Download it yourself here: https://www.gchq.gov.uk/news/gchq-christmas-challenge-2024

Every December, the Government Communications Headquarters (GCHQ) presents a cybersecurity challenge to the public— an exciting tradition (the first challenge started in 2021) that both sharpens minds and promotes interest in the field of cryptography and cybersecurity. The 2024 Christmas Challenge is no exception, inviting participants to solve a series of engaging puzzles with a security twist.

Our leadership team at Boudica decided to give it a crack after our morning coffee today!

SPOILER ALERT!! If you haven't given it a go yet, please do before reading the answers below!!

So, what is the GCHQ Christmas Challenge?

The GCHQ Christmas Challenge is a series of puzzles that typically require a combination of logic, mathematics, cryptography, and creative problem-solving. The puzzles range in difficulty, appealing to students, enthusiasts, professionals, and anyone curious about the world of intelligence and security. Each year, GCHQ releases a new challenge, often themed around festive or topical ideas, making it an enjoyable activity for both individuals and teams.

The puzzles can involve tasks like decoding secret messages, solving ciphers, or uncovering hidden information. While some may require a deep knowledge of cryptography, others simply ask participants to think outside the box or use practical skills.

Why Does GCHQ Publish a Christmas Challenge Every Year?

Anne Keast-Butler, the Director of GCHQ, expressed her hope that this year's challenge would inspire young people, the intended audience of the puzzle, to pursue studies in STEM subjects: science, technology, engineering, and mathematics.

“Puzzles have always been at the heart of GCHQ, and the skills needed to solve them are just as relevant in 2024 as they were over 100 years ago,” Ms Keast-Butler said.

“The puzzles are aimed at teenagers and young people, but everyone is encouraged to give them a try – they might surprise you.

The annual Christmas Challenge serves several purposes:

Promoting Cybersecurity Awareness: By publishing these challenges, GCHQ helps raise awareness of cybersecurity concepts among the general public. The puzzles highlight the importance of data protection, encryption, and secure communications—skills that are increasingly relevant in today's digital world.
Engaging the Public: The challenge provides a fun and accessible way for people of all skill levels to engage with GCHQ and learn more about the work of the UK’s signals intelligence and cybersecurity agency. It also allows GCHQ to interact with the wider public and build interest in cybersecurity careers.
Recruitment and Talent Discovery: Many people who excel at the challenge may be interested in pursuing a career in cybersecurity or cryptography. GCHQ uses this challenge as a way to spot potential talent and inspire the next generation of cybersecurity professionals.
Encouraging Problem-Solving: The puzzles encourage logical thinking, creative problem-solving, and teamwork—essential skills in cybersecurity and many other fields. These challenges help participants sharpen their cognitive abilities in a fun, festive setting.

SPOILER ALERT: The Answers!

Question 1) What does this say?

Answer: The describing images give you: Buck, King, Ham, Pal, Ace. Put together: Buckingham Palace!

Question 2) What are you left with once you've removed the award, carrier, character, programme, route, and safety guide?

Answer: As we look at the table, one word from each column can be combined to give you various three word answers for the categories in the question. These are:

The award: Blue Peter Badge
The carrier: Brown Paper Bag
The character: Red Riding Hood
The programme: Pink Panther Show
The route: Yellow Brick Road
The safety guide: Green Cross Code

(observation: You had to be born between 68 and 71 to have come up with these questions - maybe excludes a few teenagers :) - andy

We're left with three words: Black, Pool, Tower -> Blackpool Tower!

Question 3) Complete the sequences:

TROIS, DEUX, __

II, III, __,

OD, __, IM

QG, RH, __

QW, ER, __

JOAN, __, ARC

DLA, NOD, ___, DLO

GRE, AT, ___,TA, IN

KNO, WLE, ___

Answer:

The missing parts of the sequences are:

UN - number one in french
IV - number four in Roman numerals
ER - Do, Re, Mi backwards
SI - We had to come back to this part after figuring out the remainder. The explanation is: QG are the 17th and 7th letters of the alphabet, RH are the 18th and 8th letters of the alphabet, so SI are the 19th and 9th letters of the alphabet.
TY - as in QWERTY, the top line of letters in a keyboard
OF - completes the sequence as Joan Of Arc
CAM - Old MacDonald backwards
BRI - completes the sequence as Great Britain
DGE - completes the sequence as Knowledge

Added together -> University of Cambridge

Question 4) Solve the clues. Only write in each square the single letter, if any, which appears in both the across answer and the down answer.

The answers to the crossword questions are:

Material that jeans are made from: DENIM
Slang word for food (from a pub?): GRUB
Latin dance: CHA CHA CHA
Life___, Hair____, Free___: STYLE
Indian butter: GHEE
____ Voldemort, ____ Asriel: LORD
Football anti-racism campaign: KICK IT OUT
Woodwind reed instrument: BASSOON

After filling out the grid with the matching letters in each column, the answer is revealed as: Edinburgh Castle

Question 5) Replace the words in brackets:

“An American (soldier) named Joe said that avoiding a huge colony of (insects) was the (basis) of him losing his (path).”

