Could have paid/convinced/threatened an intern/employee to scope it out and then deployed the hack externally to bypass safety measures. Complicated but doable.