receiver had the same settings on both sides in order for the message to be decrypted on the other side. So the machines had to be set up in the same way and constructed in the same way. But, at its core, it's relying on some fundamental basic ideas in cryptography like substitution. And in the case of Enigma, it was using poly -- polyalphabetism to basically, instead of just one key, you have a whole bunch of keys. And in order to determine that bunch of keys, that relies on that particular configuration of the Enigma machine and so forth. So, yeah. I think there was a lot of research being done into -- taking all those simple strategies and making it much more difficult to reverse the process and to remove the weaknesses from -- from the old methods because, when you do simple substitution, the message ends up with these clues in it that tells you, Oh. This letter is probably standing for this letter because the letter E is the most common letter in English. So that kind of peeks through the cipher text unless you add even more methods on it to conceal it. So that's kind of the arms race in cryptography is removing vulnerabilities and weaknesses in the encryption schemes, you know, as we move through time.

Andrew Hammond: We'll move on to 340. So 51 years it stumped everyone. Why was it so difficult? Why was this cipher so difficult to unpack?

David Oranchak: Yeah. It was very difficult. There's a lot of reasons why it was so difficult. The main thing is, like with any unsolved cipher, you have to identify the scheme that's being used in order to focus your attack because different schemes have different weaknesses. So you -- once you identify the scheme, you want to be able to take advantage of those weaknesses to concentrate your decryption attempt. With the 340, no one really knew exactly how it was encrypted or even if it had a real message in it because it had gone for so long without being solved. For a long time, people assumed that it may have been just like the first one, that it was a substitution cipher. In particular, the 408, it's known as a homophonic substitution, which just means that, instead of substituting a letter with another symbol or another letter, it can be assigned to a number of symbols. So, for instance, in the 408, the letter E in the original message was substituted for one of seven different symbols. So, when the Zodiac was putting together his message, he could choose multiple symbols to substitute for the letter E. And this made it a little bit harder to crack but not so much that it wasn't crackable So a lot of people assumed, okay. The second cipher, the 340, looked a lot like the 408. So maybe it was also a homophonic substitution. It had a lot of the same kinds of symbols. It had the same grid-based arrangement. It just looked very similar. So people just kept trying and trying and trying to find the key for it and failing. And what ended up happening eventually was cryptography researchers discovered that there were statistical patterns in the ciphertext. So that's one of the things you do as a codebreaker is you look for patterns and interesting statistical qualities of a ciphertext. In the case of the 340, there was evidence of transposition, which shows up as what's known as periodic repetitions. So it's where information will be repeating but at predictable intervals instead of at random places. So a lot of researchers believed that there was some kind of transposition going on, that he had rearranged the message somehow before doing the substitution or maybe even after doing the substitution. So, because of those clues, we were trying all these different ways that you can transpose a message. There's so many different schemes out there that -- that can do that like reading in diagonals, reading in spiral directions, splitting it up into segments, into quadrants. It's basically limited only by the imagination of the codebreaker. So it became very difficult to try to rule out all of these different schemes because there are so many of them. That was the main difficulty was trying to identify the scheme being used. What we discovered was it was using transposition. But, on top of that, not only did you have to identify what kind of transposition was being applied but how the message was split because he applied the transposition scheme to three different portions of the cipher, which means you couldn't just attack it like assuming that it was, say, columnar transposition or diagonal, strictly diagonal reading, some kind of route, a zigzag, whatever. So identify the transposition schemes, identify the dimensions and placement of the sections, and then figure out the error that he made in the second section. That was another thing that was making it very difficult to -- to unravel the scheme. He had made some mistakes in the second section that disrupted the transposition scheme. And then, finally, you have to also figure out the correct substitution key. So there were a lot of different ingredients, a lot of ingredients to the puzzle that had to be identified in order to come up with the correct solution.

