According to a screenshot that the journalist posted on Twitter, it appears like the video conference session is browser-based, and the pin and username are in the browser URL in plaintext.
So then if you can see anyone's screen, or any clear photo of it, you can easily join the conference. Seems like very poor security design if that's so
If he joined the video conference to watch and listen, but just sent a blank screen video, or maybe a freeze frame of an empty chair, would anyone have noticed?
I remember being in voice chat for a space spreadsheet game [0] and hearing the 'ding' for a new user joining the channel. Everyone knew to stop taking lest a spy discover where our fleet was. I really hope there's a similar reaction in these chats!
I think they should be a lot more concerned about the people recording the meeting who don't show up on the attendee list, than of the people who show up and wave in front of the camera.
EU militaries are a joke tbf. Apart from France and (formerly) the UK, most of them can't do shit except sell firearms to Arab despots. I think someone from Romania here mentioned that they trust the US to protect them more than they trust France or Germany.
Note that there are different levels of "secret" when it comes to this stuff. Given the size of that meeting (20+ people) and the reaction, I'd be surprised if the topic matter was more secret than how much the defense agencies pay their employees - secret, no doubt, but not exactly the nuclear launch codes.
Indeed this was a ministerial level conference, the prep meetings are probably more secure and no one would be stupid enough there to share screenshots.
At least since Snowden EU leaders probably always assume that someone is listening in. NSA and GHQ had breached Belgacom (Belgian former telecoms monopoly) to listen in on the EU.
Probably because they secretly knew that if word gets out real fast (which it won't because it'll controlled by them), they'll all be booted from office.
Sure word got out, but it need not reach most of the populace.
I wonder, I he was sitting in a suit and in a room with some flags behind him (not in his shirt in an ordinary office) if anyone would have even noticed he was intruding on their conference. They laugh it off now because he doesn't fit in.
This is profoundly depressing. The fact that an EU defence conference is being held... on Zoom, is truly a microcosm of what has been the strategic policy of the EU for the past 20-30 years. We have sold off our independence, out advantages economic and otherwise, for pennies. For minuscule short-term gains, we have sold off our industry, our tech, to a hostile and totalitarian government. Well when I say "we" I mean private enterprise, but also the governments who were supposed to be raking in (though as one German economist said, government and private enterprise are pretty much one and the same).
It will come soon a time (in fact, it's pretty much here already) where China calls the shots over us. "Obey, or no microchips for you. In fact, no manufacturing of any kind." Thoroughly depressing.
The Zoom security debate has been hashed to death on HN lately, but Webex for example patched some RCEs only a couple weeks ago. I’m not fully convinced Zoom is objectively less secure than all the other alternatives these days. They just get a lot more attention for it.
Besides, if the EU defence conference had an open URL or weak password that issue would apply regardless of Zoom, Webex, etc.
It is not that simple. The minute China does it - they stand alone. The whole premise of outsourcing manufacturing to China will die. No one will trust them to do it. In my opinion they won’t do it
One of the ways China managed to hack into America's F35 (or F22) fighter development program was listening into a conference call of various vendors discussing project status.
Of course they respond with the obligatory "we'll report this to the authorities", rather than "thank you for pointing this out in a harmless way we'll do better".
Had the laptop had a 15 inch screen it would likely have shown the entire URL including the full PIN code. Also visible in the screen are bookmarks to Netflix and what looks like barber shop music. Also a Gmail tab open. Did now know defense ministers were using Gmail on official hardware...
You'd imagine, but this conference software apparently only requires a pin that's visible as a GET parameter in the URL. I don't think you can blame the users for posting a screen shot.
What's more depressing is that this official has GMail open. How ridiculous is that? Which defense minister outside of the USA uses Google Mail? After Snowden, really?
Unfortunately the bureaucrats still go through dated curriculum to get where they are and there no incentives to keep up with the times, technology or otherwise. These same people decide on the criteria for the incoming class and the vicious cycle goes on.
And these are the people pushing for laws around encryption. They have no idea what they're doing. In fact, that's really odd - you'd think that by now, tech-competent people would be in positions of power. Why aren't they?
FatalLogic|5 years ago
So then if you can see anyone's screen, or any clear photo of it, you can easily join the conference. Seems like very poor security design if that's so
https://pbs.twimg.com/media/EnRlaFeWMAQzyIS?format=jpg
The software URL format looks similar to that used by Pexip.com
justinclift|5 years ago
https://consiliuminc.com
Maybe this?
https://consiliuminc.com/product/UniVCX-video-customer-exper...
cblconfederate|5 years ago
FatalLogic|5 years ago
snypher|5 years ago
[0]eve-online.com
zaroth|5 years ago
pkz|5 years ago
jariel|5 years ago
Someone leaves their doors unlocked it doesn't mean you should be entering.
More importantly, how on bloody earth are defence discussions happening in a situation that can so easily be defeated.
The officials themselves are to blame for blatantly terrible security protocols.
rosmax_1337|5 years ago
fakedang|5 years ago
curiousllama|5 years ago
estaseuropano|5 years ago
At least since Snowden EU leaders probably always assume that someone is listening in. NSA and GHQ had breached Belgacom (Belgian former telecoms monopoly) to listen in on the EU.
kyriakos|5 years ago
fakedang|5 years ago
Sure word got out, but it need not reach most of the populace.
aequitas|5 years ago
bouk|5 years ago
andrepd|5 years ago
It will come soon a time (in fact, it's pretty much here already) where China calls the shots over us. "Obey, or no microchips for you. In fact, no manufacturing of any kind." Thoroughly depressing.
kyriakos|5 years ago
https://www.pexip.com/
Moodles|5 years ago
Besides, if the EU defence conference had an open URL or weak password that issue would apply regardless of Zoom, Webex, etc.
john_minsk|5 years ago
AsyncAwait|5 years ago
The U.S. already does that. Why is that any better?
dba7dba|5 years ago
0dmethz|5 years ago
curiousllama|5 years ago
Probably the best response you can hope for in the moment.
inglor_cz|5 years ago
Does not matter as much if you discuss reconstruction of a mountain hut, matters a lot in defence, espionage or diplomacy.
praptak|5 years ago
pkz|5 years ago
pkz|5 years ago
claudex|5 years ago
j0057|5 years ago
tdons|5 years ago
I want to facepalm so hard right now.
hawk_|5 years ago
bserge|5 years ago
cblconfederate|5 years ago