by FatalLogic on 11/21/20, 4:27 PM
According to a screenshot that the journalist posted on Twitter, it appears like the video conference session is browser-based, and the pin and username are in the browser URL
in plaintext.
So then if you can see anyone's screen, or any clear photo of it, you can easily join the conference. Seems like very poor security design if that's so
https://pbs.twimg.com/media/EnRlaFeWMAQzyIS?format=jpg
The software URL format looks similar to that used by Pexip.com
by FatalLogic on 11/21/20, 3:56 PM
If he joined the video conference to watch and listen, but just sent a blank screen video, or maybe a freeze frame of an empty chair, would anyone have noticed?
by zaroth on 11/21/20, 3:58 PM
I think they should be a lot more concerned about the people recording the meeting who don't show up on the attendee list, than of the people who show up and wave in front of the camera.
by pkz on 11/21/20, 3:43 PM
The conference chair couldn't help giggling. What was it he said? "Hey you better hang up before the police arrives"?
by rosmax_1337 on 11/21/20, 3:45 PM
They're laughing right now, but really these kinds of mistakes are telling how weak the security of various agencies are.
by curiousllama on 11/21/20, 4:08 PM
Note that there are different levels of "secret" when it comes to this stuff. Given the size of that meeting (20+ people) and the reaction, I'd be surprised if the topic matter was more secret than how much the defense agencies pay their employees - secret, no doubt, but not exactly the nuclear launch codes.
by kyriakos on 11/21/20, 3:37 PM
Its amazing how well they took it, laughing and all
by aequitas on 11/21/20, 3:52 PM
I wonder, I he was sitting in a suit and in a room with some flags behind him (not in his shirt in an ordinary office) if anyone would have even noticed he was intruding on their conference. They laugh it off now because he doesn't fit in.
by andrepd on 11/21/20, 4:29 PM
This is profoundly depressing. The fact that an EU defence conference is being held... on Zoom, is truly a microcosm of what has been the strategic policy of the EU for the past 20-30 years. We have sold off our independence, out advantages economic and otherwise,
for pennies. For minuscule short-term gains, we have sold off our industry, our tech, to a hostile and totalitarian government. Well when I say "we" I mean private enterprise, but also the governments who were supposed to be raking in (though as one German economist said, government and private enterprise are pretty much one and the same).
It will come soon a time (in fact, it's pretty much here already) where China calls the shots over us. "Obey, or no microchips for you. In fact, no manufacturing of any kind." Thoroughly depressing.
by dba7dba on 11/21/20, 4:10 PM
One of the ways China managed to hack into America's F35 (or F22) fighter development program was listening into a conference call of various vendors discussing project status.
by 0dmethz on 11/21/20, 4:07 PM
Of course they respond with the obligatory "we'll report this to the authorities", rather than "thank you for pointing this out in a harmless way we'll do better".
by inglor_cz on 11/21/20, 4:01 PM
Yeah, the problem with online meetings is that someone else might be taking part as well, unseen and unheard.
Does not matter as much if you discuss reconstruction of a mountain hut, matters a lot in defence, espionage or diplomacy.
by praptak on 11/21/20, 3:53 PM
Not sure how confidential that conference was but I'd imagine these use at least a 2FA dongle to authenticate. This is surprising.
by tdons on 11/21/20, 4:59 PM
What's more depressing is that this official has GMail open. How ridiculous is that? Which defense minister outside of the USA uses Google Mail? After Snowden, really?
I want to facepalm so hard right now.
by cblconfederate on 11/21/20, 4:09 PM
EU has no defense anyway so this is not entirely disastrous, though still very unacceptable.