Set up and secured by the finest government security specialists.
GCHQ code-breaking challenge cracked by Google search
A simple Google search unlocks the supposedly secret completion page to GCHQ's code-cracking competition. The signals snooping agency launched a codebreaking competition this week, promoted via social networks, that aimed to find would be code breakers that conventional recruitment efforts might miss. The canyoucrackit.co.uk …
-
-
Saturday 3rd December 2011 17:33 GMT Anonymous Coward
Good one
Did you actually read the story?
"The canyoucrackit.co.uk website was set up in partnership with a recruitment agency and at arm's length from GCHQ itself. El Reg doubts anyone from the intelligence agency was involved in setting up the website, but we unable to immediately confirm this on Friday afternoon."
-
This post has been deleted by its author
-
Sunday 4th December 2011 10:30 GMT Anonymous Coward
I spy with my little eye.. A Guardian reader
You're really not getting the whole el Reg forum ethos are you? If you want serious debate and comment I suggest you disappear off to somewhere a lot less fun and disrespectful.
Articles read, yes.
T&Cs of 'challenge' read, yes.
Pisstake, YES.
Attack, no.
I'd get my coat if I were allowed an icon, it's the one with Jeremy Clarkson's latest book in it (heavens no, not for reading, it's for planting in civil service office book sharing club stocks)
-
-
-
-
-
Saturday 3rd December 2011 12:08 GMT Anonymous Coward
Yes. Silly article.
Google could only find the page when someone had solved it and published it first, and a search for the first few bytes of the code showed many bloggers openly collaborating.
However impressive as the exercise was, and kudos to the anonymous Russians that got there first (no surprise there!), I learned a lot. it has has also created thousands more shellcode crackers and VM engineers overnight.
Perhaps an unforeseen consequence, but GCHQ are going to need a bigger and better paid army now.
-
-
Saturday 3rd December 2011 10:52 GMT advocate
if you add anything to the end of the URL you get a message saying you are on the right lines. for example:
www.canyoucrackit.co.uk/winner
I haven't tried actually cracking any code but I am doubtful there is one to crack, given the relatively low pay and recent publicity for the need of cybercrime specialists perhaps they just want people that can find back doors in websites.
-
-
Monday 5th December 2011 11:39 GMT fajensen
The "benefits" make up for the lack of direct pay. Whatever would one *do* with access to the "lawful interception interface" on the nations network equipment - specifically the ones wired to the banks and the stock exchange?
I know of some former spooks who used their training and connections very well in their "retirement"; however that was the cold war: In these puritan times, one might end up taking a swim inside a sports-bag wearing wimmens clothes and a variety of studded rubber items ....
-
-
Saturday 3rd December 2011 11:32 GMT Jacqui
GCHQ fail
The test was not exactly hard -it can be explained in less that two paragraphs and <100 LOC but I suppose was a good example of the sort of grunt work they expect of staff.
As I said before the real test should be to obtain the info required to solve the puzzle without leaving a footprint. That includes bypassing clicktrackers and leaving fake data in the web logs
during application submission Solving puzzles is one thing - ensuring the target does not know you are on to them just as important .
IMHO there is no direct (trustable) path back to GCHQ - anyone who applies (via the agency site) should auto-fail - those that find and use the correct email address and/or postal address should be shortlisted.
-
Saturday 3rd December 2011 11:42 GMT Rick C
PERFECT, they found a back door. No prizes for doing it the hard way!
If the folk at Bletchley Park had not looked for a back door they would never have cracked Enigma. Hats off to the cheats, the spirit of Bletchley Park is still alive and well amongst the same kind of enthusiastic amateurs who helped win WW2. Let's hope GCHQ have learned a valuable lesson!
Rick
-
-
Monday 5th December 2011 10:16 GMT Paul_Murphy
But BP wasn't about Enigma
It was far more interested in the 'Fish' traffic that Colossus was built to crack. (http://en.wikipedia.org/wiki/Colossus_computer)
Since the nicely organised Germans were sending very regular reports to Berlin, and getting regular orders back it made working out what they were up to a lot more straight-forward.
Enigma was used 'on-the-ground' for more tactical purposes.
As for back doors I would recommend reading Paul Gannons book: http://books.google.co.uk/books/about/Colossus.html?id=J9ezAAAACAAJ&redir_esc=y
and decided for yourself what constitutes a back door.
ttfn
oh yeah - all hail to the BT engineer Tommy Flowers, who did the work, insisted on using valves and used his own money (http://www.computinghistory.org.uk/det/1078/Tommy-Flowers/) to get the project working.
-
Tuesday 6th December 2011 15:23 GMT Anonymous Coward
Enigma? :)
just have to share - here's my tiny Enigma VM in perl... pity there's no monospace, but it does survive formatting.
