Feeds

Codebreakers find evidence for hidden puzzle in GCHQ challenge

'Tell me I'm on the right track, GCHQ, so I can get some sleep'

Secure remote control for conventional and virtual desktops

Codebreakers are split over whether there might be a hidden challenge in the GCHQ-set code-breaking puzzle set last week.

The signals intelligence agency set a puzzle at canyoucrackit.co.uk in its attempt to drum up potential interest in a career at the spy centre from outside its traditional graduate programme. The three-part puzzle was broken independently by several people, but Dr Gareth Owen, a computer scientist and senior lecturer at the University of Greenwich in England, was the first to post a detailed explanation of the crack.

The challenge involved making uncovering a code-word starting with a 16x10 grid of paired hexadecimal numbers. The first stage involves recognising that the numbers are executable code (a decryption algorithm) as well as unpicking some steganography involving the image of the numbers. The second stage involves building a virtual computer to execute code that, when correctly done, outputs the link to the third stage.

The third stage involves finding the licence key to run a linked program. Finding the licence key involves decoding the program and seeing how it works. Three hidden numbers from the first two stages of the process are needed to get the final answer that reveals the keyword.

Other amateur codebreakers who also tried their hand at the codebreaking challenge included John Graham-Cumming, the man behind the project to build Charles Babbage's Analytical Engine. Graham-Cumming also launched the successful petition for an apology from the British government for its persecution of Alan Turing.

Intriguingly, Graham-Cumming reckoned there might be a hidden part four to the GCHQ Code Challenge because of the amount of non-random data in part two. In addition, GCHQ modified its canyoucrackit.co.uk website to say "The challenge continues"... further suggesting there might be some hidden puzzle.

We put these observation to Owen who got in touch with his contacts at GCHQ, who told him that that data that Graham-Cumming has put under the microscope is just a "random filler" adding that they had wanted to set up a puzzle at this point of the challenge but they "ran out of time to do anything interesting".

That explanation satisfied Owen, at least to the point where he decided not to commit to another all night in code cracking, but not Graham-Cumming, who continues to have his doubts. "I don't believe that's the whole story," Graham-Cumming writes. "There's a distinct pattern worth investigating."

Graham-Cumming explains his theory about a hidden challenge in some detail in a blog post here. He concludes, good-naturedly, "If anyone from GCHQ is reading... can you email me a simple 'carry on' or 'stop wasting your time'. Need to sleep..."

Doubts about the "random junk" explanation in the canyoucrackit.co.uk puzzle arise not just because the spy agency is naturally a master at misdirection but because a previous puzzle from GCHQ a few years back had a hidden solution as well as a main solution.

"The data is far from random at at least one level as I've recovered the key and crypto mechanism as demonstrated," Graham-Cumming added on Tuesday morning. "It has been confirmed that I am correct on that." ®

The essential guide to IT transformation

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.