How to crack the GCHQ Code Breaking Competition using Google

by on December 1, 2011

GCHQ, the British governments department that listens to electronic communications decided to try it’s hand at social media and launch an online competition to recruit the people who can solve the codes.

When I looked at it, I had about as much success as when i sat their written exam 20 years ago, i.e. nothing.

Out of curiosity, I used the site: command in Google to see what pages were visible and as you can see from the screenshot, the confirmation page is available.


Click to view a larger image

How did this happen?
Looking at the source code, there is no link to the soyoudidit.asp page, so it’s possible that the Google indexed the page before the page was locked down.

How could you solve this
You don’t necesarily want to put the page in your robots.txt as people can look at this so

  • Lock the page down so that it can’t operate as a standalone page
    • I.e it can only appear if the correct code is entered
    • Use Google Webmaster Tools and Bing Webmaster to exclude the results from the site

It strange that GCHQ who are experts at electronic communication and data analysis have failed to add any analytics such as Google Analytics.

Without tracking they won’t be able to tell

  • Which sites and social networks sent the most people
  • People who used Google to try and hack the puzzle
  • People who landed directly on the soyoudidit.asp and therefore didn’t solve the puzzle

We’ve emailed GCHQ to let them know about this and it’ll be interesting to see if we get a response.

How can we help you?
Digital Nation has been optimising web sites for search engines since 1997, so we’d like to think we know a thing or two about how they work.

We can carry out a full audit of your current website and highlight any issues that could cause a problem with the search engines.

If you’re interested, please contact us

Get Updates (It’s Free)

Learn how get more conversions, sales and enquiries with our free newsletter.

Our Privacy Policy

{ 4 comments… read them below or add one }

Andrew December 2, 2011 at 4:14 pm

But you don’t need Javascript-based analytics to get that information. Google Analytics is designed for people that don’t host their own sites or want to embed analytics into their code-behind; it embeds the data-collecting code as Javascript to read HTTP headers & the like and forward it on to the Google Analytics service. GCHQ will either be hosting their own code or have a privileged relationship with whoever is hosting it on their behalf, and so will have access to all the backend server logs; further, all the data that the Google Analytics Javascript uses is available to the ASP pages as they’re being rendered, so they’re liking doing their tracking at the backend without handing their data off to a third-party in the US.


charlesmeaden December 2, 2011 at 5:05 pm

You can always use log files to collect this information and thats maybe what they are doing.

Having worked on several major public sectors, I have a hunch that they didn’t consider it or thought someone else would do.

GCHQ are clearly not hosting the code as the same server also has and several other sites


anonymous December 4, 2011 at 5:26 am

OTOH, you probably fail the interview anyway if you cannot solve the “code”, so it does not matter that much. Regardless, I would not lower my ethics enough to work for the GCHW, regardless of how good my x86 assembly is….


Hacker Kid December 6, 2011 at 5:31 pm

I found the soyoudidit trick first! even faster than you, but you gotta be a british citizen to apply for the job!


Leave a Comment

{ 8 trackbacks }

Previous post:

Next post: