I love this theory, but at the same time, I feel that it's unlikely. Without knowing how their back-end is put together, that'd be like... trying to smuggle in a robot into an office building to break into a safe that's inside without knowing the floor plan, what kind of knobs are on the doors, etc.
Could have paid/convinced/threatened an intern/employee to scope it out and then deployed the hack externally to bypass safety measures. Complicated but doable.
