Difference between revisions of "RainbowLeaks"
[unchecked revision] | [checked revision] |
m (concluded) |
(→Completing the QR Code) |
||
Line 26: | Line 26: | ||
=== Completing the QR Code === | === Completing the QR Code === | ||
− | The characters <code>C4</code>, found on the QR code itself, form one of the coordinate locations on the QR code grid that need to be filled in. Scattered throughout the map are other small bits of paper with other coordinates listed on them. The locations of each of these notes can be found [https://imgur.com/a/EzPTD here]. Here is the complete list: | + | The characters <code>C4</code>, found on the QR code itself, form one of the coordinate locations on the QR code grid that need to be filled in. Scattered throughout the map are other small bits of paper with other coordinates listed on them. The locations of each of these notes can be found [https://imgur.com/a/EzPTD here]. Here is the complete list: |
<gallery mode="packed" heights=80px> | <gallery mode="packed" heights=80px> |
Revision as of 19:55, 8 March 2018
RainbowLeaks | |
---|---|
A website called RainbowLeaks, linked to Rainbow Six: Siege. | |
Type | [[List_of_Investigations#Official|Official]] |
Creator | Ubisoft |
Discovered | 2017-11-20 |
Completed | 2018-02-09 |
Main Page > List of Investigations > RainbowLeaks
RainbowLeaks is an ARG for Ubisoft's competitive online multiplayer shooter Rainbow Six Siege. The ARG was discovered on November 20, 2017, starting with the RainbowLeaks website. The ultimate purpose of the ARG was to tease the PVE content for Rainbow Six Siege, titled "Outbreak".
Contents
File 1
On November 20, 2017, a QR code was discovered on the Oregon map. In its original form, the QR code is unscannable; in order to be scanned, the empty space in the middle had to be filled with the correct pixels. In the center of the QR code, and to the side of the QR code, the characters C4
are repeated.
Completing the QR Code
The characters C4
, found on the QR code itself, form one of the coordinate locations on the QR code grid that need to be filled in. Scattered throughout the map are other small bits of paper with other coordinates listed on them. The locations of each of these notes can be found here. Here is the complete list:
These coordinates were used to fill out the empty space in the middle of the QR code. Scanning the QR code leads to the following URL:
http://q-r.to/rnb6TrC
This website displays an image, with the following text in its center:
@rX9p]7'CKr-
Unlocking File 1
Underneath the QR code was a link to rainbowleaks.org. This website contained a locked file named File #1, with the description Dead drop located in Oregon
:
Using the password @rX9p]7'CKr-
(which was uncovered using the QR code) prompted the user to enter their Ubisoft credentials to log into the RainbowLeaks site. Doing so led to a page with the following text:
My Fellow Facters, we have an opportunity to get ahead of a lie before it becomes another cover-up. Truth or Consequences, New Mexico is experiencing an outbreak and the Feds are a little too quick to send “help,” almost like they’ve been prepared. We’ve managed to smuggle intel out of Truth or Consequences through an ARNG associate of the Manifest Destiny Militia. They share our distrust of FEMA and I can’t do this alone. We need all hands on deck here. So whatever your sources, whatever you can provide, share it here so we can all benefit from it. Here’s what we know so far: Truth or Consequences is suffering an outbreak of an undetermined nature. The CDC is front and center, and the National Guard is rendering assistance, but all the pieces fell in place way too easily. This has false flag written all over it, but who’s the bad guy here. So give me what you got… let’s add to this database before someone Jimmy Hoffa’s all the evidence.
There were also 5 images underneath:
Second image (transcription)
Fifth image (transcription)
At this time, it is unclear if these images have any further significance, but they appear to relate to the upcoming Outbreak event.
File 2
On December 13, 2017, the RainbowLeaks page was updated with a second locked file. The description of this file was Dead drop located in Presidential Plane
. Much like the first file, the second file required a password.
