Simple Google search unlocks GCHQ code-cracking competition

Filed Under: Cryptography, Featured, Law & order, Malware, Privacy

GCHQ logo with cracksGCHQ's "Can You Crack It?" website, designed to help recruit talented codebreakers for the British government department, is getting lots of attention from the media and bloggers - but some of that may be unwanted.

A number of bloggers and Twitter users have pointed out that GCHQ appears to have done rather a poor job at locking down the website, making it child's play for anyone to visit the webpage you're only supposed to see if you've successfully cracked the code.

GCHQ code-cracking success page

All it takes to find the page is to use the site: command in Google, as the "Can You Crack It?" webmaster seemingly didn't hide the success page from search engines.

Can You Crack It search results on Google

Oops!

Of course, none of this means that the code-cracking competition isn't still worth participating in. It was perhaps inevitable - once GCHQ's involvement in the challenge was known - that some would ferret around for chinks in the website's armour.

, , , ,

You might like

21 Responses to Simple Google search unlocks GCHQ code-cracking competition

  1. Embarassing ;)

  2. Jayton · 968 days ago

    Not exactly cracking the code, but I guess gets the same result... as going to their site and clicking careers.

  3. Thanks for the link to our alwaysbetesting.co.uk web site - much appreciated

  4. kevinfielder · 968 days ago

    While I and I am sure many others may be interested in working for GCHQ, they really need to pay considerably more for experienced roles (unless both of the ones advertised are in fact fairly junior?) if they want to attract the best talent.

  5. Gertie Dancing · 968 days ago

    Null and voice? I like it!

  6. Chris · 968 days ago

    Don't you mean "null and void"? I'll assume that was a spell checking/auto-correct blunder.

  7. Michael · 968 days ago

    You only just noticed this? My first though was 'wget'. I'll still give it a try, out of a sense of fair play :)

  8. Bedder · 968 days ago

    I think this is not a security error but a 'Honey pot'. The purpose being to discover the Hackers in the UK for their files. White hat social engineering!

  9. Richard · 968 days ago

    "soyoudidit.asp"

    So they're using "classic" ASP, which was superseded 11 years ago.

    And people wonder why the UK government is stuck with IE6!

  10. peter · 968 days ago

    Why be a slave?
    When u culd be the aktool guvnmnt insted.
    Git moor IMPACT

    Apply here for guaranteed putinplace goingforward delivery for
    Scary Hardworking ... families and driving ...Rollout Any Time Soon to 21st Century traction 4 win-win excellence added value & wealth creating showcase KickStart or DRAW DOWN, potentially - like ennit.

    a big X

    Bloody SIMPLES !

  11. Mike Beckett · 968 days ago

    Seeing what is beyond the winning line doesn't seem like a problem to me. As the test is crossing the line and if you haven't crossed it then they aren't going to be so interested in giving you a medal...

  12. wemix · 968 days ago

    Pr0t3ct!on#cyber_security@12*12.2011+ is the passcode 10 min hmm wonder why they made it this easy oh well its just another day I guess in the world of IT and I just do UNIX and LINUX engineering lol oh yeah I am also a certified ethical hacker lol what a joke ... oh well I have a clearance at least

  13. jarred · 967 days ago

    @wemix care to walk us through the decryption process???

  14. Glyndwr · 967 days ago

    @wemix how did you come to that answer? I am looking at it and can't work it out. Fair play to you.

  15. Jamie · 967 days ago

    Its pointless in the first place, once completed, it just gives you a link to their jobs page anyway. So cut out the middle man, and head straight to the GCHQ jobs on their website, easy, and with 100% less work!

  16. Mike · 967 days ago

    As a thought. Who's to say that the google search method WAS the way to crack it, that it was done on purpose?

  17. 4caster · 966 days ago

    I am more interested in learning how to work out the answer to the problem than in cheating or accidentally discovering my way to the congratulations page. The digits and letters look like they are written in a hexadecimal system which runs 123456789ABCDEF where F=15 in our decimal system, e.g. eb = 14 x 16 + 11 = 235. Converting them to decimal numbers doesn't seem to help, though I haven't reached the end yet.
    But finding the answer the hard, slow way would not impress GCHQ if there are easier and quicker ways.

    • Feefers · 964 days ago

      The first step of the problem is that it's not actually code per-se, it's x86 machine code a fragment of a program you have to run with some missing code in it that you can figure out.

  18. S.V · 965 days ago

    What is really silly is that they should have put down terms & conditions !

  19. J.S. · 965 days ago

    How did Google find it?

  20. MMS · 965 days ago

    Err? The ability to think laterally and circumnavigate a problem is also a very desirable skill set for GCHQ. It will not have escaped their attention that some people discovered this 'back door' early on. The ability to reliably get from A to B successfully is the important part of the process. Apart from that, there are much more powerful computer programs that can handle the pure code breaking.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.