The system that employees of the Ministry of Defence use it for video conferencing proved to be protected with a fabriekswachtwoord. Consequently, an attacker listening in to confidential conversations.
It also allowed attackers to gain access to log files, containing information of meetings and ip addresses of Defence components that use the system, Cisco video conference, writes beveiligingsexpert Rickey Gevers. The password as default password listed in the manual of the system. Cisco uses mostly “admin” as the username, while the password is often made from just a few characters.
Defence acknowledges the hack and says that there are seven systems in use for video conferencing. Internally it appears already once warned for such systems, but a service company has the systems ever purchased. The network of Defence would never be in danger.
The video system was accessible via the public internet and was just behind a login page. It is unclear whether the leak ever actually been abused, for example by foreign intelligence services to obtain information about the Dutch armed forces.