Postcards
On the map Presidential Plane, several different postcards were discovered, each holding different text:
Each postcard has one capitalized word, which happens to be a collective noun for a group of birds:
- A murder of crows
- A gaggle of geese
- A quarrel of sparrows
- A company of parrots
- A colony of penguins
- A conspiracy of ravens
It was some time before the significance of the bird names were determined.
Twitter Hint
On December 16, 2017, the Rainbow 6 Siege Twitter account responded to a tweet by a Dr. Sztajnkrycer, whose name could be seen in the first file's documents. The message read as follows:
// Scrambled communication incoming // bggylookocpkvsdzqhkkjhihhuipoforppmigpbgrligldywjbeytteljoopshqcblettersokizzbnrpxsvdtxwaboaflvltwucphrhmipa jbixqmalnnxlsnbhxlpofpwrkkjfnmbstzdpqdfoeukcyafjggfiklpqsotpgwpgmhzuosvbyasnsujorkvpaxhvexgrbebirdsacnoxscsm // End transmission //
The words look
, for
, letters
, of
, and birds
could be clearly seen in the scrambled text above - as such, it was interpreted as another nudge towards the "birds" theory for the postcards. The reply from the official Rainbow 6 Siege twitter was simply:
Cease all communication immediately. Remain where you are.
Unlocking File 2
On December 18, 2017, the second file on the RainbowLeaks site was finally unlocked. Taken together, the words on the postcards read as follows:
Murder not the Gaggle nor Quarrel in the Company of a Colony or Conspiracy
By replacing the collective nouns with their respective birds, this turned into the following phrase:
Crow not the Goose nor Sparrow in the Parrot of a Penguin or Raven
Taking the first letter of each word in that phrase led to CntGnSitPoaPoR
, which was the password for the second file. When unlocked, the file contained the following text:
The President’s plane got attacked! It’s been grounded! Tell me this isn’t coincidence? Was the President trying to shut it down? Was he too close to the lies? Is this Phase II of the Truth or Consequences operation? I’ll tell you something the timing is terrible. It may have cost us a Facter within the inner circle who was helping us. He fired off some intel before the plane went dark, but what did he leave behind? We’ll never know but we’ll have to move carefully. They’re playing for keeps so that means the stakes are high. Keep that data coming, don’t let them derail the train! I’ll have more for you after we talk to some of our friends in the Russian hacking community.
There were also 5 images underneath:
The fourth image reads as follows:
(Something is not clear about this!!) You’ve always admired me for being a straight shooter, so let line this up for you and you polish it however you need to avoid brushing the honorable Senator’s ego. With all due respect to your boss, this isn’t the time for ad hoc stump speeches to the press. The National Guard is a vital component of our military, absolutely, but they are not equipped to handle this situation. This has nothing to to do with breaking the Posse Comitatus or the White House overextending its reach here, and it’s that kind of grandstanding that’s sending panic meters into the red. Truth or Consequences is quarantined, and the President is fully in his right to assign the Army to render assistance in the case of epidemics as he’s done, but don’t fool yourself… this goes beyond quarantine measures. Bellyaching about the Army mobilizing to step in blew the lid on the seriousness of the event before the President could get ahead of this thing. We’re still working on classifying and containing the situation and your boss let reporters walk right on through the front door of our house. Let me set the record straight: we are NOT suspending Habeas Corpus and the President isn’t trying to curry favor or swing opinion polls by acting tough. Every alphabet agency from A.F.I to N.S.A is tasked on finding out the “whys” of the outbreak, but we need the army to contain the situation and SOCOM to render assistance in the evacuation of vital medical personnel and assets from the field. The reports that the citizens of Truth or Consequence are “rioting” remains unsubstantiated. I also don’t know the Honorable Senator thinks he heard about “foreign operatives” rendering assistance in this time of crisis, but for his sake, I highly recommend he unhear it fast. If your boss still listens to you, a highly encourage you to sway him from his current rhetoric. (Covering something Big!!)
with "Something is not clear about this" circled around the areas National Guard not being able to handle this situation, and "Covering something big" circled around the area advising the senator to unhear whatever he heard about foreign operatives.
