UK SPY AGENCY GCHQ has opened up its online doors to potential shady job applicants with an online code cracking competition.
Fittingly for a role that requires modern thinking and modern cracking, the agency has put out the employment ad through Facebook and Twitter, and a web page that has a very elaborate puzzle.
The puzzle can be found on the canyoucrackit.co.uk web site and requires that users work out a key word by making their way through a grid of letters and numbers and, we imagine, many cups of coffee.
You have about ten at a half days to work out the code, at time of publication. To save you some time we can confirm that the word is not, "password", "monkey", "jamesbond", "thequeen", thelovelyqueen", or "cabbage".
If you crack the code and want to work for the government, you will be redirected to GCHQ's web site and asked to apply for a job.
This is not the first time that the agency has used alternative methods for finding applicants, and in 2007 it was running a virtual billboard for games including Tom Clancy's Splinter Cell: Double Agent.
We have asked GCHQ for more information and will update if and when we get any.
A reader pointed us towards this Freedom of Information request that asks the government some questions about the competition, and indeed, whether it is appropriate for it to be running it, particularly since it was found to be poorly managing one before.
"Dear Cabinet Office, following the fiasco surrounding the launch of the cyberSecurityChallenge web site (without SSL encryption, and co-hosted with prestigious sites like Wizards-Casino.com, registered to a UK individual and former CPNI member using her home address, launched on her birthday (*)) I was intrigued by the advertised launch of the canyoucrackit.co.uk web site," says the request.
"It turns out this recruitment site is (again) launched without the benefit of SSL encryption, so ensuring that aspiring GCHQ applicants can be identified from the content of their communications... by crooks like Phorm, Huawei, TalkTalk, BT, Vodafone, Bluecoat &c and every other foreign intelligence agency illegally monitoring UK telecommunications with impunity."
We have checked, and yes there is no apparent SSL security in place, meaning that we can't help but agree with the suggestion from the poster that this is a hoax.
"The net effect is that anyone skilled in communications encryption, expert in internet security, or wise enough to comprehend the risks (**) of the post they might be applying for, would not touch the site with a soiled bargepole," it says. "That being the case, please could you confirm (or deny)."
The web site is quite open about its lack of encryption, as you can see for yourself in its web page information by right clicking on the web page.
A whois lookup found a rather relaxed attitude to adding ownership credentials - Registrant type: UK Individual, Registrant's address: Somewhere, London, london, W0A 0AA, United Kingdom, which again looks sloppy for a government backed spy hiring operation.
We've asked GCHQ for more information. µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted