back to article GCHQ Christmas Card asks YOU the questions

The Government Communications Headquarters (GCHQ), Britain's signals intelligence organisation, has revealed its Christmas card. The boring bits of the card, which will come from director GCHQ Robert Hannigan, is a painting called “Adoration of the Shepherds” from the brush of one of Rembrandt's students. The interesting bits …

  1. Bc1609

    QR code?

    Given the 25x25 grid and the promise of future puzzles, this is presumably a QR code. I'll have a go at it if I have time later today; maybe other readers could share their experiences if they do well with it?

    1. dotdavid

      Re: QR code?

      The QR code resolves to a site that installs a drive-by download root exploit on your phone, which to prove your worth to the organisation you have to detect and either remove or for bonus points feed misleading information to.

    2. Bc1609

      Re: QR code?

      So a brief, non-spoilerish summary of my efforts so far:

      Solving the nonagram does indeed give you a QR code. This takes you to a GCHQ site - which was down when I visited but was cached in google so I used that as well.

      That size contains six multiple-choice questions (A-F), which are combined to form a URL that leads to the next set of the puzzle (e.g. ABCDEF.html). I couldn't work out some of the questions so I wrote a script to check every possible combination for a page that wasn't "sorry, you haven't got them all right, please try again".

      Doing this got me to stage three, which contained four more brain teasers, the answers of which gave another URL. This time the answers were words and so I couldn't brute force it, but the questions were easier and I got through to step four.

      Step four is three number sequences questions, on which I'm completely stuck. Anyone got to step five? Any hints?

      1. Anonymous Coward
        Anonymous Coward

        Re: QR code?

        If that is non-spoilers, you should never apply for a job writing for a TV listings magazine.

        1. Anonymous Coward
          Anonymous Coward

          Re: QR code?

          If that is non-spoilers, you should never apply for a job writing for a TV listings magazine.

          Nah, spoilers would have been the answers.

          Plus, he didn't give away the surprise ending. I saw the ending when a mate of mine completed the challenge and black-clad operatives stormed his cubicle.

    3. streaky
      Black Helicopters

      Re: QR code?

      Guys before you continue you should really watch Mercury Rising - there's definately a life lesson in there.

  2. Yugguy

    I guess it makes sense in one way

    If you want to work there...

    1. Anonymous Blowhard

      Re: I guess it makes sense in one way

      Or if they want to make sure that their codes are secure:

      Mercury Rising (IMDB)

  3. EddieD

    Very cryptic

    The page with instructions won't resolve in my copy of Firefox - I use NoScript and AddBlock, but right clicking doesn't even get a context menu.

    Which leaves the question, how do they know it's me to block me?

    Hmm, no tinfoil hat icon...

    1. Tom7

      Re: Very cryptic

      And attempting to load the image through the link in the article grinds to a halt part-way through. Maybe the first challenge is to get the image to load?

      1. Primus Secundus Tertius

        Re: Very cryptic

        @Tom7

        I picked up this story yesterday from a national newspaper, and downloaded the appropriate GCHQ page. I try again this morning to reload a clean copy, and the site stalls, as you report.

        It is indeed a QR code, but it was getting late and I made a mistake somewhere in the late stages. Like sudoku puzzles, when you find you have messed it up, you have to go back a long way.

  4. Chris G

    17

    If you are a 17 or under loner and you crack this and don't take a job with them, they will think you are a terrorist and the NCA will be treating you as a cyber crim.

    1. LucreLout

      Re: 17

      Well yes, because apparently being capable of anything so simple as SQL injection at that age makes you a sophisticated hacker, according to the troughers at TalkTalk et-al.

      1. Yet Another Anonymous coward Silver badge

        Re: 17

        According to the NCA learning anything that isn't explicilty on the national curriculum makes you hacker cyber terrorist

  5. Anonymous Coward
    Anonymous Coward

    Actually

    It can be cracked by a (nearly) brute force program - first iteration took about 45 minutes computer time (C on a Mac Book Pro) and pretty much maxed out memory (16G). Admittedly there was no real attempt to optimise anything other than remembering to keep it all in memory as much as possible. Possibly post competition end date the Reg could invite and host source offerings?

    1. Blergh

      Re: Actually

      Well it took me 1hr with just a pen. Admittedly a bit slower computationally but cheaper.

      However I now can't be bothered tidying up my workings to get it looking good enough to be read as a QR code.

      1. Richard Taylor 2

        Re: Actually

        Well to be fair it took 5 minutes to code, but I did get a nice ascii picture. Looking at the code again, 10 minutes to code would probably have meant 5 minutes to run, 20 minutes to code and maybe 10s to run :-( but the laptop wasn't doing anything else and I used the time to have a beer

  6. Mark 85
    Black Helicopters

    Either the website is getting hammered or connection to the US is bit erratic. I get none of the directions and just a bit of the puzzle before it dies and it's allegedly 3811X3545 pixels.

    I'm showing outbound and almost no inbound traffic on the LAN connection for this. No joy with either IE or Firefox. I wonder if I should be wearing my tinfoil hat?

  7. Captain Badmouth
    Stop

    The download

    is already on your computer and monitoring everything you do once you click on that link.

  8. Captain Badmouth
    WTF?

    Oooooh!

    El Reg has gone very slow all of a sudden......

    1. Anonymous Blowhard

      Re: Oooooh!

      Same here; did anyone Google "Google"?

  9. This post has been deleted by its author

  10. fedoraman
    FAIL

    Whole GCHQ site is not loading

    at 0950, no pages on the GCHQ site seem to be available.

    Rather embarrassing, no?

    1. Chris Miller

      Re: Whole GCHQ site is not loading

      They should put the site on AWS, oh wait ...

      1. IanRS

        Re: Whole GCHQ site is not loading

        Not just the main GCHQ site. Subgroup sites such as CESG's are also down. Not that the IT security guidance they provide has been updated in line with the new (only 20 months old) government security framework, but they are still useful occasionally. Just not today.

      2. Roq D. Kasba

        Re: Whole GCHQ site is not loading

        They did... I solved the first round puzzle for fun

    2. Paul Shirley

      Re: Whole GCHQ site is not loading

      They just engineered a pretend DDOS on their server, now Cameron has an excuse to authorise whatever slurp they had planned ;)

  11. Crisp

    It's a Nonogram.

    It's a Nonogram.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's a Nonogram.

      Thanks for the link.

      On first glance at the image (ie, didn't read the article), it reminded me of the Mojette Transform. Of course, it's not that since the axes have multiple numbers and the angles are only 90 and 180 degrees. Still, given how thematically similar they are, I wouldn't be surprised if one of the later challenges did involve the Mojette transform.

      Anon, since a puzzle based on MT seems interesting enough that I might some day decide to publish something on it.

    2. Anonymous Coward
      Thumb Down

      Re: It's a Nonogram.

      That explains why I just don't get it, no matter what. My visual reasoning's non-existent. Hell, the Wikipedia article gave me a headache. (I'm serious.)

  12. sam 38

    Non event

    I can confirm it's a QR code. You're not going to like where it leads, though; I thought GCHQ would be above this kind of thing - > http://bit.ly/2roMoD

    1. pabc

      Re: Non event

      upvote for that. Got me.

    2. Roq D. Kasba

      Re: Non event

      Yes...

      Yes I saw that coming

      Yes I clicked it anyway

      Yes I was right

      Yes you get +1 because I did :)

      1. Anonymous Coward
        Anonymous Coward

        Re: Non event

        Now you've got everyone else frightened to click it and wondering if it's a Lemon Party Christmas Special with all the guys dressed in Santa outfits.

    3. Mark 85
      Happy

      Re: Non event

      Have an upvote. It's good to see that some of us are not above that type of thing.

  13. wyatt

    Useful site: www.trueurl.net

  14. djack
    Holmes

    Massive file size

    The JPG is over 500K. Considering that it is just a two colour image on a nonogram board, they could have reduced the file-size to just a few K without losing any content.

    Now, the question is were they really that stupid, or is there some other data hidden in the file?

    I really can't decide which of the two possibilities is the right one.

    1. Tony Haines

      Re: Massive file size

      Given they used hidden data in a previous recruitment campaign, I'd bet the latter.

      Every time they try this, people pick through it and publish their findings on the web. If they cared, they could serve every visitor a unique puzzle which terminates at a unique url. Maybe they're trying to do that this time and that's why the traffic is hobbling it so easily.

  15. Joe Harrison

    NSPCC

    Why am I not surprised that this is their favourite charity...

    My wife used to get loads of mail from NSPCC and half of it was trying to get her to support various campaigns to lock down the internet "to make children safer".

    1. Marvin O'Gravel Balloon Face

      Re: NSPCC

      Just tell them you're in favour of a return to Victorian values and beating children never did them any harm. Worked for me when I was stopped by one of those guys in a green bib while walking through town with the wife and four kids.

      1. Primus Secundus Tertius

        Re: NSPCC

        The Romans had the right idea. Paterfamilias would not tolerate indiscipline in the ranks.

  16. Anonymous Coward
    Anonymous Coward

    What a GCHQ Christmas card might look like

    "We know when you are sleeping / We know when you're awake / We already knew enough to track potential terrorists but didn't / But we want to erode what little remains of your privacy even further anyway".

    I was worried that this didn't scan too well, but I suspect GCHQ will have no problem scanning it along with everything else.

    1. Woza

      Re: What a GCHQ Christmas card might look like

      On those lines: https://www.youtube.com/watch?v=8mMaRmMthWQ

  17. PassiveSmoking

    Santa Claus is coming to town

    The lyrics could just as equally well describe GCHQ with some slight tweaking.

    They're making a list

    They're checking it twice

    They're gonna find out who's naughty or nice

    A government SWAT team is coming to town.

    They know when you are sleeping

    They know when you're awake

    They know if you've been bad or good

    And if your name is Mohammed you'll get dragged off to Belmarsh for enhanced interrogation

    1. Captain Badmouth
      Black Helicopters

      Re: Santa Claus is coming to town

      Very good. A slight tweaking again makes it scan better, with your permission :

      They're making a list

      They're checking it twice

      They're gonna find out who's naughty or nice

      A Black Ops SWAT team's coming to town.

      .

      They know when you're sleeping

      They'll know when you wake

      They'll know everything with the the data they take

      A Black Ops SWAT team's coming to town.

  18. wolfetone Silver badge

    It would have been too much to suggest a donation to a civil liberties group I suppose.

  19. eJ2095

    Its the Talk Talk Logo

    Well they need to arrest a few more etc etc

  20. Ynox

    +1 on suspecting some stenography in the image. 500+k for the image does seem like quite a lot...

    1. getHandle

      And then you look at the headers

      And see that fatal word "Adobe"

  21. getHandle

    Not difficult to solve

    Just tedious. And GCHQ does indeed appear to be down - disappointing.

    1. Eddy Ito
      Paris Hilton

      Re: Not difficult to solve

      Ah but is it down or is the next part of the test how to fix a self inflicted DDOS attack?

  22. Blergh

    Morse code

    I've just noticed that the tiles that are already shaded spell GCHQ in morse code.

    Nice touch but probably useless to the puzzle. Unless it is a clue for the next stage.

    1. future research

      Re: Morse code

      "Morse code

      I've just noticed that the tiles that are already shaded spell GCHQ in morse code.

      Nice touch but probably useless to the puzzle. Unless it is a clue for the next stage."

      You're right, I wondered why some of the easy lines had stuff in them. It only spells GCHQ though, so probably just to humorous way to give a clue on what to do.only spend a few minutes so far as my day job is getting in the way.

  23. FlamingDeath Silver badge

    Minesweeper

    Minesweeper, which is all this is, is not cryptic, not even slightly.

    More interesting is the mention of donating to the "National Society for the Prevention of Cruelty to Children"

    Considering the fact that there is a paedophile ring in Westminster...

  24. Anonymous Coward
    Anonymous Coward

    Solutions

    1)

    a) http://a.teall.info/nonogram

    b) {"ver":[[7,3,1,1,7],[1,1,2,2,1,1],[1,3,1,3,1,1,3,1],[1,3,1,1,6,1,3,1],[1,3,1,5,2,1,3,1],[1,1,2,1,1],[7,1,1,1,1,1,7],[3,3],[1,2,3,1,1,3,1,1,2],[1,1,3,2,1,1],[4,1,4,2,1,2],[1,1,1,1,1,4,1,3],[2,1,1,1,2,5],[3,2,2,6,3,1],[1,9,1,1,2,1],[2,1,2,2,3,1],[3,1,1,1,1,5,1],[1,2,2,5],[7,1,2,1,1,1,3],[1,1,2,1,2,2,1],[1,3,1,4,5,1],[1,3,1,3,10,2],[1,3,1,1,6,6],[1,1,2,1,1,2],[7,2,1,2,5]],"hor":[[7,2,1,1,7],[1,1,2,2,1,1],[1,3,1,3,1,3,1,3,1],[1,3,1,1,5,1,3,1],[1,3,1,1,4,1,3,1],[1,1,1,2,1,1],[7,1,1,1,1,1,7],[1,1,3],[2,1,2,1,8,2,1],[2,2,1,2,1,1,1,2],[1,7,3,2,1],[1,2,3,1,1,1,1,1],[4,1,1,2,6],[3,3,1,1,1,3,1],[1,2,5,2,2],[2,2,1,1,1,1,1,2,1],[1,3,3,2,1,8,1],[6,2,1],[7,1,4,1,1,3],[1,1,1,1,4],[1,3,1,3,7,1],[1,3,1,1,1,2,1,1,4],[1,3,1,4,3,3],[1,1,2,2,2,6,1],[7,1,3,2,1,1]]}

    2) Google "GCHQ's Christmas Puzzle Part 2" and wonder why a robots.txt wasn't used.

  25. Blipvert
    FAIL

    Is the answer: C-H-E-R-Y-L C-O-L-E?

    Well?

  26. Yugguy

    I'm so thick

    I can't even tell why that's the answer while being able to see it, never mind having to work it out from the question.

  27. Lee D Silver badge

    Turing just relied on being able to complete an ordinary-looking Times crossword in 10 minutes (here: http://www.telegraph.co.uk/history/world-war-two/11151478/Could-you-have-been-a-codebreaker-at-Bletchley-Park.html ), followed by a short follow-up test.

    He didn't do too badly out of it.

    "Crossword-solving, like mathematics and code-breaking itself, involves creative, lateral thinking, “not being a robot and following a procedure”."

    A nonogram that my first thought was "QR Code" isn't exactly creative, lateral thinking. Maybe this explains why GCHQ are struggling to match their US counterparts infiltration powers and why our answers tend to be "give us the keys" and "stop people using encryption" instead.

    1. Bc1609

      There are more puzzles than the QR code, and they're rather more interesting. There are even some cryptic crossword clues in there as well.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like