A virtual pint for the first person to solve it... :-)
AVWBU ISDDZ NPILY BMQEE XOUSV YDPON
CCQWR BHOPB PZOMC HUZTA TRSBV CB
#!/usr/bin/perl
#Tinigma 2010 Usage:tinigma.pl 123 rng ini "GHWVYYDVPQGEWQWVT"
($n,$o,$p)=map(ord()-65,split//,uc$ARGV[1]);($z,$y,$x)=map(ord
()-65,split//,uc$ARGV[2]);($l,$m,$r)=map$_-1,split//,$ARGV[0];
$t=uc$ARGV[3];$t=~s/[^A-Z]//g;$b=26;$j=0;@N=qw(7 25 11 6 1);@R
=('EKMFLGDQVZNTOWYHXUSPAIBRCJ'x3,'AJDKSIRUXBLHWTMCQGZNPYFVOE'x
3,'BDFHJLCPRTXVZNYEIWGAKMUSQO'x3,'ESOVPZJAYQUIRHXLNFTGKDCMWB'x
3,'VZBRGITYUPSDNHLXAWMJQOFECK'x3,'YRUHQSLDPXNGOKMIEBFZCWVJAT'x
3);@t=split//,$t;for$v(@R){$i=0;for(split//,$v){$c=ord()-65;$F
[$j][$i]=$c;$R[$j][$c+$b*int($i/$b)]=$i%$b;$i++}$j++}@S=@{$F[5
]};$f=$y==$F[$m][$N[$m]]?1:0;$i=0;for(@t){if($f){$y++;$y%=$b;$
z++;$z%=$b;$f=0}if($x==$F[$r][$N[$r]]){$y++;$y%=$b;if($y==$F[$
m][$N[$m]]){$f=1}}$x++;$x%=$b;$e.=chr(($R[$r][$R[$m][$R[$l][$S
[$F[$l][$F[$m][$F[$r][ord($_)-39+$x-$n]-$x+$n+$y-$o]-$y+$o+$z-
$p]-$z+$p]+$z-$p]-$z+$p+$y-$o]-$y+$o+$x-$n]-$x+$n)%$b+65)}
print"$e\n"
-
-
-
Saturday 3rd December 2011 14:24 GMT charles blackburn
http://canyoucrackit.co.uk/soyoudidit.asp
So you did it. Well done! Now this is where it gets interesting. Could you use your skills and ingenuity to combat terrorism and cyber threats? As one of our experts, you'll help protect our nation's security and the lives of thousands. Every day will bring new challenges, new solutions to find – and new ways to prove that you're one of the best.
i lol'd
-
Saturday 3rd December 2011 14:24 GMT Gary F
I found the back door too
The code to unlock it is in javascript which seems pretty daft on top of the winning page being a static page. Surely they were being this daft intentionally? Mind you, as they're only paying a £28K salary to the winning applicant they aren't exactly going to great efforts to attract the smartest brains out there.
The heroes of WWII Bletchley Park would be embarassed if they knew.
And I agree with the point made by others that it doesn't matter how the solution is reached, either through the front door or a backdoor. And it's just crazy that GCHQ had such a big back door on their website. Hopefully they're just responsible for cracking other countries' security and not protecting our own!!!!
-
Saturday 3rd December 2011 17:33 GMT Pete Spicer
To all those wondering how Google got it
What are the odds someone on high actually used Google Chrome or Firefox to test it worked? Since those browsers send a request to Google to verify that the site isn't malware laden, it's no great stretch to assume that it also covers discoverability and silently adding it to the index...
-
-
-
Monday 5th December 2011 10:16 GMT Sir Runcible Spoon
Sir
"you'd be better off working for the bad guys"
That really says it all. Have you truly thought that one through?
Spooks are unfortunately necessary in this day and age, and they need to be kept on a short lead by those who are publicly responsible for their actions; but to suggest that working for Blofeld would be better is just asking for a swim with the laser bedecked sharks.
-
-
Saturday 3rd December 2011 22:06 GMT Anonymous Coward
Are you really sure about that?
Ahem - isn't this hex "puzzle" just a PR gimmick? The real test all along was to find the backdoor (i.e. using the Google site: tag) and go through it to move right along to the next stage (the GCHQ careers page!). Mind you, the press have also done their bit flawlessly - everyone now knows what the backdoor is! Ok, a certain devious cleverness there - but I certainly wouldn't put it past 'em :).
Usually you need a "crib" - an inspired guess, a known weakness/pattern, or some other side-channel data - to crack supposed ciphers anyway. So has anyone *genuinely* cracked the hex, explained convincingly how they did it and said what the keyword is? No? My point entirely...
-
Sunday 4th December 2011 08:01 GMT Anonymous Coward
YES they did
several people have cracked it the long hard way they don't need people of can figure out Google they need people who can turn what little fragments of intel they get into usable product. Sometimes its a cluster on shattered hard drive that's all they have of the data and its gotta be sussed. Some F*c*wit using Google trick or html trick aint any use its not hacking TGP p0rn links.
-
-
Sunday 4th December 2011 15:26 GMT Jeff 11
Google is pretty bloody irritating for websites; either you have to develop them on a totally private network, or if you can't do that, add some form of authentication layer around your dev site. If you don't, Chrome and Google Toolbar will quite happily send off what would otherwise be invisible, unlinked URLs as 'usage data' to Google when you visit them.
-
This post has been deleted by its author
-
-
-
-
-
Wednesday 7th December 2011 13:43 GMT Ross 7
@Simon Neill
You don't know any teachers do you? Working 9 while 3? Rofl!
Regarding the benefits, I presume the ad said "plus pension" but then that kinda changed ;)
I don't think that ad is looking to attract anyone important - just somone with an IQ > 90 to do some grunt work. The "test" is just to make it sound cool and interesting, when the job is anything but.
-
-
-
Sunday 4th December 2011 21:49 GMT John Deeb
Google does actually more
"Google follows links so is there a link somewhere to the success page?"
While that might be very probably and underrepresented in many new stories on this none-item it might come as a surprise to some that the Google Bot is a bit more adventurous than just "following links". Sometimes it actually does "guess" the URL by putting in certain keywords not only in the query but also in atheresource path.
Don't ask me why, it just does and it takes a few years following (occasionally) bots around in log files to know it does.
Another mystery solved! Can I get that job now?
-
Sunday 4th December 2011 22:53 GMT Anonymous Coward
It all sounds a bit too easy really, doesn't it? Sort out the twats who google for a living first then see who gets to the real meaning in the code. They're not looking for the average arsehole who posts on here ( myself included) but the type of person who thinks outside the box ( not what you're thinking google fanatic, go back to yewer pr0n). I acn imagine that they've outsourced an apparently obvious puzzle to a bit of an arsehole web agency, but what is the real nested message in the encrypted message. This will sort out the men from the boys. which brings me to my favourite icon.....Paris.... but the bastards at El Reg won't let me post it anonymously, never mind, come the revolution they'll be first against the wall. Where's the Che Guevara icon...?
-
-
This post has been deleted by its author
-
-
Wednesday 7th December 2011 13:36 GMT Robin Szemeti
How much
So after all that, and they were failry tricky questions, I would say putting you in the top 1% of the IQ spectrum .. they offer:
Salary £25,446 (GC10) £31,152 (GC9)
err ... dood, you just screened them for being bright, and you think they are dumb enough to work for those salaries? get a grip.
I'll take a nice contract on £10K a month thanks.
-
This post has been deleted by its author
-
Wednesday 7th December 2011 13:38 GMT Homer 1
Less euphemistic version
I "cracked" their promotion with a slightly more honest version, complete with some pertinent links:
{quote}
Title: Is your soul for sale?
GCHQ, Sponsored by War Inc.®
So you learned how to use Google. Well done! Now this is where it gets interesting. Could you use your skills and ingenuity to help us with our hostile invasion and corporate takeover of sovereign nations, to further the narcissistic goals of the American Empire? As one of our propagandists, you'll help protect greedy bankers, evil corporations, corrupt politicians and the investment portfolios of thousands of morally-bankrupt minions like yourself. Every day will bring new threats to fabricate, new scandals to whitewash – and new ways to screw innocent people.
Civil Rights Violations Specialists
Find out more and apply"
{/quote}
http://static.slated.org/canyoucrackit/soyoudidit.html
-
Wednesday 7th December 2011 13:39 GMT Delbert
Intelligence
I suppose it has to be asked who supplied the url to Google? I have to say I am very tempted to download the page and use it as wallpaper on my android pad , but backdoors and shortcuts are what information seeking is all about. Who has not when confronted with Error 404 rather than run back to google had a little search around with alternate url's they would expect to find and found themselves on pages not normally accessible or in Nerdvana in FTP heaven with direct access to page source files?
-
Wednesday 7th December 2011 13:46 GMT Bill Cumming
the prize is in...
... the journey, not in the destination.
The solution to get the pass code includes grabbing a couple of files from a website.
Those IP addresses are probably logged and matched against people clicking the "apply here for a job" button.
If they get a match then that's the start of the first part of the interview... ^_~
Mine is the coat with the unencrypted Thumb drive from GCHQ in the pocket...