dcsimg
RealTime IT News

That was fun

I wrote two stories (Security Lapses Aplenty Despite Growing Threats and Report: Credit Cards Plentiful in Crime Networks) about Verizon's 2009 Data Breach Incident Report (.pdf) before I learned that it contained a secret code.

Ryan Naraine, a former colleague who is now a Kaspersky rep and security commentator, noted in his twitter feed that the front page was selectable. It was Friday April 17, and I took the puzzle home with me.

The first step was easy. The front cover was in binary, and yielded a bunch of letters.

The next clue, on page 48 of the report, was a Googlewhack, a phrase ("yr puvsser vaqrpuvssenoyr ") that yielded only one result when put into Google. It led me to a code once thought unbreakable, the Vignere cipher. It is a relatively simple word substitution code that relies on a keyword so that each ciphertext letter could mean any letter of the alphabet.

I spent a few hours trying to break it by hand by guessing keywords and failed.

Simon Singh's tool was helpful but it was an app on the Colgate website that allowed me to guess the start of the message instead of the keyword and enabled me to break the code.

I'll leave the rest to you but with two hints: 1) the key phrase is the report's most important recommendation and 2) the first word of the message is a nice one.

Shortly after midnight, I was one of the first to solve it, but not the first. When I came in to the office on Monday, I received this message:

"My apologies for the delayed response but we wanted to make sure we identified the correct winners of the contest. We received approximately 10 submissions within minutes containing the correct deciphered cover text. After several days of quiet, the rash of submissions was unexpected and we were unable to alter the website quickly enough. Hence, too many people saw the "you're in the top 3" message. After checking the timestamps to make sure, you are not among the top 3 correct submissions. We apologize for the confusion and hope you still enjoyed the contest anyway."

I replied, "Thanks. I enjoyed it."

Comment and Contribute