GCHQ Challenge Solution Explained 107
First time accepted submitter DrDevil writes "The British spy agency GCHQ recently published a puzzle at canyoucrackit.co.uk (as featured on Slashdot), now just a few days later an academic at the University of Greenwich in England has posted a full video explanation of the puzzle. The puzzle has three stages and is not at all simple — likely to challenge even the best computer science graduates."
Re:Opaque (Score:5, Insightful)
The ability to recognise codes is precisely what they were testing.
If they had used a week cryptography code everyone would have cracked it, if they had used a strong code no one could (at least no one who didn't already work for their competition).
Utilizing an unexpected but extremely common code seems to be a nice solution.
Re:I thought this was a crypto/cypher challange (Score:5, Insightful)
For better or for worse, modern intelligence agencies are much more dependent on people who can RE software and develop exploits, than they are on pure cryptographers.
This is a consequence of the rolling disaster that is software security, combined with the fact that crypto folks have (mostly) gotten their act together.
perhaps they want to examine packet logs? (Score:5, Insightful)
This is an intelligence agency, and network intrusion programs pumping executable code in the attempt at smashing a stack and jumping execution are pretty common.
Perhaps they want people who can quickly spot x86 assembly payloads from raw packet traces as part of a counter aggression op?
If we assume that their network stack isn't riddled with exploitable stack variables or pointers, and that they successfully prevent the code from running, but log the unrequested network access and dump the binary packets to file for analysis, then having people that can "at a glance" determine what kind of data is in those dumps would be valuable.
Being able to determine what it actually is supposed to do even more so.
With the recent hysteria over scada system cyber attacks (I hate that phrase btw..),setting up a fake scada system as a honeypot and seeing what the cat drags in could also make use of this skillset.
So, the obvious questions:
Does the UK fear it has poorly secured scada systems, or does it fear network worm intrusion on some network segement, and if so, what segments or systems are those?
Re:Not a great challenge (Score:3, Insightful)