Andrew Hammond: So this is almost like imagine you have a square sheet of paper, and you see a lot of Egyptian hieroglyphs. But, unknown to you, there's three different sections within the hieroglyphs, and they refer to three different languages. But you don't know which one refers to French, English, and Spanish. You have to try to work out which refers to which. Or is that a bad way to describe it?

David Oranchak: Similar. Yeah. The -- not only did -- so there was -- you need some kind of consistency in the scheme in order to be effective with the -- with codebreaking. So even though we identified the scheme for the first section, it didn't quite work perfectly in the second section because one of the lines was shifted a bit. So, when you apply the scheme, every time you hit that shifted line when you're reading diagonally, which is what the transposition was, it was kind of this diagonal reading direction, every time you hit the shifted line in trying to decrypt it, it would break up the plaintext. So it made it seem like gibberish. Like, it made it seem like it was almost all right but not quite right. And then he had also put a piece of text that was not even transposed at all. So it was just reading normally. The words life is, you just had right there in the top of that second section. And so you had to know to avoid that when you're reading it diagonally and also to shift this other line by one position. So it was -- that section was very tricky. And then the third section was just the bottom two lines of the cipher where all he did was, every few words, he would reverse them. He would reverse the spelling. Like he had the word paradise, but it was flipped around. Life will be an easy one in Paradise was the plaintext there. And some of those words were written normally, and some of them were written in reverse. So once you could see that, you can kind of manually reverse the words to decrypt that portion. So it was very challenging to -- to solve it. And if there had been any more difficulty with it, it probably would still remain unsolved.

Andrew Hammond: Very briefly, and a probably terrible analogy, mentioned hieroglyphs. But hieroglyphs are examples of ideograms. And the Zodiac killer used ideograms in his ciphers. Could you just tell our listeners a little bit more about them and -- and how or if they made it more difficult to understand what he was doing.

David Oranchak: Yeah. He -- so the symbols he used in his cryptograms, so he's got four ciphers total. The first one was solved back in the late '60s. The second one took 51 years. We solved it December 2020. He's got two more that are still unsolved. There's the 13 character cipher and the 32 character cipher. And those use similar symbols as well. He uses a combination of regular letters, reversed letters like rotated letters, and some letters that might look like they've been pulled from the Greek alphabet. Some of them are just shapes like triangles and circles and different variations of them. So a lot of the Zodiac case researchers will look into, like, sources of where he might have gotten the inspiration for the symbols. And, of course, there's hundreds of different sources where you can find similar some symbols. And people have tried to assign different levels of importance to such things like, you know, these look like weather symbols. You know, that maybe he had some connection to, you know, being a meteorologist or having an interest in -- in that. A lot of the symbols can be found in cartography. So maybe he was -- had some expertise in mapmaking. In fact, a 32-character cipher involved a map. He mailed it with a map and said, If you decrypt his cryptogram, it would show where I planted a bomb that I made.

Andrew Hammond: And he refers to magnetic north in that map as well.

David Oranchak: Right. Yeah. So he's -- he understands the difference between, you know, geographic north and magnetic north. Later in another letter he has a hint that refers back to that cipher where he says, By the way, the code refers to radians and inches along the radians. So it's even more kind of obscure technical jargon referring to radians, which is the angular measurement and a way of using radians and inches to -- to specify a location on a map. So maybe he had some kind of orienteering knowledge that he picked up in the military. So there's all these different ways you can break down these perceived clues in the letters and ciphers to guide an investigation. The other symbols that are interesting, of course, are, you know, he's always signing the letters with the crosshairs symbol. So he's very strongly associated with that. And then he has some kind of mysterious symbols in some of his other correspondences, like the -- there's this kind of looks like a mountain shape or a Z and an F join together. It's kind of this jagged symbol that he included on the Halloween card. And he's got some weird -- almost looks like fragments of Japanese lettering. And on the exorcist letter, it's known as the exorcist letter. So, of course, people have taken a look into those to try to come up with theories about where he might have gotten those or if there's some kind of meaning behind those particular symbols as a standalone kind of mystery separate from the -- from the cryptograms.

