The Inquirer-Home

Workaround is found for GCHQ cracking challenge

Updated Yes we can crack it
Fri Dec 02 2011, 11:49

THE CRACKING challenge being run by the government to recruit spies is looking more and more ridiculous the more closely we look at it.

Yesterday we and the rest of the internet took the competition at face value, and assumed wrongly that this was the sort of sophisticated cipher that would keep Dan Brown up all night hunched over his desk.

Was it, though? Well it looked like a fairly amateur affair, with loosely set up credentials and no encryption whatsoever, meaning that anyone that used it would have opened themselves up to spooking and spying themselves. Not cool, and not very professional.

So shoddy does the set up look that we asked GCHQ if this was a hoax. "I can confirm that the GCHQ Recruitment Code Cracking Challenge and the associated canyoucrackit.co.uk website are not hoaxes. They are an innovative way of engaging with our target audience," came the reply from a GCHQ spokeswoman.

Well, whatever. What can you say? Maybe the proof of the challenge's credentials is in the code itself, surely that's so complex that only a few brainy souls will crack it and qualify to apply for a job at the agency. No, no, no and no.

We found the solution today in a tweet from @Hex000101, who appears to be a member of the notorious hackers Team Poison. "I cracked it :) ->", he tweeted, before posting the link to his winner's notification, "canyoucrackit.co.uk/soyoudidit.asp."

We clicked that link and were taken to the same congratulatory web page. Then, we visited the main canyoucrackit.co.uk web site and entered /soyoudidit.asp after the URL. Again we were taken to the congratulations page.

This, even to people who struggle to open tins of tuna, was seen as a rather too simplistic solution to what was thought to be a very tough challenge indeed.

We have asked GCHQ whether adding /soyoudidit.asp to the end of the URL is the real solution to the puzzle or just an unfortunate back door.

Update
In a statement GCHQ said that this was only one of the many ways in which users could crack the code, and thanked us for our continued interest.

A spokesperson responded, "The website you refer to is part of the path that a successful code-cracker will follow, and is the moment it is revealed to them that the challenge was set by GCHQ."

He added that this was all part of the fun, and suggested that this was just one of many ways that people could access GCHQ's job notice boards,

"It's not an 'unfortunate backdoor' just another part of the fun and innovative way we are engaging with our target audience." µ

 

 

 

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?