A Dutch reporter has managed to log into a supposedly highly secure EU videoconference, using a pin-code that had been accidentally exposed on the country’s defense minister’s Twitter account.
The ‘hack’ occurred on Friday, when RTL Nieuws journalist Daniel Verlaan managed to sneak into the online gathering of the EU bigwigs. Footage of the incident, shared by the reporter online, shows a smiling Verlaan waving to the officials, many of whom were not exactly glad to see the reporter — while others laughed.
That @danielverlaan hack of the EU defence ministers’ meeting? This is how it looked from the inside. Comedy gold. pic.twitter.com/1qvVYKsDpt
The journalist was confronted by EU Foreign Affairs and Security Policy boss Josep Borrell, who asked Verlaan to present himself and said the conference had been intercepted.
“You know you have been jumping into a secret conference?” Borell asked.
The journalist apologized for the intrusion, saying he would be leaving, while Borell threatened him with legal consequences insisting the breach was a “criminal offense.”
After the reporter left, the meeting was reportedly immediately cut short due to the security breach. The videoconference was said to have been held to discuss a classified document on the threats the EU is facing, that will form the basis for the bloc’s defense strategy.
It was not immediately clear whether the broadcaster or the reporter will actually face any consequences. The breach was made possible after RTL Nieuws received a tip, directing their attention to a screenshot of the conference, shared online by Dutch Minister of Defence Ank Bijleveld.
Dit was de oorspronkelijke foto die vanaf het account van minister Bijleveld werd gedeeld, met daarin de meeting-ID en vijf cijfers van de pincode. Het was een zescijferige pincode. Ik joinde met de naam ‘admin’. pic.twitter.com/Fztrbqm5FR
The picture showed an address prompt, containing five digits of a pin code, needed to access the private conference. The whole code turned out to be six digits long and Verlaan had to guess the last number. He said he used ‘admin’ as the username – and was admitted to the meeting without any further authentication.
The reporter said he did not believe it would work until the very last moment, especially since the EU claimed it had more security measures in place. Verlaan has condemned the threats of legal action, saying the EU “would rather harm a journalist than fix its issues,” and accused the bloc of “lying” about the apparently non-existent security measures.
Brussel stelde vooraf dat het niet mogelijk was om deel te nemen met alleen de pincode, er zou extra beveiliging zijn. Ze logen. Zo ook in hun reactie; het was wél een geheime, vertrouwelijke meeting.Raad van Buitenlandse Zaken laat weten dit te melden bij de autoriteiten. pic.twitter.com/uqBkRt8vQX
Apart from raising questions about the privacy measures around the EU’s official business, the incident has left Bijleveld red-faced. While the offending screenshot vanished from her Twitter account shortly after the breach, it did not spare her from criticism.
“This shows once again that ministers need to realize how careful you have to be with Twitter,” Dutch PM Mark Rutte said after the incident.
Think your friends would be interested? Share this story!