Andrew Hammond: How would you describe it, just for somebody that maybe wants to look up? Technically, if there was a technical term for the 340 Cipher, is there -- like, what label would you put on it? You mentioned homophonic, and polyalphabetic and so forth. Like, what would the technical label be for the 340 Cipher?

David Oranchak: I would call it maybe a combination cryptosystem or a substitution transposition cipher with -- with sections and some complications. I mean, the -- I don't really know how to characterize or if there's a name for a cipher where you have you -- you have to reverse an error in order to come up with the right answer. It's just a combination cryptosystem system with mistakes.

Andrew Hammond: I think it would be quite interesting to discuss the difference between 408 and 340. So 408 comes out. It's quickly solved by the couple that were referred to. And then 51 years for 340. As somebody that's spent probably some of the best years of your life working on this stuff, give our listeners that are not familiar with this world what's the step up? What's the difference in levels. Is like 408, you know, if zero is the easiest and 10 is the most difficult, is 408 like a 2 and 340's like a 9.8 or something? Or I'm sorry if that's a bit crude, but just help the listeners understand how this one that was solved within weeks then stepped up to be one that took over half a century.

David Oranchak: Yeah. I don't know if I would place the -- I think 408's about a 2. I think that's accurate. I think, when that cipher came out, it was published in the papers. And there was, of course, a lot of attention placed on the fact that ordinary citizens solved it. It wasn't the authorities. It wasn't some, you know, cryptography researcher. It wasn't the code -- like codebreakers, professional codebreakers and so forth. So that kind of gave it -- gave people a sense that it was harder than it actually was. I found out later that the FBI didn't actually get the cipher until after the Hardens had solved it. So by the time it had reached the FBI codebreakers at that time, it had already -- the solution had already come out in the papers. And they basically just confirmed that they were on the right track, that they had the right answer. But the cipher 408 had a lot of weaknesses in it because of the -- it being just a simple substitution. And the message was long enough to where there were a lot of patterns that could be exploited. The 340 used simple methods but arranged in a complicated way, which made it very difficult. I think that, compared to the stronger encryption of more modern -- or the more modern age, and even some of the cryptographic systems from World War II, you know, like Enigma, for instance, is very difficult to break without knowing the settings. And so the 340 I would say is very difficult, maybe around 7 or 8. But it, too, has weaknesses. If it wasn't for those statistical patterns that we saw on it, we wouldn't have suspected transposition and may not even -- have even gone down this path of, oh, maybe it's just some kind of weird transposition that he adjusted or made a mistake in. There was a lot of luck involved, too. So it wasn't just that there were these clues in there. But there was also a lot of luck because, when I said earlier, Sam sent me all these variations, these 650,000 variations of the cipher texts. We had to feed them into separate bit of codebreaking software that Jarl, the Belgian programmer, Van Eycke, he made this really efficient, fast codebreaking software that could process those hundreds of thousands of cipher variations, basically trying to find the substitution key that might make legible readable text. And so we got one. We got a hit on one of them, but it wasn't for more than a few phrases. So it looked like all the other ones which were coming out with just gibberish. So it looked like all the other failures. But, for some reason, this one had phrases in it that looked interesting. And if we hadn't zeroed in on that, we would have lost that needle in the haystack because that was exactly 1 out of 650,000 different variations that produced even the slightest hint of the real solution of the 340. So it was that bit of luck that really helped it. So that combined with the -- those clues that were in there in the first place contributed to the cipher being solved.

