Researcher cracks 'secret' code in U.S. Cyber Command logo
MD5 cryptographic hash translates into cyber defense command's mission statement
A security researcher said on Thursday he was the first to crack the code embedded in the seal of the U.S. Cyber Command (Cybercom), the group responsible for protecting the country's military networks from attack.
Sean-Paul Correll, a threat researcher with antivirus vendor Panda Security, said that the characters visible in a gold ring on Cybercom's official seal represent the MD5 hash of the group's mission statement. MD5 is a 128-bit cryptographic hash most often used to verify file integrity.
A representative of Cybercom confirmed that Correll had it right. " Mr. Correll is correct...it's a MD5 hash," said Lt. Commander Steve Curry of the U.S. Navy, in an e-mail.
"It wasn't very difficult," said Correll, adding that thanks to the clue on Wired.com's Danger Room blog, it took him just a few minutes to figure out that the characters -- 9ec4c12949a4f31474f299058ce2b22a -- were the hash value for Cybercom's mission statement.
"I knew right away it was an MD5 hash, and I was fairly confident that it wasn't a specific file," said Correll, adding that security professionals will often use an MD5 hash as reminders, or to verify that a file's contents after downloading match the original edition.
Correll said he figured out the mystery shortly after 10 a.m. PT Wednesday, within an hour of Wired.com publishing its story.
At least one other code-breaker came up with the same solution. Buried in the nearly 500 comments added to the Wired.com story was the solution, posted Wednesday at 12:46 p.m. PT by someone identified only as "jemelehill".
In a follow-up story, Wired.com credited jemelehill with first decoding the message.
"Information security professionals are very challenge driven," said Correll, so tackling the problem was fun...while it lasted. "Absolutely, this was definitely fun," he said.
Correll is familiar with code-breaking problems, since Panda regularly sponsors secret code challenges. The next challenge is scheduled to go live at 3:00 a.m. ET Saturday, 12:00 a.m. PT.
The MD5 value is a hash of Cybercom's 58-word mission statement, Correll noted on his blog: "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."
Cybercom was created in June 2009, when Defense Secretary Robert Gates approved the group. Two months ago, the Senate appointed Lt. Gen. Keith Alexander as the head Cybercom. Alexander is also the director of the National Security Agency (NSA).
U.S. Cyber Command is part of the U.S. Strategic Command, and is based in Fort Meade, MD. Several units of the U.S. military, including ones from the Army, Navy, Air Force and Marines comprise Cybercom.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses
- IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center
- IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results
- Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data
- HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data... All Government IT White Papers
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- All Government IT Webcasts