Yesterday on HackRead.com, we covered how Zoom and other popular video communication platforms like Google Classroom were being targeted by malware phishing attempts through typosquatting in the wake of their rising popularity. In addition to this specific technique though, we have been seen a rise in something known as Zoom-bombing as well which has led the FBI to issue an official warning statement.
To elaborate further, Zoom-bombing is when someone interrupts a video conference through threatening speech or the display of obscene material in a bid to cause a disturbance. This may happen because someone not a part of the intended recipients may have joined the meeting leaving little deterrence for their malicious actions due to the lack of consequences that they may foresee.
The FBI’s Boston division cited 2 specific incidents occurring of this nature:
#FBI warns of Teleconferencing and Online Classroom Hijacking during #COVID19 pandemic. Find out how to report and protect against teleconference hijacking threats here: https://t.co/jmMxyZZqMv pic.twitter.com/Y3h9bVZG30
— FBI Boston (@FBIBoston) March 30, 2020
Firstly, earlier this month, a teacher from a school in Massachusetts reported an “unidentified individual” who “yelled a profanity” and further went on to announce the teacher’s home address in front of the whole class, a privacy breach nonetheless.
Secondly, again someone unidentified joined the meeting and displayed “swastika tattoos.” These are just 2 reported incidents out of a whole range of others that have spawned up globally.
As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoom-bombing”) are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language, FBI said in a press release.
In light of this, the Bureau has issued certain guidelines to help meeting organizers cope with this new form of harassment:
1- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
2- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
3- Manage screen sharing options. In Zoom, change screen sharing to “Host-Only.”
4- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
5- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
Concluding, if you face such an issue despite implementing these measures, it is recommended that you report to your local law enforcement agency. They may not be able to comprehend the offenders in all cases but in those that they do, it will serve as an effective check against future potential lawbreakers.