Simple Google search unlocks GCHQ code-cracking competition

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

GCHQ logo with cracksGCHQ’s “Can You Crack It?” website, designed to help recruit talented codebreakers for the British government department, is getting lots of attention from the media and bloggers – but some of that may be unwanted.

A number of bloggers and Twitter users have pointed out that GCHQ appears to have done rather a poor job at locking down the website, making it child’s play for anyone to visit the webpage you’re only supposed to see if you’ve successfully cracked the code.

GCHQ code-cracking success page

All it takes to find the page is to use the site: command in Google, as the “Can You Crack It?” webmaster seemingly didn’t hide the success page from search engines.

Sign up to our free newsletter.
Security news, advice, and tips.

Can You Crack It search results on Google

Oops!

Of course, none of this means that the code-cracking competition isn’t still worth participating in. It was perhaps inevitable – once GCHQ’s involvement in the challenge was known – that some would ferret around for chinks in the website’s armour.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.