Introducing the BlackHat 2013 #sophospuzzle

Welcome to the BlackHat 2013 #sophospuzzle

This puzzle has four stages:

• Crossword capers.

Our crossword puzzle is fun whether you intend do the rest of the #sophospuzzle or not.

If you want to go on, the solved grid of the crossword will give you what you need for the next stage.

• Algorithmic anguish.

Then comes a touch of mathematics and lots of looping to get the password for stage 3. Technically, this is an easy part – but will your code finish in time?

• Code conundrum.

Here comes the reverse-engineering part.

Everything is in a high-level scripting language, the only numbers you’ll meet are in base 10, and the decryption keys are hard-wired into the code. How hard can it possibly be?

• Hindsight horror.

The final question, which the aforementioned script code will print out for you if you line up the planets correctly, is perfectly unambiguous, if you have all the facts handy. But have you been fastidious enough all the way along?

What you have to do

Solve the crossword.

Then take your completed crossword grid and start at the top left corner. Proceeding clockwise, write down the letters around the very edge of the puzzle, starting with the first letter of 1 Down and ending with the first letter of 7 Across.

You should have 24 letters, two each from 7 and 22 Across, and one each from every other word.

Sort them into ascending order and remove duplicates.

You should have 12 letters left.

Remove any letters from the first half (A-M) of the alphabet.

You should now have six letters remaining.

This is the password to the ZIP archive that contains instructions for the next stage of the puzzle.

However, the characters used in the password are mixed-case, so there are 64 possible ways to convert the letters extracted from the grid into a password. For example, the letters NQSUWX could form the password NqsUwx, or they could form nQSUwX.

You’ll just have to try them all until you get lucky.

What you can win

There’s a prize up for grabs at the BlackHat conference itself, but only conference delegates are eligible. You have to attend the Sophos trade show booth in Las Vegas in person, and hand in your entry before the competition deadline.

There’s also a prize for Naked Security readers, wherever you might be in the world. Readers can submit their entries simply by emailing the answer to puzzlemeister Paul Ducklin ( before the deadline.

That deadline is: 2013-08-01T15:30-7.

That’s 3.30pm Las Vegas time on Thursday 01 August 2013 – the end of the penultimate session break at the BlackHat conference.

Up for grabs at BlackHat, a 3D printer.

For Naked Security readers who aren’t at the conference, a remote controlled model tank.


(Sorry. You can’t win both prizes.)

In addition to these prizes, which will be drawn randomly from all the eligible solvers, we’re offering ten Naked Security T-shirts to reward those who finish quickly.

There are five T-shirts for the first correct solvers of the crossword, and five for the first to complete the whole puzzle.

To tell us you’ve completed the crossword, just email Paul Ducklin ( a screenshot of the finished grid.

Getting hints and help

Follow the hashtag #sophospuzzle on Twitter for general hints, and email Paul Ducklin ( for private advice.

I look forward to your entry!

Best regards,

Paul Ducklin

What do you think?