In a style reminiscent of John le Carré novels, the Mossad Cyber-Operations Arm published a recruiting ad with a series of columns of numbers and letters, four pairs of which were highlighted, along with the clandestine unit’s logo, complete with its slogan—a verse from Proverbs, as befits a Jewish clandestine operation— “Where no counsel is, the people fall: but in the multitude of counselors there is salvation” (Proverbs 11:14). To the side of all that came the ad’s recruitment call: “Are you ready for a challenge?”
Since this was a recruitment appeal to folks who think outside the box and enjoy nothing more than cracking riddles and codes, the highlighted group of numbers of letters had to be in the Hexadecimal positional numeral system, which is a base-16 system using the digits 0 to 9 to represent values zero to nine, and the letters a,b,c,d,e,f for the values 10 to 15. And so, the group of four pairs in the ad, “82, d3, 54, aa,” actually stood for an I.P. address of four groups of numbers, which is what every World Wide Web address looks like before it is dressed up with a name.
So, if you’re a devoted code cracker, it should have taken you under 5 seconds to figure out that the highlighted pairs in the ad referenced the I.P. address 220.127.116.11 — where the real challenge began.
“Challenge #1” declares the web page at said I.P., and proceeds:
“Good morning Agent C!
“We require your skills for an urgent search & rescue mission.
“One of your colleagues has been taken hostage by an unidentified group, and is being held in a previously unknown holding facility. Our SIGINT squad has been successful in geo-locating the facility and found indications of an electronic lock mechanism in the main entrance.
“The rescue team needs your help in opening this mechanism so they can enter and search the premises.
“Good luck, A.”
When Agent C clicks the “Start Challenge,” he or she reach a Login prompt, asking them to “Please submit your security token,” which is a challenge since none has been awarded. There’s also a cute icon of a lock with “MaxSec Prison” written underneath, presumably to enhance the tension. The page wants you to upload the security token from your own computer—it notes “File missing” if you sign in without one.
A group of wannabe hackers on Israel’s citizen reporter website Rotter has been attempting to crack the Mossad challenge since Wednesday this week, which is where we’ve dug up much of the information we laid out so neatly for you above. Some of the participants were true hackers, and they were the ones having the most fun, while revealing no real clue as to what happens once you’ve gone past the login page.
One suggested reverse engineering, saying it was fairly easy once he got that part figured out. We have no idea what he meant.
Another suggested saving the little MaxSec Prison icon and then uploading it as the security token. Well, we tried it and received the unkind response: “XMODEM-CRC not matching.” But then another Rotter participant said “the error message suggests an ancient communication protocol,” which used to be popular in the 1980s in BBS groups (If you’re younger than 50 you won’t understand).
One Rotter member offered an official Mossad help wanted page, where one can apply without those clandestine games. Maybe they’ll dispense you a clue if you went over the counter…
Here’s an intriguing message from a member: “If you convert this hexadecimal code using a CRC calculator you get a CRC value for XMODEM which is 2BAD — is that a clue?”
A few members raised the valid question — what hacker reads print newspapers? Is that in itself a clue as to the kind of candidate the Mossad is looking for?