On Friday, Pal Kovacs was listening long awaited new album from rock and metal giants Bring me the horizon when he noticed a strange sound at the end of the last track on the disc.
Being fond of solving puzzles and cracking encrypted codes, Kovacs wondered: does this sound contain any hidden message?
His hunch led to the discovery of a hidden hacking-themed website, which at some point was indeed hacked.
Kovacs opened the song in the audio editing app Audacity and, as he suspected, there was indeed a spectrogram—essentially a visual representation of the sound itself—that was actually a scannable QR code. Excited, Kovacs shared his findings in the Bring Me The Horizon’s subreddit.
The QR code led to the hidden site, which is protected by a password that turned out to be a number (93934521) written on the album cover, on the head of one of the characters, called M8. This M8 character speaks in some of the tracks and also appears in the hidden location as a guide.
The site is essentially an “alternate reality game” or ARG, which bands like Nine inch nails have done before as a way to get fans more involved with the band’s music and traditions.
In this particular case, the game consists of a website where, among other things, the band uploaded some unreleased tracks, a folder protected by an “encryption”, which led to more password-protected files, more mysteries and more hidden Easter eggs. some of which are still unsolved and locked by unknown codes.
Kovacs’ discovery set off a wildly decentralized pursuit where thousands Bring me the horizon Fans tried to uncover all the secrets hidden within the site. Days later, the fans are still at it, as the site’s creators add new challenges and puzzles to solve. The fans have a dedicated Discord server with about 3,000 people in it and a shared Google Doc that at the time of writing was about 5,500 words long.
Perhaps predictably, the first day fans found the site, someone hacked it in an attempt to qualify for the game. This prompted the developers to temporarily take down the site and replace it with a warning, asking fans not to real hacking on hacking site.
“It appears that users have illegally hacked into the M8 server to decode hidden secrets,” read the message from M8, the album’s driver, which many fans reported seeing in conversations with TechCrunch. “It is my duty to inform you that this behavior is both disorderly and counterproductive! You see, the whole idea of this program is to unravel the mysteries at an enticing pace, allowing everyone to enjoy the thrill of discovery. By bypassing the system and sharing secrets prematurely, you’re spoiling everyone’s fun!”
It is not clear exactly what the developers meant by hacking the “server”, nor who was responsible. Sony Music Entertainment, the band’s record label, did not respond to a request for comment.
“An email address was found after solving a puzzle on the site, we found it legitimately, but when we sent this email as the site told us to, we got a warning message saying it had been hacked and we might be blacklisted if we try again , we assume it was an old bug from day one when these hackers extracted information from the site,” xDarkMagicianGirl, the owner of the Discord server, told TechCrunch.
xDarkMagician shared a copy of the email some people received after the hacking attempts.
“So a friendly warning: your recent unauthorized access to our website did not go unnoticed. While I admire your enthusiasm, it is time to face the consequences of your actions. If you continue to violate the system, you will be permanently banned from accessing any part of it,” the email read.
“Let’s play fair and enjoy the journey together. Besides, a little patience goes a long way in making the experience truly enjoyable for everyone. So stop being a slob — and play fair!”
