Newly identified Iranian threat actor MalKamak that has been leveraging a new and sophisticated RAT (remote access trojan) dubbed ShellClient that abuses Dropbox for C2 (command and control)...
Born in Israel in 1975, Malicious Life Podcast host Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.
In 2007, created the popular Israeli podcast Making History. He is author of three books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.
Malicious Life by Cybereason exposes the human and financial powers operating under the surface that make cybercrime what it is today. Malicious Life explores the people and the stories behind the cybersecurity industry and its evolution. Host Ran Levi interviews hackers and industry experts, discussing the hacking culture of the 1970s and 80s, the subsequent rise of viruses in the 1990s and today’s advanced cyber threats.
Malicious Life theme music: ‘Circuits’ by TKMusic, licensed under Creative Commons License. Malicious Life podcast is sponsored and produced by Cybereason. Subscribe and listen on your favorite platform:All Posts by Malicious Life Podcast
Encryption comes up a lot in our podcast: crooks use it to blackmail their victims with ransomwares, countries and organizations use it to defend their secrets, and so on. The constant battle between those who wish to encrypt data and those who wish to break these ciphers has made modern encryption schemes extremely powerful. Subsequently, the tools and methods to break them became equivalently sophisticated, culminating in the current development of quantum computers that should be able to crack even the most difficult encryption in no time at all.
In this episode of Malicious Life, we’re going off the beaten track. We’re going back in time, to an era with no computers, no code and no algorithms, and the question we’ll be asking is this: could it be that someone in the 15th century created a cipher that even today’s most brilliant codebreakers and most sophisticated and advanced tools – cannot break?…
About 12 miles southeast of Rome, on a lofty hill, stands an old Italian palace called ‘Villa Mondragone’. The palace was built in the 15th century and was originally used as the summer residence of Pope Gregory XIII, but later became a Jesuit college.
By the early 20th century, the 500 year-old villa was in dire need of repairs and renovation. The Jesuit order was short on cash, and so it was decided to sell some of the old books kept in the order’s library. Some books were sold to the Vatican, and in 1912 the order invited Wilfrid Vonynich – an American antiquities dealer of Polish origin – to buy the rest. And indeed, Vonynich left the villa with some 30 ancient manuscripts.
Of these 30 manuscripts, one piqued his curiosity in particular. It was a 240 page long book, whose style suggested it might have been written sometime in the Middle Ages. Although the language in which the manuscript was written was incomprehensible, it also contained quite a few colorful illustrations: plants, stars, nude women and more. These drawings made it possible to guess some of its content, and tentatively divide the manuscript into several distinct sections such Herbalism, Astronomy and Pharmaceutical information. One section, in particular, does not contain any illustrations – but its text seems to be broken into many short paragraphs, hinting at the possibility that these are recipes, perhaps prepared with the aforementioned herbs.
Being a seasoned antiquarian, Voynich had a deep knowledge of ancient writings – yet he was unable to identify the language in which the book was written: the stylized letters did not resemble any European language he knew. Still, even though he had no idea of the manuscript’s origins or author, Voynich’s gut feeling told him that this unusual manuscript might prove to be of great importance.
It was only when Wilfred Voynich left Italy and had the opportunity to examine the manuscript in detail, that he discovered a letter that was hiding amid its pages. The letter was signed by a German scholar named Johannes Marcus Marci, who in the mid-seventeenth century was the rector of the University of Prague.
Johannes Marci’s letter was sent in August of 1666, and was addressed to Athanasius Kircher, one of Europe’s most notable scholars. Kircher was a professor of mathematics in Rome, but his interests were extensive and encompassed many different topics – from magnetism, to alchemy and medicine. In particular, Kircher was considered an expert in the field of ancient languages, and even claimed to have deciphered the Egyptian hieroglyphs – which is probably why Marci asked for his help.
The letter reads:
“Reverend and Distinguished Sir, Father in Christ:
This book, bequeathed to me by an intimate friend, I destined for you, my very dear Athanasius, as soon as it came into my possession, for I was convinced that it could be read by no one except yourself. […]
Dr. Raphael, a tutor in the Bohemian language to Ferdinand III, then King of Bohemia, told me the said book belonged to the Emperor Rudolph and that he presented to the bearer who brought him the book 600 ducats. He believed the author was Roger Bacon, the Englishman. On this point I suspend judgment; it is your place to define for us what view we should take thereon […]”
We don’t know for sure if Kircher did receive the book, but it’s highly likely that he did. Kircher was an avid collector of old manuscripts and other exotic items, and this one was discovered alongside other books that were definitely known to have been in his possession. After Kircher’s death, it’s likely that his extensive library passed into the hands of the Jesuit order, which kept it for many centuries.
