What the journalist's foray into a secret EU video conference teaches us about the most preventable security breaches



A dutch journalist sneaked this past Friday into a secret videoconference of defense ministers of the European Union. A meeting forbidden to anyone who was not part of the EU Foreign Affairs Council coordinated by the Spanish Josep Borrell, high representative for Foreign Policy.



The security flaw was found neither in the software used, nor in the keys used, nor in the networks of the European institutions. The perfectly avoidable mistake was the publication of a revealing photo by one of the participants in the meeting, Ank Bijleveld, the Minister of Defense of the Netherlands.






The security flaw was found neither in the software used, nor in the keys used, nor in the networks of the European institutions: it was in a photo of a meeting attendee




A photo or video can say much more than we think and can be avoidable





[embed]https://www.youtube.com/watch?v=JRV-dj11bUU[/embed]




It is not the first time that we explain how an innocent audiovisual content can tell others much more than we want when we spread it.



A recording from our balcony can reveal where we live with minimal information that is shown if someone on the other side carries out the tasks to find out, just like a daily photo in which a politician is simply shown participating in a telematic meeting try to cause anyone to access said confidential meeting.



In the case of the Dutch minister, the snapshot put the security breach on a tray. In the photo, as detected by the journalist who ended up entering the videoconference causing a hilarious moment with Borrell, the access codes to the videoconference could be partially read.




In the photograph published on Twitter by the Dutch minister, the access codes to the secret defense videoconference of the European Union could be partially read










The list of the worst passwords of 2020 has two new ones in the top 10: one takes 3 hours to guess and the other only 3 seconds





The writer just wrote them down, tried to figure out the missing part —One digit out of a total of six— and he found the concrete credentials.



"Do you know that they have put you in a secret Defense conference?"the EU High Representative for Foreign Affairs asked a surprised journalist. "Yes yes, sorry," he replied, announcing that he was leaving. "It is a criminal act. So you better get out quickly, before the police arrive," Borrell joked.



"This shows once again that ministers must realize the care that must be taken with Twitter," said Mark Rutte, the prime minister of the Netherlands later. Even though Do not be careful with the bird's social network, but with any content that we publish on the network and that can expose much more information than desired. We must think about what we are going to show, what is all that can be extracted from what is seen and if we are willing to run the risk that this information may be used by third parties for purposes that we do not know.