GCHQ Hacking Contest

GCHQ is holding a hacking contest to drum up new recruits.

EDITED TO ADD (12/6): The contest has been cracked, but only because the administrators didn't hide the solution page from search-engine spiders.

Posted on December 5, 2011 at 12:21 PM • 19 Comments

Comments

leEDecember 5, 2011 12:45 PM

And yet they still offer poor salaries and so will probably fail to acquire the talent that they're looking for.

section9_bateauDecember 5, 2011 12:47 PM

It was actually already solved by Google. Just use the site:// feature to win with even more ease.

Open source intelligence is a field they have been trying to get people for, and that would qualify, right?

ICTYBTIWHTKUDecember 5, 2011 12:57 PM

And yet they still offer poor salaries and so will probably fail to acquire the talent that they're looking for.

Years ago, I met a chap who knew a chap who worked there ... and you seem to get quite an interesting eye on what's really going on in the world, and why.

Clive RobinsonDecember 5, 2011 4:31 PM

I had a look at it for a couple of hours yesterday and realised that it was in effect machine code and then stoped for more important things (sunday lunch is important to me ;)

Having used the google sight command I noticed that there were three other "image pages" of 404 errors with odd looking URL's and I was going to follow up on them on the assumption that the use of image files for server error messages was highly suspicious.

Now of course thanks to Grennwich Uni, I don't have to hey ho and so onto the next chalenge should one be posted...

Now here's a little thought, we know the NSA are putting out (supposedly) anonymised data sets for people to analyse and kick back at the NSA if they come up with interesting methods. Maybe GCHQ could run a regular weekly competition and occasionaly slip in a real problem to get it done on the cheap ;)

JayDecember 5, 2011 7:59 PM

There's two chunks of extra data in stage 2's memory that I'd love to hear if anyone has figured out.

I did think it must have been hints to the crypt() reversal (not that you actually needed it, if you had a disassembler.) Spending a week or two running John the Ripper didn't appeal to me... some people must have rather a lot of hardware!

GrantDecember 5, 2011 9:22 PM

Poor salaries or not they still managed to hire talent such as Clifford Cocks and James Ellis who developed asymmetric key algorithms before RSA.

Tony H.December 5, 2011 9:42 PM

Kind of sad that it's so Intel specific. I suppose terrorists and other assorted enemies of Her Majesty wouldn't use anything else, though.

Nicholas Kudrow (Chief)December 6, 2011 4:06 AM

Autistic savants who solve this problem and enter the correct answer will have government assassins sent to their doorstep.

Sincerely,
Mercury Rising Project Team

cronosDecember 6, 2011 7:13 AM

Re: the poor salaries. Who knows, they may find another Turing or at least a Marian Rejewski.

rogerhDecember 6, 2011 10:29 AM

Interesting for the coding techniques the various solvers used.

However, as a job, how do you know who you are working for and whether they are decent honourable people who will, if needed, blow the whistle on the prime minister (or whoever) without fear or favour.

The track record is not good. So that's a no.

NobodySpecialDecember 6, 2011 3:09 PM

Re the poor salaries. Like most government depts with structured pay scales, the majority of the skilled staff are on contract - at much higher rates.

This always happens, to save money the govt announces a hiring freeze or a pay freeze or promotion limits. Projects grind to a halt as recruitment dries up or good people leave. Special case is made to hire them back as contractors at 2x what they were being paid. And everybody looks like they have saved money.


SamDecember 7, 2011 9:39 AM

The reports of "google spidering" the solution are interesting. I wonder if they actually existing _prior_ to people solving it and posting the solution online? How would google index unlinked pages?

jakeDecember 11, 2011 6:40 PM

It was a good fun challenge, it took me a fair bit of head scratching to complete it, especially the part someone mentions above about "two chunks of extra data in stage 2's memory" ie the firmware.

I won't be applying for the job though, the salary is less than i get working in construction, and i don't think i want to know what really goes on behind those doors in case it's as bad as i believe.

Clive RobinsonDecember 12, 2011 5:33 AM

@ Jake,

"I won't be applying for the job though, the salary is less than i get working in construction"

I know of tempory typists that earn more than the salary on offer. Likewise temporary lab assistants / technicians. Many bus drivers start on more money than GCHQ offer...

Also GCHQ offices are in places where nobody on that salary could aford to buy a one bedroom flat let alone a house these days. So either have to live in comparitivly "squalid digs" or still live with their parents etc and travel long distances, often at inconveniant times.

Also due to Maggie Thatcher (80's Conservative PM) you are not alowed to be part of a union to protect your employment rights etc.

The big draw for many in the past was that they knew that if the kept their "nose clean" and did a competent job they would have job security and a reasonable social and retirment package hence they were known as "lifers". Which David Cameron (current Conservative PM) and his cohort of "free market thinkers" has decided is "to generous" and "the country cannot aford it" (whilst giving multi-billion tax "sweethart deals" to his and others "big business free market " chums so they have 1000GBP+/hour deals lined up)...

And although GCHQ do offer training it's very much a "sup with the devil" arangment. So it's still a "dead end job" because the skills are not only "non transferable" you are not alowed to talk about them (ie put them on your CV) or use them if you do leave.

Also back in Maggie's day the "security services" used to stick their nose into your private life big style, as some people found out their friends, relatives and previous employers and educators did not take kindly to being visited by a couple of heavies asking personal and private questions.

Thus the GCHQ employee ended up issolated with little or no life outside of the GCHQ Community (which made the security services job much much easier, thus having "outside friends" was looked at as "not keeping your nose clean")...

Hence GCHQ like a big University provided a substitute and used to have (as David Camerons cohart regard them as "needless expense" to be expunged or made to pay the comercial rates) many societies and clubs to cater for the "social needs" of the GCHQ community.

And as far as I can tell the historic result was that outside of admin staff there are two types working there both of which appear on the outer tails of the normal distribution curve of personality types.

That is those strongly showing the traits of Aspergers and the other group / extream showing the sociopathic tendencies of "political animals", give you a guess which set gets the senior grades and better pay...

As a country the UK will in future times pay dearly for the mindless stupidity of the current and previous governments, because of their over riding narcissistic sociopathic behaviour. As publicaly exhibited by their self absorbed illegal greed (expenses scandle, cash for questions, honours for cash, etc, etc) and very very short term outlook, thus they are much like serious drug addicts, who can only think of their next fix and not able to see how it gets them deeper and deeper indebted to their "dealers".

So like you I certainly won't be working as a "Sararīman" [1] prone to "Karōshi" [2] for them any time before hell is on the other side of absolute zero.

[1] Sararīman : Japanese term for a salaried male worker, literlay "Salary Man" in recent times it has become purjative and equivalent to a "White collar wage slave", or one likely to die from Karōshi [2].

[2] Karōshi : Japanese term for "occupational sudden death syndrom" in apparently healthy white collar workers supposadly in their prime. Literaly it means "death by overwork", on autopsy the usual cause of death is attributed to one oof the "silent killer" diseases caused by significant stress. Japan is one of the few countries that actually record these deaths as a seperate statistic. In the UK something like half of non accident/violence deaths in otherwise healthy individuals under the age of 50 are from the "silent killers" with no apparent causal factors such as smoking or obesity. In some places it's sarcasticaly refered to as "YDS" or "DYS" for "Yuppie Death Syndrome" or "Death by Yuppie Suicide".

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..