For all his knowledge and skill, Kircher was unable to decipher the manuscript’s mysterious language – or if he did, he never told anyone about it.
The claim that the book belonged to Emperor Rudolph II was also plausible. While 600 ducats, the price that Rudolph supposedly paid for the manuscript, was a very considerable sum – equivalent to some several tens of thousands of dollars in today’s money – Emperor Rudolph was known to be very fond of mysticism, science and medicine, and often purchased books on those topics. Unfortunately for the people who sold him these books, Rudolph’s rein as the head of the Holy Roman Empire came at a time when the said kingdom was no longer an empire nor Roman – and most certainly not holy… The Emperor didn’t have as much money as he claimed to have, and the sellers often had to wait for many years until they got to collect their payment – if at all.
There was one name in particular, mentioned in the letter, that caused Wilfred Voynich to get very excited. This was Roger Bacon, who Dr. Raphael – Joannes Marci’s friend – speculated was the author of the manuscript.
Bacon was a 13th century English philosopher who is credited as being one of the first European scholars to support the use of empirical testing and measurement – as opposed to blindly accepting the views of ancient sages such as Aristotle. Bacon’s heretical views earned him the wrath of his contemporaries, and he was even imprisoned at one point. It seems logical to assume, then, that Bacon had a good reason to publish his ideas in a book written in a language that only other enlightened scholars could decipher.
But for all his attempts and extensive research, Voynich was unable to prove that Roger Bacon was the manuscript’s author. The script in which the manuscript was written did not resemble any other known script, and even the illustrations raised more questions that they answered. Voynich hoped that by identifying the plants and celestial constellations present in the drawings he would be able to use the illustrations as a sort of a ‘Rosetta Stone’, comparing the drawings’ labels to the plant’s and constellation’s known Latin names. Yet the constellations bore no resemblance to the ones we are familiar with, and the herbs turned out to be amalgams of various parts from several different plants. Voynich consulted historians, botanists and astronomers – but none were able to offer any help. This mystery not only frustrated Voynich on an intellectual level – it also prevented him from making any profit off the manuscript, since no one was willing to shell out hundreds of thousands of dollars on a book whose content was completely unknown.
In 1919, William Newbold, a professor at the University of Pennsylvania, announced that he had successfully solved the manuscript’s riddle.
Newbold asserted that each “character” in the script was in fact composed of several tiny letters of an ancient Greek script: so small, that they could only be read under strong magnification. Furthermore, some of the individual tiny characters were rearranged, swapping places with their neighbors: a simple type of encryption called an Anagram, already known by the Middle Ages.
Newbold deciphered the manuscript according to his theory, and came to the conclusion that it was indeed written by Roger Bacon. According to Newbold, the manuscript shows that Bacon invented a microscope and was able to observe tiny cells in living creatures – hundreds of years before Antonie van Leeuwenhoek was able to do so in the 17th century. Bacon also built a telescope and discovered the Andromeda galaxy – again, hundreds of years before anyone else.
If Newbold’s extraordinary claims were correct, this meant that Bacon was an unrecognized genius, who was more ahead of his time than anyone dared to imagine thus far.
Yet not long after William Newbold published his conclusions, several researchers cast serious doubts on his claims. Their main criticism was that when Newbold rearranged the tiny letters to solve the anagrams – he did so without any consistency or a well defined algorithm, but mainly according to his subjective understanding of the text. Who’s to say that Newbold’s rearrangements were more correct or valid than my rearrangements, or yours?
An even deeper analysis of the tiny letters that supposedly make out the larger characters revealed that these “letters” were actually just cracks, formed as the ink dried on the rough animal skin which formed the manuscript’s pages.
Newbold’s theory, then, was cast aside, and the Voynich manuscript remained an unsolved mystery.
There’s a certain group of people who, by their nature, are drawn to these sorts of mysteries like a moth to a flame: cryptographers. Many code-breakers will admit that cracking ciphers is, for them, much more than a job – but an immensely enjoyable intellectual challenge. No wonder, then, that within a few years of its discovery, the Voynich manuscript attracted the attention of some of the best minds in the field.
One of the code-breakers who took notice of the riddle was William Friedman, who during World War II served as the United States’ chief code breaker and led his team to a successful deciphering of codes used by the Japanese military, before joining the newly-formed NSA as its first ever chief cryptologist. You may be familiar with his work if you heard our episodes about Crypto AG.