Andrew Hammond: In this episode, you hear a reference to JN-25. Here's an attempt to explain it step by step. So JN-25, Japanese naval code 25, was the name given to the Japanese fleet's cryptographic system. Imagine a very large codebook where a word is given five numbers to mask its true meaning. For example, you look up enemy, an enemy would be 13679. Aircraft, meanwhile, could be 18790. Say you write a sentence you want transmitted in code. Let's say, We love codes. You would go through the codebook using the numbers alongside each word. Then you would write them out in their five letter groups, just as you would a sentence. For example, We love codes could be 3769845762 and then for codes 78674. But each of these five blocks of numbers would be then superenciphered, which means to encode something that is already encoded. This will be done from what is called an additive book. Now, imagine a separate 300-page book with each page containing 100 random five-digit numbers, for example, 13689 76893 78693 and so on. After choosing a starting place in the book, you would then add these first five numbers onto the numbers from the very first stage of the operation which, remember, was to translate a plain English word into a five-digit block. So 45762 would be added to 76893 using noncarrying or false addition. Essentially, this means that there is no carrying of digits. For example, 8 plus 7 would be 5, rather than 15. The 1 is dropped. So 45762, the word in the codebook for love, to that is added 76893 from the additive book, which becomes 11555. It is that 11555 that is then sent via radio. At the other end, you reverse the process. The first step is to strip away the additive so you know what number to look for in the code. But, to do this, this time, you use false subtraction. So we have our message 11555, the message we sent. Then we have 76893, the number from the additive book that was originally added to 45762 to get 11555. When you do this false subtraction, you end up with the 45762, the five-letter block we started with. You then find this in the codebook, and you see that it means love. Now, imagine being a codebreaker that doesn't know what 45762 refers to. What is worse, to get to 45762, you have to strip away an additive number you're also not aware of. There were some very smart cookies back in the day who managed to do this. Just, like, out of interest, then, how much, like, over the years that you've been working on it? Has it been like a steady amount every day, or has it been fits and starts? Or, like, I'm just trying to get a sense of the sheer number of labor that's involved in this kind of thing. Is that -- are we talking hundreds of hours? thousands of hours? You know, did you reach the genius figure, 10,000 hours? I mean, it just seems like an incredible amount of work over the -- over the 51 years from a whole variety of people all over the world.

David Oranchak: Oh, absolutely. I mean, even just personally working on this thing for about 14 years. It's definitely been fits and starts. It feels like it's been thousands of hours. But it was a lot of -- it was a roller coaster of getting excited about an idea or a hypothesis, like maybe this one will -- maybe this experiment will actually bear fruit. And then you hit a brick wall, and then it's just an absolute failure. Nothing comes out of it. Complete waste of time. Maybe you learn something from that experiment; maybe you don't. Maybe it's just, you know, going down a rabbit hole and not having anything to show for it. But that would often get me frustrated. And I would stop for a while, spend a little too much time working on this stuff and need to spend more time with family.

Andrew Hammond: You don't want to end up like Robert Nesmith.

David Oranchak: No.

Andrew Hammond: Losing your relationships and so forth.

David Oranchak: Exactly. Yeah. Everyone's in danger of that. I think about that a lot because so many people have gotten into this case and have spent a lot of time that was spent on the wrong path. I've gotten thousands of solution proposals from people over the years and their ideas about how the ciphers are solved. And some of them are very convinced that they're right. Even today, after the 340 solution came out, there are still a few holdouts who disagree with the official solution and still think that theirs is the correct one. But it's very easy to fall into that trap of thinking that you're actually on the right track and being completely far off because of misunderstanding in cryptography or just in separating something that's real from what's not real when it comes to, you know, analyzing the results properly.

Andrew Hammond: I've listened to some videos and watched some things that you've spoken about, and you're always very humble when you talk about you're a part of a team, and there's people that came before you and so forth. Could you just really briefly tell our listeners about the other members of the team? So I find the story of the Belgian warehouse operative particularly fascinating. But tell us a little bit more about your -- the two main people that you've worked with on this.

