GCHQ releases ‘Cryptoy' app to recruit tomorrow’s spies

  • Liam Tung (CSO Online)
  • 16 December, 2014 09:43

The UK’s Government Communications Headquarters (GCHQ), which may have used the Regin malware, has released a far less menacing app that teaches students how to make and break secrets.

If you’re student with a yearning to join the world of cyber-espionage, the UK’s spy agency GCHQ may have the app for you.

GCHQ on Monday released a ‘fun and educational' Android app “Cryptoy” on Google Play, which it hopes will help secondary school students “understand basic encryption techniques, learn about their history and then have a go at creating their own encoded messages.”

The app lets users test four key ciphers developed over the centuries, including Shift, used by Julius Caesar over 2000 years ago; a substitution cipher used by Mary, Queen of Scots in the 16th century; Vigenère, a cipher developed in the 16th century and used during the American Civil War; and Enigma, the cipher employed by Nazi Germany in World War II.

Users make their own messages with any of the four techniques and can share them with friends on social media to test whether they can decrypt the message.

While each of the techniques are broken, they nonetheless teach the fundamentals of encryption and help students develop the “mindset” that cryptographers need, according to GCHQ.

The UK government hopes the app will inspire more students to take up Science, Technology, Engineering and Maths and ultimately help it find tomorrow’s recruits.

“Famously, the government recruited winners of a Daily Telegraph cryptic crossword competition to work at Bletchley Park. Today, I’m pleased to announce a similarly creative solution in the hunt for expertise, but with a 21st century spin,” said UK Cyber Security Strategy, Minister for the Cabinet Office Francis Maude MP.

Should any of the students go on to a career as a cryptographer, depending on where they live and who they work for, they may find themselves on the receiving end of GCHQ's more secretive projects.

Rather than providing educational apps, the GHCQ has been in headlines as the chief partner to the US National Security’s (NSA) global surveillance efforts.

GCHQ’s suspected involvement in an attack on Belgian telecoms provider Belgacom was in the spotlight again after security researchers revealed details of the highly sophisticated Regin malware last month.

Belgacom, which provides services European Commission and European Parliament, in 2013 disclosed it had discovered sophisticated malware on some of its internal systems. The NSA and GCHQ had used spoofed LinkedIn and Slashdot pages to target Belgacom engineers, according to documents leaked by former NSA contractor Edward Snowden. One of the people targeted in that campaign included the Belgian cryptographer Jean-Jacques Quisquater.

Users of the Cryptoy however needn’t worry about potential threats to their own privacy from the app, which does not have any permissions to use features such as a microphone or make phone calls, and won’t access personal data, according to GCHQ.

The app was developed by students on an industrial year placement at GCHQ and was created to demonstrate encryption techniques at the Cheltenham Science Festival. According to GCHQ, it decided to make the app publicly available after receiving interest from teachers who wanted to use it.

The app is currently only available for Android tablets however GCHQ hopes to release the app for iPads next year.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt @simplenomad Register today