In less than two hours, he discovered 5,000 wide-open conference rooms. He stumbled into an attorney-inmate meeting, an operating room, and a venture capital pitch meeting.
Secure conference software/hardware is not that hard to come by, and is probably pretty good when used correctly – but it’s kind of a pain in the ass, and why not just make it outside your company’s firewell, because hey, who else knows the number? The researcher didn’t have to “hack” into anything – he just looked for unsecured lines and signed in.
I have a feeling that this story about Anonymous hackers gaining access to a conference call between the FBI and investigators in the UK will end being something similar – secure phones are a pain in the ass to coordinate, so they probably just used a regular conference line. I would also wager that social engineering was involved – called the right person, asked for the conference room dial in, etc.
The point is that hacking is usually less about complex computer arcana and more about exploiting vulnerabilities where you find them. Most people don’t think about security, so those vulnerabilities are easy to find. I have a feeling the FBI will be moving their Anonymous investigations more secure places…..