David Oranchak: Oh, sure. Yeah. So Jarl Van Eycke is a Belgian warehouse operator. He doesn't even do software development for a living. I don't -- I don't think he's worked as a professional software developer. But he's an extremely gifted programmer. He's very -- once he gets focused on a complicated problem like cryptography, especially with this Zodiac case, he's -- just comes up with these amazing ways of making -- not only making a bit of software to help solve the problem but make it really fast and efficient so that, when you run it, you can process a lot of different ideas, you know, many different ideas very efficiently. And he got interested in the case I guess around the early 2010s, somewhere around then. And he was the same as me. He saw the cipher, got really curious, thought he could use software to try to break it. And his software ended up being crucial. We wouldn't have been able to do any of this without -- without his software. In fact, a recent update that he had put in his software to improve how the candidate plaintexts were coming out of it, if it hadn't have been for that feature, we probably wouldn't have even noticed those little phrases that were part of the real solution because all the text would have been jumbled together, and it would have been hard to read. He made it more readable, more understandable so it stood out more. And so all those different things like that can -- can really make a big difference. Sam Blake, the Australian mathematician, he saw one of my videos on YouTube back in I want to say early 2020, maybe earlier, 2018. And same thing. He got really interested in the cipher. As a mathematician, he had a different viewpoint on how to approach, how to break it. So we started collaborating. He emailed me. And then he had some really great ideas about enumerating all these different possibilities in a systematic way, and then feeding it into the software. And that, too, was a crucial ingredient. And then, even before that, even before meeting the two of them. There was already a community of Zodiac researchers. There were people like Tom Voigt, Mike Morford, Michael Butterfield that had started these big Zodiac websites where they would collect case information. And people would gather to exchange ideas and information and theories about suspects and argue about the case, fight over who's suspect is right, the most likely suspect, and also people coming up with their codebreaking ideas for the ciphers. So, you know, I spent a lot of time on those forums and learned a lot about the case and the ciphers and so forth. So without all this, you know, the community around it and exchange of information, you know, this wouldn't have been possible.

Andrew Hammond: So just as we get towards the end of the interview, what does this tell us about the Zodiac Killer? So it's finally been solved after 51 years. Did that have any contribution towards how law enforcement understand this issue or how the Zodiac community understand who it may have been? Or is it just it's done important work but, unfortunately, it wasn't the smoking gun that we were hoping for that would lead us to identify him. I'm just thinking about Zodiac. So the first one gets solved really quickly. And he ups has game. Someone who's making it in a paper and pencil like way, and he takes it to like a completely different level that takes half a century of technological and computing development and thousands and thousands of hours from people like you to do it. I mean, is this guy, he's like intelligence off the charts? How does he do this? I mean, I feel like if someone said to me write down an uncrackable code, that I'd have to do so much research and so much thinking into it. Who was this guy? What was his level of education? Has this helped us understand who he is? Or are we still where we've always been?