The fifth image reads as follows:
Phone call Transcript #0245 - █████████████████████████ at 1451 hours [Kevin V.]: I don’t know what’s happening, but they’ve pulled us back outside of town [Alicia M.]: Are they saying anything? [Kevin V.]: No comment. [Alicia M.]: C’mon Kevin. You wouldn’t call me with a ‘no comment.’ [Pause] [Alicia M.]: Kevin? [Kevin V.]: Sorry, Guardsmen walked by. They aren’t happy about “Mother Army” stepping in-looking for a spot to talk. [Alicia M.]: That’s not surprising. So…? [Kevin V.]: Okay. We’ve been hearing gunfire and explosions coming from the town. I tried to sneak some shots and got my other cell confiscated. They almost kicked me out. [Alicia M.]: They’re shooting people? [Kevin V.]: I think-I think they’re defending themselves. [Alicia M.]: Well, it’s New Mexico. They do have a lot of firear-- [Kevin V.]: No no, it’s not that. Al, I’ve been in Mosul and Aleppo. I know battlefield trauma and this is… different. There’s a lot of blunt force trauma or-or gaping wounds… I mean really horrible shit like I’m looking at earthquake victims, not war wounds… no GSWs or explosives-related injuries. I got in closer for a peek, but the med tent is INSIDE the quarantine zone away from their forward operating base, and the injured are mostly soldiers. [Alicia M.]: What the hell is going on there? [Kevin V.]: I don’t know and the Guardsmen I spoke to said they’d probably evacuate us too for our own safety. [Alicia M.]: They can’t do that. [Kevin V.]: It’s not going to stop them, but I’m not going to be around either. [Alicia M.]: Okay… look, you be safe, and keep your fucking head down. If they catch you-- [Kevin V.]: They won’t. You’ll be hearing from me soon.
File 3
On January 23, 2018, the RainbowLeaks site was updated to include File 3, whose description read Dead drop located in Kafe Dostoyevsky
.
Cafe Notes
The same day, the game was updated. Players discovered notes hidden on the Kafe Dostoyevsky map:
Unlocking File 3
Looking at the underlined numbers and the letters on some of the notes, players deduced that the numbers are a book cipher, to be used on the 1st part of the Launch game guide on the Rainbow Six Siege website. Taking the first number for the page of the guide, the second for the line on said page and the third for character in that line, players used the numbers on the notes in the order seen above and got the following string:
2siFO,SeW:ut12Rc
This string turned out to be the solution to the file's password.
Inside the file was the following text:
"We were supposed to rendezvous with our supporters among the Russian hacking community for a tete-a-tete, but our flight got delayed. By the time we reached Kafe Dostoyevsky, everything had gone sideways. They’re saying terrorism but I’m saying cover-up and that tells me we’re closer to the truth than ever. Unfortunately this means our channels are in danger of getting compromised. I’ll be scrubbing our sites and clearing all our dead drops. We’ll have to go to ground for a while; this is our last drop at this location. Let me be absolutely clear… they’ve cordoned off Truth or Consequences and there’re reports of gunfire and explosions. That means the citizens of T or C know the truth, and we owe it to them to spill the beans on what’s happening. I stand with Truth or Consequences, and we will learn their story."
A voice file, containing a recording of a message for a woman of the name Alicia by a man called Kevin, describing his trek into a quatantined area and the infection within. Transcript below:
"Alicia, it's Kevin. I don't know how or if this will make its way to you but if you're listening to this, I'm hoping the worst thing that happened to you today is that they got your Venti Cap wrong again. If that's the worst thing about your day, that means this whole mess got contained, it means the people I care about are still alive, it means that they stopped this- this thing. It's been two days since I snuck into the quarantine zone, I can't call out, I think the Army are jamming cell phone reception, that's why I'm recording this: the last will and testament of an entire town. Truth or Consequences, I can't even, it's dead, Alicia, and nobody knows the half of it. This outbreak, this infection, it's like nothing I've ever seen, i-i-it makes monsters from us, it infects you and then you're a monster, a monster killing your friends, killing anyone you ever loved, that's why there's gunshots and drone strikes out here, that's why the quarantine tent is inside the infection zone. they can't let this thing get out, ever. Even if that means me and everything here gets flattened. I'm fine with that. I don't thinnk there's anyone left to complain. I'm a small price to pay, Alicia. If that means you and everyone else are safe and happy."
