Every year, Verizon Business publishes the Data Breach Investigations Report (DBIR). This year’s report analyzes of a cross-section of “855 incidents, 174 million compromised records” that have occurred over the past year. This was actually the eighth year they’ve produced the report, and it’s well worth the read.

For me, it was especially worth the read this year. Every year since 2009, they’ve had a little cryptography puzzle embedded in the document. In 2009, it was a very simple cipher, hidden as a string of 1s and 0s in the background of the cover. The 2010 puzzle was quite a bit different, and significantly harder. Then, last year, the cover challenge got much more complicated (and, I think, quite a bit more interesting).

All signs point to "Yes!"

All signs point to "Yes!"

I really like solving crypto puzzles like these. I missed the first one, was soundly beaten by the second, and didn’t have a chance to play the third. So when this year’s report hit the streets, I was ready. And, after a couple days’ casual effort and a nearly-every-waking-moment weekend, I solved the puzzle. Not only that, but I was first, and won the prize (an iPad!).

I won’t spoil the puzzle here, but will mention a few interesting bits that I seem to re-learn every single time I complete one of these challenges:

  1. Not everything is not always as it seems,
  2. There are a lot of different modern ciphers,
  3. If something looks “odd,” it probably is, and should be carefully investigated,
  4. Coincidences are important. And, finally, something I’ve been thinking about for a while,
  5. I really need to watch The Big Lebowski.

If you’d like to see a full-on account of how I solved this one, as well as some of the blind alleys I spent hours in, check out the full writeup here.