David Oranchak: It's kind of hard to say. But he does -- what we do know from the ciphers, even though they didn't give us his identity that we know of yet, I mean, people still speculate maybe there's a code within a code. So, obviously, there's all kinds of ways that you can try to extract a name from, say, the solution of the 340. But it does tell us that he is competent enough with code making that he can create a working homophonic substitution cipher, in the case of his 408 cipher, and then improve on his technique and come up with a kind of a homemade version for the second cipher, which -- and that homemade aspect is partially why it's so difficult to break because it's not standard. It's not, you know, the typical kind of cipher. Even though he used some classical techniques, he just arranged them in a very unique way, an ad hoc way. So that tells me that maybe he's not necessarily trained in cryptography, but he learned enough to -- to be able to apply some creative insight into, okay. I know how to make this homophonic substitution cipher. It got solved really quickly. How can I make it more difficult? And so he came up with a way -- a way to do it. There's a lot of speculation about where he might have learned his knowledge of cryptography, whether he got it from, say, the military, some of -- some formal training, or maybe he just picked it up in books. He just -- there were books in those -- in that time, for instance, the David Kahn book, The Codebreakers. He may have learned about different cryptography techniques from such -- such places. It was even featured in a lot of pop culture sources like comic books and detective magazines, you know, fictional stories, especially the crime stories that involved, you know, a criminal sending threatening letters and writing secret messages. And the detectives in the stories would have to break these codes at the last minute to avoid some catastrophe. So those stories were common back then. So he may have gotten some inspiration from there. So he strikes me as I would say above average intelligence. I don't know if he's a genius. He projected that he was a genius. I mean, he -- I think he was very creative because he was, you know, applying these different ideas to his ciphers and pulling in all these different kinds of elements into his letters. Like, he made a bunch of pop culture references in, like -- for instance, the 408 cipher, he refers to the most dangerous game. And he refers to the Mikado a lot, the Gilbert and Sullivan operetta. And it's -- you know, he's got -- one of his letters has this huge excerpt from the Mikado. And so he's -- pulls in these pop culture references. He makes himself out to be this super villain that can make bombs and ciphers and that he can't be caught. And he has all these techniques that he talks about like hiding his fingerprints and making disguises. He's got recipes for bombs. He's got the diagram showing, you know, his death machine, which he was going to use to blow up a school bus and so on. So he really does want to give the impression that he's this super villain, untouchable criminal mastermind. But I think a lot of that was the creative aspect of his personality, that he was trying to get attention for what he was doing. And that may have been what he was going for in the end. And he did almost get caught with the Paul Stine killing, the cab driver, where there were witnesses that saw him, you know, commit the crime. And he was wiping down the cab and trying to, you know, eliminate evidence; and he was in a hurry to get out of there. And then he was intercepted by some detectives that were arriving on the scene, but they didn't realize that he could have been the suspect. So he was spotted by the cops. He was spotted by some teenagers who witnessed him. And then he still managed to get away, but he was very lucky. He could have easily been caught that day. He wasn't perfectly uncatchable. He, I think, was just very lucky. If he had operated today, he probably would have been caught. The Kryptos sculpture, the famous CIA sculpture --

Andrew Hammond: The CIA --

David Oranchak: -- you know, the first three -- it consists of four ciphers. And the first three were solved. But then it turned out that CIA had already solved it, but they were keeping it to themselves. But then when Jim Gillogly announced that his -- that he had solved the first three parts, the CIA came out and said, Well, we had already solved this. We beat you to it, but we didn't want to say anything. I guess they wanted to protect their information for whatever reason. So Sam and I had wondered, did something like that happened with the 340? Did they -- did somebody somewhere within some three-letter agency solve it before we did and didn't want to disclose it?

Andrew Hammond: It's funny you mentioned that, Dave. I'm not a three-letter agency, but I actually figured this out years ago. I'm only joking. What was it like when you -- when you actually cracked it? I heard that you said, Oh, S-H-I-T or Holy S-H-I-T or something. Was it deflation? Or, I mean, I'm sure there was elation. But, afterwards, was it like, you know, was it worth all my time or I need a new challenge? Or help us -- just what it was like to actually be one of the people that unpacked it.

David Oranchak: Yeah. It seemed like such a long shot. So when I knew for sure that we were on the right track, you know, at first, I was excited but tentative because I had been there so much in the past, especially at the beginning, looking at it and going, Oh, I'm really on the right track and then hitting a brick wall and then, like, having nothing to show for it. And it happened so many times, I'd gotten used to failure. So when we were starting to see fragments with a real solution in the cipher, I was cautiously optimistic. And then when I took the first section of the cipher and put it in the Jarl's software, and it came out with the full, correct solution for that first section, that's when I knew for sure that we definitely had it, that it couldn't have been just a -- a phantom, a glimmer, or a red herring or like a face in the clouds. You know, it's not really there. It really was there. This was a real thing. So that's when I had that kind of epiphany moment, like, holy shit. This is the real -- this is definitely it. And it was late at night. And I jumped out of my chair and startled my dog. And, like, yeah. That's when -- that's when we knew we had it. But even if we hadn't have solved it, I think that not all the time was wasted because I always felt like I had become a better programmer. I had learned more about cryptography. I had created good relationships with people in the research community and made friends along the way. So, in the end, it wouldn't have been a waste of time. You know, it got me interested in a lot of areas of research that I wouldn't have, you know, before without having gone down this path. So -- but, yeah. There was always that danger of going too deep into the rabbit hole and going down the wrong path and just having nothing, absolutely nothing useful to show for it. So, yeah. Definitely grateful that it worked out the way it did.