5 images were also included in the file:
The fourth image contained a witness report of a evacuation squad being hit by something that completely destroyed a Hummer:
FEDERAL BUREAU OF INVESTIGATIONS DISTRICT OF NEW MEXICO, CITY OF TRUTH OR CONSEQUENCES Date [censored] Case No: [censored] WITNESS STATEMENT we were sitting in the back of the transport truck that was evacuating us when we heard this loud noise like a rumble, but it was picking up speed. Then suddenly, the machine gun on the humvee in front of us goes off, just rattling off bullets for i dont know how long. Then the driver screams "Hold on" and there's a loud *boom* like a crash and our truck slams on the brakes. Next thing I know, we are on top of each other, screaming and crying and the soldiers in the back with us are screaming too. "Whats going on," "Don't stop don't stop!" Like that. A couple of soldiers jump out and start shooting at something, I don't know what because it's in front of the truck, but, they looked scared, you know? Then the truck accelerates and it throws us all over each other again. By the time i get my head up, we're past the Hummer. It's a fucking wreck, like it got T-boned by a tank or something, it was pulped, man, and there's smoke pouring out and-and one of the soldiers is hanging on to the back for dear life. So by the time we grabbed him and helped him in, we were gone from there, but man... in all that smoke. I swear to God, I swear there was something there something - huge. I-I I don't know I keep thinking about it, like I couldn't have seen it, but it was there. Fuck, it was there.
The fifth document contained a transcript of a conversation via SMS between two men, one named Frank (yellow tag) and another named Gene (blue tag). Transcript below:
[YELLOW TAG] They're pulling out. Everything's gone to shit. SMS 4:38 AM [BLUE TAG] What's happening? SMS 5:02 AM [BLUE TAG] You there??? SMS 5:12 AM [YELLOW TAG] Here. I'm infected. SMS 5:12 AM [BLUE TAG] Frank... I'm so sorry. SMS 5:12 AM [YELLOW TAG] Yeah. Me too SMS 5:13 AM [BLUE TAG] Where are they evacing you? SMS 5:14 AM [YELLOW TAG] Nowhere. It's too late. SMS 5:15 AM [BLUE TAG] Fuck that. Let me make a call. SMS 5:15 AM [YELLOW TAG] No, Gene, listen to me. SMS 5:16 AM [YELLOW TAG] This thing can't be contained. SMS 5:16 AM [YELLOW TAG] It isn't Smallpox. Ring vaccination won't work. SMS 5:17 AM [YELLOW TAG] Passive quarantine measures won't work. SMS 5:18 AM [YELLOW TAG] It's a (gene) of nothing right now. The CDC team proved that any vaccine attempt will result in full blown infection. SMS 5:20 AM [YELLOW TAG] Gene. Please. SMS 5:22 AM [BLUE TAG] What am I supposed to do? Let you die?? SMS 5:23 AM [YELLOW TAG] Yes. SMS 5:23 AM [YELLOW TAG] We wanted to know what the ultimate purpose of this pathogen was... It's to break quarantine. SMS 5:25 AM [YELLOW TAG] And it's changing us to do it. SMS 5:26 AM [YELLOW TAG] You can't treat a wildfire. You can only contain it until it starves to death. Tell them to bomb this place Gene. That's your cure. SMS 5:30 AM
Conclusion
On February 9, 2018, the following message appeared on the RainbowLeaks site:
THE TRUTH HAS BEEN REVEALED Thank you to all who participated! To learn more about Operation Chimera and Outbreak, head to http://www.rainbow6.com/chimera
With that, the RainbowLeaks ARG was concluded.