Swapping the words in brackets (after a bit of adjusting and thinking) gave us:

solider - GI (short for general-issue, slang for American soldiers -- we actually came back to this last)
insects - ANTS
basis - CAUSE
path - WAY

In order, they reveal the answer as: Giants Causeway

Question 6) We wrote the numbers 1-20 in order below, but made some mistakes. Calculate how far off we were.

Follow the sequence of numbers provided. For each number that is incorrect (i.e., the number you see doesn't match the correct one), subtract it from the correct number. This subtraction will give you a new sequence of numbers. Here's how to do it:

Start with the sequence: 19, 20, 15, 14, 5, 8, 5, 14, 7, 5.
For each number, calculate the difference between the given number and the correct number.
Once you've calculated the differences, you'll have a new sequence of numbers.

Next, take each number in this new sequence and map it to a letter of the alphabet, where 1 = A, 2 = B, 3 = C, and so on. This will give you the final answer.

After applying this process, the final word you get is "Stonehenge."

Question 7) PERHAPS READING the start of this substitution cipher will help you solve it

“ISKGWIM KSWEBDU BN DFN LBIGSKSE BM IKBCWKBQX W QSWEBDU BDEBLWNBFD NF XFO MFQPBDU NGBM WECBNNSEQX ESPBFOM BDBNBWQQX ODKSWEWAQS CSMMWUS.”

To solve the substitution cipher, follow these steps:

Recognise the key phrase: The key phrase is "PERHAPS READING," which appears at both the start of the question and in the answer. This suggests that each letter in "PERHAPS READING" corresponds to a letter in the encrypted message. For example, the first letter of the cipher, "I," corresponds to "P," the second letter "S" corresponds to "E," and so on. This gives us the letter-to-letter mapping.

Create the letter mapping:

 P = I
 E = S
 R = K
 H = G
 A = W
 P = I
 S = M
 R = K
 E = S
 A = W
 D = B
 I = E
 N = D
 G = U
 and so on...

Apply this mapping: Now, use this mapping to decode the entire cipher text.

The encrypted message is:

“ISKGWIM KSWEBDU BN DFN LBIGSKSE BM IKBCWKBQX W QSWEBDU BDEBLWNBFD NF XFO MFQPBDU NGBM WECBNNSEQX ESPBFOM BDBNBWQQX ODKSWEWAQS CSMMWUS.”

By applying the key to the message, we decode it as: "Perhaps reading it not ciphered is primarily a leading indication to you solving this admittedly devious initially unreadable message."

Extract the first letter of each word: Now, take the first letter of each word from the decoded sentence:

P, R, I, N, C, I, P, A, L, I, T, Y, S, T, A, D, I, U, M

This gives us the answer: Principality Stadium!

That was the last of the questions...

Now let's take a look at the puzzle on page 2!

Instantly, we can see binary in the background and a morse code pattern on the map for Santa's Sleigh.

So, just as a recap, we now have 7 locations:

Buckingham Palace
Blackpool Tower
University of Cambridge
Edinburgh Castle
Giants Causeway
Stone Henge
Principality Stadium

Then, we pair each location with the animal's geographical location on the map, as follows:

Buckingham Palace - the polar bear
Blackpool Tower - the dinosaur
University of Cambridge - the hedgehog
Edinburgh Castle - the unicorn
Giants Causeway - the owl
Stone Henge - the lobster
Principality Stadium - the robin

Then, take the corresponding letters from each location given with the animals. This gives us:

EDIN, ECTI, PROT, GDOM, UNIT, EKIN, NGTH

After a bit of reshuffling, we're left with: United in protecting the Kingdom

A great phrase to round off, and something we truly standby, as did Boudica herself, all those many years ago.

But wait, there's a few hidden features on this second page!

Binary Background

01110011 01100101 01100001 01110011 01101111 01101110 01110011
00100000 01100111 01110010 01100101 01100101 01110100 01101001
01101110 01100111 01110011

The above binary code is repeated multiple times in the background of the second page, seperated by a / meaning 'seasons greetings'!

- The morse code for Santa's trail is 'We Wish You a Merry Christmas'!

And for bonus points @GCHQ...?

Inside the PDF file, they haven't wiped the metadata information regarding the software or operating system that exported the PDF file. Oops! Extra points for this? Nothing too serious at least...

<</CreationDate(D:20241210153010Z)/Creator(Adobe Illustrator 28.6 \(Macintosh\))/ModDate(D:20241210160044Z)/Producer(macOS Version 14.7.1 \(Build 23H222\) Quartz PDFContext)/Title()>>

System: Macintosh
Operating System: macOS Version 14.7.1 (Build 23H222)
Software: Adobe Illustrator 28.6
Creation Date: 2024-12-10 15:30:10
Last Modified: 2024-12-10 16:00:44

GCHQ's Christmas Challenge 2024