Andrew Hammond: And final question. So Z13 where Zodiac killer, My name is... I've heard you say I was aware that it's going to be very difficult to unpack that one just because there's not enough to work with. There's only 13 characters So that just leads another question. I know that your interest in it is different from the people that are sitting poring over the case files and all of that kind of stuff. But do you have a hunch about who it was? Or do you have a couple of top candidates just from your perspective?

David Oranchak: Not really. I think I do like to follow the discussions about the different suspects, and I -- I keep my own notes about, like, that list, you know, with all the different suspects. You know, there's several hundred in that list, and it's just out of the curiosity I have in the case. I always thought not -- I don't think that the Unabomber was the Zodiac, but it's interesting, though, the parallels between them, Ted Kaczynski and -- and the Zodiac case because of obviously the bomb making and the code, the ciphers. And just that Ted was also very creative and very intelligent. And so those kinds of parallels are interesting. I don't -- likely to be the Zodiac, but some people do. Some people are really fixated on him having been the Zodiac. But I do -- you know, I try to keep up with the various suspects. It's interesting seeing people discussing them. They spend a lot of time arguing, and that gets old because they're just going around in circles with a lot of things that you can't really know for sure.

Andrew Hammond: I don't suppose you know off the top of your head if Ted Kaczynski is a Gemini, do you? Just start. Memphis, the sound engineer who you heard before we went on air, he -- he said to me, Can you ask Dave about Geminis because I'm a Gemini, and I've found that lots of serial killers are Geminis. So I don't know if that helps with the case. Probably not.

David Oranchak: That's another element of the Zodiac Killer, which is -- it's interesting because people assume that there's some kind of astrological connection due to his name, but they can't -- there aren't really any obvious ones. People have tried to, you know, look at the crime dates and various times that he mailed letters, the postmarks on the letters and so on. But there's no, like, strong, clear pattern of, you know, him committing crimes on certain signs of the zodiac and whatnot.

Andrew Hammond: Well, thanks ever so much for your time. And just for our listeners, your website is zodiackillerciphers.com.

David Oranchak: That's right. And you can find me on YouTube. Just search for my name or the series that I made called Let's Crack Zodiac. And then I remembered what I wanted to say before about how I felt when we decrypted the message, and that is it felt like we had gotten a brand new letter from the Zodiac Killer. You know, the case had been dormant for so long. His last letter that's attributed to him came out in 1974, which, incidentally, is when I was born, same year I was born. When we started to see the message coming through, it was like he was back to life, so to speak. He was talking to us again, after so many years of not saying anything. So that was kind of eerie to -- to kind of hear the voice of a serial killer. But I think the overriding feeling was that feeling of satisfaction for having gone through this long academic process of analyzing this cipher and it finally paying off. I think that was the -- definitely the overriding thing. But that was in there, too, that weird feeling of getting a message from a serial killer.

Andrew Hammond: Well, thanks ever so much. I've really enjoyed speaking to you. And congratulations. I'm glad all your hard work paid off of you and your collaborators. So thanks ever so much for speaking to me. Thanks for listening to this episode of SpyCast. Please follow us on Apple, Spotify, or wherever you get your podcasts. If you have feedback, you can reach us by email at spycast@spymuseum.org or on Twitter at IntlSpyCast. If you go to our page at thecyberwire.com/podcast /spycast, you can find links to further resources, detailed show notes, and full transcripts. I'm your host, Andrew Hammond; and my podcast content partner is Erin Dietrick. The rest of the team involved in the show is Mike Mincey, Memphis Vaughn III, Emily Coletta, Emily Rens, Ariel Samuel, Afua Anokwa, Elliott Peltzman, Tré Hester, and Jen Eiben. The show is brought to you from the home of the world's preeminent collection of intelligence- and espionage-related artifacts, the International Spy Museum.