Friedman devoted many years to the study of the Voynich manuscript, and towards the end of the war he even brought together a group of senior cryptographers who were engaged in a concentrated effort to crack the unknown text. Unfortunately, the war ended and the group disbanded before the researchers could make any significant progress. Friedman continued to work on the text by himself.
Friedman’s rich experience of cracking thousands of ciphers taught him that almost all ciphers share a common trait: they tend to avoid repetition, because any repeating pattern in a ciphered text gives the codebreaker a precious hint at the content of the encrypted message.
Friedman noticed, however, that the Voynich manuscript contains many words that repeat themselves over and over again throughout the text – a fact that hints at the possibility that the manuscript’s text is not an encrypted text at all, but an unknown human language. Since the script did not match any known language, Friedman hypothesized that it might be a constructed or “artificial” language, similar to Esperanto, for example – an artificial language developed in the late 19th century and spoken by about 100,000 people worldwide. Yet for all his efforts, Friedman was unable to unravel the mystery, be it a natural language or a constructed one.
With the rise of electronic computers, a new era began in the study of the Voynich manuscript, as cryptographers found new ways to utilize the computer’s processing power to run advanced statistical analysis on the text, revealing some interesting insights.
For example, most of the words in the manuscript contain five to six letters: there are relatively few longer or shorter words. This finding is in line with Friedman’s hypothesis, because natural human languages tend to be richer in longer and shorter words. In addition, in some parts of the text, there are words that are repeated four or even five times in a row. Again, this is a rare trait in natural human languages: for example, one might say ‘Bye Bye’, but not ‘Bye Bye Bye Bye’.
But other findings cast doubt on the ‘constructed language’ hypothesis.
One analysis focused on the frequency of the letters: that is, how many times does each letter appear in the text. It’s well known that each language has a unique pattern of letter frequency: In English, for example, the letter E is the most common letter in the alphabet, and it appears more than 56 times more often than the least common letter – Q . Furthermore, similar languages who are a part of a larger family of languages, tend to have similar patterns of letter frequency. Interestingly, the frequency of letters in the manuscript’s text seems fairly similar to that of other, natural European languages – which means that perhaps Friedman was wrong after all, and the manuscript’s text is written in a natural language.
Another characteristic of languages is what’s known as Entropy. Much like its use in Physics, linguistic entropy is an indication of the amount of ‘chaos’ present in the text. A low entropy means it is easy to guess what the next letter in a given text will be. For example, if I show you the string ‘ABCD’ – it’s easy to guess that the next letter is E, since the letters are arranged in alphabetical order. A high measure of entropy, then, means th at the text is completely random and gibbershy, making the next letter in a string impossible to guess. Again, different natural languages have unique entropy scores – and statistical analysis of the Voynich manuscripts shows the entropy of its mysterious language is quite similar to that of natural human languages.
It seems that for all their strength, these sophisticated statistical analyses leave us confused: it could be a natural language, an invented language, or a complex cipher. This confusion grew even more in 1976, when Captain Prescott H. Currier, a cryptologist who served as the US Navy’s Security Group Director of Research, discovered that the manuscript is actually composed of two distinct “languages” or dialects of the same language. These two languages, dubbed Voynich A and Voynich B, not only have significant differences in various statistical characteristics such as the distribution of certain words – it also seems that they were physically written by at least two different people.
In light of all the conflicting and confusing clues, it’s no wonder that ever since its discovery there were many who suspect that the Voynich manuscript is nothing but a hoax: a sophisticated forgery of meaningless gibberish, sprinkled with deliberately frustrating and baffling clues.
And if the Voynich Manuscript is a forgery, then naturally the first suspect should be no other than Wilfred Voynich himself. After all, he was the one who ‘discovered’ the book in the first place, and it’s likely that if Voynich wanted to fabricate an old manuscript – he had the tools and knowledge to do so. Given the fact that a previously unknown manuscript written by Roger Bacon could make Voynich a very wealthy man, the motivation for a forgery is also quite clear.
Wilfred Voynich passed away in 1930. His widow sold the manuscript to another antiquities dealer, but the looming suspicion of forgery prevented this dealer as well from selling the book, and it was finally donated to Yale University, where it resides to this day.
But in 1998, a researcher by the name of Rene Zandbergen came across a previously unknown correspondence between Athanasius Kircher, the scholar who was presumably the first to try and decipher the manuscript’s content, and a certain Georg Barch – an alchemist living in Prague. In his letter, Barch tells Kircher about a mysterious manuscript that came into his possession – and asks for his assistance in deciphering its mysterious language.
This letter is significant in two ways. The first is that it predates Johannes Marci’s letter by 26 years, which means that Barch is the earliest known owner of the manuscript. It seems that upon Barch’s death, the book was passed on to his friend Marci – who subsequently gave it to Kircher.
The other reason why this letter is significant is because this discovery was made independently from the discovery of the manuscript itself – which basically clears Wilfred Voynich, posthumously, from any accusations of forgery.
Still, even if Voynich didn’t forge the manuscript, it’s still possible that the manuscript is a hoax – albeit one that was created sometime earlier, before it came into Voynich’s possession.
There’s even a possible suspect: a 16th century occultist named Edward Kelly, who claimed he could communicate with angels in a special angelic language. Kelly was a close associate of another famous historical figure: John Dee, who was the court astronomer and adviser to Queen Elizabeth I. Dee and Kelly visited Emperor Rudolph in Prague in 1586, and it’s not unlikely that they were the ones who sold Rudoplh the fabricated manuscript for a handsome profit of 600 ducats.
However, when the manuscript’s pages were dated using the Carbon 14 dating method – an established and reliable dating technique- it was revealed that they were created sometime between 1404 and 1438, i.e more that a hundred years before John Dee’s and Edward Kelly’s time, thus ruling out this theory and proving the manuscript’s antiquity. This finding also rules out the possibility that Roger Bacon, who lived in the 13th century, is the author of the book.
And there’s another reason, even more interesting, to assume that the manuscript isn’t a hoax. It has to do with a linguistic rule known as ‘Zipf’s law’ (pronounced ‘zif’), named after the linguist George Zipf who proposed it in the 1930s.
Zipf’s Law is based on the observation that every human language has a unique frequency of words – that is, some words appear more frequently than others, much like the frequency of letters which I described earlier. For example, in English the words ‘And’ and ‘The’ are much more frequent than the word ‘Unbelievable’.
Zipf noticed that the frequency of words in any given language – the number of times a certain word appears in an average text – declines in an orderly and predictable way: the most common word appears twice as often as the second most common word in the language, three times as often as the subsequent word, and so on. Why? We have no clear idea: Zipf’s Law is empirical in nature – that is, it is based solely on actual observations. As a side note, it’s interesting to note that this pattern appears in many other types of human-generated data, such as the sizes of cities or corporations, as well as in constructed languages such as Esperanto.
Analysis of the Voynich manuscript shows that regardless of their meaning, the words in the manuscripts seem to follow the distribution dictated by Zipf’s Law with impressive precision, and their frequency is similar to that of many European natural languages. To be sure, it is possible to create a gibberish text that fullfies Zipf’s Law: this was proven in 2019 by two researchers – Torsten Timm & Andreas Schinner – who created a suitable algorithm. Yet it’s hard to imagine how a 15th century forger could create a gibberish text that somehow manages to obey a law that was only discovered hundreds of years later…
And even if someone was able to create such an amazing hoax – why would a fraudster put so much effort into creating a fake text of such a high level of complexity, that no other known forgery from this period in history even comes close to? After all, without our modern analytical tools and linguistic knowledge, none of the hoaxer’s contemporaries had even the slightest chance of uncovering the hoax. Most likely, even a much less sophisticated cipher would have been more than enough to pass every conceivable test that scholars in the Middle Ages or the Renaissance could run it through. Crafting such an elaborate hoax, then, is like creating an ultra-sophisticated robot to chase away birds from a field of wheat – when a simple scarecrow could do the job perfectly well.
In the absence of satisfactory answers, plenty of theories have emerged regarding the origin and content of the Voynich Manuscript. Some speculated that it was a sacred book worshiped by a secret cult, or that Leonard Da Vinci was somehow involved in its creation. There are even those who think that the manuscript could be an alien message: probably the same people who still believe in the myth of the Bermuda Triangle… In the past five years alone, since 2017, there were at least five people who claimed to have solved the Manuscript’s mystery – yet none of them was able to produce a convincing translation of the book’s content.
More than a hundred years have passed since Wilfrid Voynich first dusted off the cover of his famous manuscript – and we are no closer today to cracking that riddle than we were back in 1912. Who knows – maybe the Voynich Manuscript is destined to remain a mystery forever.
On the other hand, Fermat’s Last Theorem – perhaps the greatest mathematical puzzle of all time – endured for more than three hundred years until it was finally proven in the 1990s. As long as there are those who see the mystery of the Voynich Manuscript as a mountain that must be conquered – there’s still hope that one day, we’ll figure out its secrets.