Tested: they say... everyone can be hacked
An ideal question for Dina Tersago and Andy Peelman to find out for their VTM programme. Thanks to DPG Media's Security colleagues, even more hacks became possible, read how they worked together behind the scenes.
The makers of the VTM programme Ze Ze Zeggen Dat wanted to find out how difficult it is to hack someone. They drew up a list of wild ideas, but soon bumped into the legal limits. Because of course, even with the best intentions, illegal practices remain illegal. Fortunately, the collaboration between three teams within DPG Media provided a safe playground to perform some solid hacks after all.
‘The advantage of staying within the same company is that more is possible,’ says Ward D'Hulst, programme maker at PIT. ‘And because the colleagues who would be hacked gave prior permission via an official document, you can also face them afterwards,’ he laughs.
Before the IT colleagues were allowed to unleash their dark side, two meetings were held to discuss ideas from both sides, with practical concerns being taken into consideration. ‘We only had two weeks, which is too little to perform more complicated hacks,’ explains Technology Director Thomas Colyn. ‘With more time, we could have driven a Tesla from the parking lot or taken over the Wi-Fi network via one of the victims’ Airbnb.’ Still, programme maker Ward was pleasantly surprised by the possibilities: ‘We have a fair amount of imagination but are not that technically savvy, luckily the colleagues from IT came up with a lot of creative options themselves.’
Human deception
The result? ‘We learned a lot about how to secure DPG Media even better,’ confirms Thomas. ‘I was particularly shocked to learn that it is not just IT knowledge that gets you hacked,’ Ward continues. ‘Dina Tersago also executed quite a few of the hacks, simply by calling a customer service department and using a ruse to obtain some data.'
For a change, members of the security team eagerly embraced the role of attackers. 'One team member navigated the corridors of Qmusic under cover at night to plant trackers, while another masqueraded as Service Desk personnel to gain entry to the Q studio without raising suspicion,' says Eli. 'Understanding the mindset of an attacker is crucial for effective defense, which is why adapting to these offensive tactics wasn't too challenging for us.' Shifting to an adversarial perspective was enlightening. 'We saw it as an opportunity for team building,' says Thomas. 'Given our team's diverse skill set, everyone was able to contribute their expertise.' He adds, 'Professional hackers typically assemble a team with a varied skillset and can spend up to a few months planning such an operation, something we accomplished in just two weeks.'
Brave or naive
One tight deadline and a formal contract later, the fun could begin for IT's security team. ‘The moment that contract was signed was a tipping point: now things are getting serious,’ says Eli Backs, product owner Security. Four Qmusic DJs signed a binding agreement giving permission to be hacked in any way possible by their colleagues. ‘Call them four brave or naive DJs,’ Ward laughs. ‘From the moment the contract was signed, panic did strike for a moment: help what have I started?’
Human deception is the essence of any hacking process, Eli explains: ‘With the combination of software and other strategies, they circumvent security procedures. Moreover, in this case, the Q DJs were aware so that made it even more difficult.’
Of course, we particularly want to hear the answer to the question: can anyone be hacked? ‘We were able to perform so many hacks that only half will make it to the screen,’ Eli says with satisfaction. ‘Unfortunately, it is a reality that anyone can be hacked, it really can happen to anyone,’ Thomas observes. ‘Any story that sounds too good to be true and has a fairy-tale feel to it should put you on alert immediately,’ he offers as a tip to keep in mind.
Episode 4 of Ze Zeggen Dat, Thursday June 6 on VTM or rewatch the episode via VTM GO.