After 'Zoom bombings', other incidents, FBI warns of videoconferencing hijacking amid coronavirus
The Federal Bureau of Investigation is warning of potential hijacks of videoconferencing applications. Overnight, the FBI highlighted two incidents in Massachusetts related to the popular videoconferencing app Zoom.
The FBI is out with a warning about Zoom. So as more and more people turn to Zoom to stay connected during the coronavirus outbreak, the FBI has received multiple reports of conferences being interrupted by hackers.
This is something called Zoom bombing, and basically what happens is the people who are using Zoom either don't set their particular conference to private or they use an easily guessed password, something along those lines. And people access the chat that they're in and then can scream profanities or, in some instances, post antisemitic images, hate speech, things along those lines. So they're just jumping into these people's chats, doing this, and then leaving.
And so the FBI is now warning people that if they are using Zoom, make sure they're using the latest version. Make sure they're setting their chats to private, especially if they're officials, educators, people in the workforce, things along those lines, and ensuring that they're following best practices for internet security in general.
"In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction," a release from the Boston FBI Field Office said. "A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual."
The statement continued, "In this incident, the individual was visible on the video camera and displayed swastika tattoos."
Zoom has been a rich target for cyber criminals and malicious actors.
Cyber criminals are targeting video conferencing sites like Zoom, particularly during the COVID-19 pandemic. Typically they create domains that impersonate Zoom, with the goal of stealing personal information. Because about 60% of Fortune 500 companies use apps like Zoom, cyber criminals see an opportunity to potentially steal corporate proprietary information and sensitive information about employees.
As more schools and businesses work remotely, this creates an ideal environment for cyber thieves.
Advocacy groups have been calling for Zoom to take action against what they allege is trolling of African American users on the platform.
Dennis Johnson, a doctoral student at California State University, Long Beach, was presenting his dissertation via Zoom last week as per the school's COVID-19 contingency plans. In the middle of his dissertation he said a hijacker gained control of his presentation and interrupted it by posting pornographic images and typing a racial slur on screen.
"Honestly, I was just lost - I reached out to Zoom and they tell me these are 'party crashers.' These are not party crashers, they are racist, sexist attacks on people of color," Johnson alleges.
"This week, one of our members, Dr. Dennis Johnson was defending his dissertation via the Zoom platform when a racist troll hijacked his presentation -- drawing crude images ... on the screen," Brandi Collins-Dexter, Senior Campaign Director Color Of Change wrote in a letter to executives at Zoom.
The FBI offered some tips to people who are working from home – especially using apps like Zoom. They said to make sure everyone’s software is updated, not to make meetings or classrooms public and to provide the link directly to people.
In a statement, Zoom told news that they urge people to report incidents on their website and they will take appropriate action.
"We take the security of Zoom meetings seriously and we are deeply upset to hear about the incidents involving this type of attack. For those hosting large, public group meetings, we strongly encourage hosts to review their settings and confirm that only the host can share their screen," a Zoom spokesperson said in a statement.
"For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining," the statement said.
This is something called Zoom bombing, and basically what happens is the people who are using Zoom either don't set their particular conference to private or they use an easily guessed password, something along those lines. And people access the chat that they're in and then can scream profanities or, in some instances, post antisemitic images, hate speech, things along those lines. So they're just jumping into these people's chats, doing this, and then leaving.
And so the FBI is now warning people that if they are using Zoom, make sure they're using the latest version. Make sure they're setting their chats to private, especially if they're officials, educators, people in the workforce, things along those lines, and ensuring that they're following best practices for internet security in general.
"In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction," a release from the Boston FBI Field Office said. "A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual."
The statement continued, "In this incident, the individual was visible on the video camera and displayed swastika tattoos."
Zoom has been a rich target for cyber criminals and malicious actors.
Cyber criminals are targeting video conferencing sites like Zoom, particularly during the COVID-19 pandemic. Typically they create domains that impersonate Zoom, with the goal of stealing personal information. Because about 60% of Fortune 500 companies use apps like Zoom, cyber criminals see an opportunity to potentially steal corporate proprietary information and sensitive information about employees.
As more schools and businesses work remotely, this creates an ideal environment for cyber thieves.
Advocacy groups have been calling for Zoom to take action against what they allege is trolling of African American users on the platform.
Dennis Johnson, a doctoral student at California State University, Long Beach, was presenting his dissertation via Zoom last week as per the school's COVID-19 contingency plans. In the middle of his dissertation he said a hijacker gained control of his presentation and interrupted it by posting pornographic images and typing a racial slur on screen.
"Honestly, I was just lost - I reached out to Zoom and they tell me these are 'party crashers.' These are not party crashers, they are racist, sexist attacks on people of color," Johnson alleges.
"This week, one of our members, Dr. Dennis Johnson was defending his dissertation via the Zoom platform when a racist troll hijacked his presentation -- drawing crude images ... on the screen," Brandi Collins-Dexter, Senior Campaign Director Color Of Change wrote in a letter to executives at Zoom.
The FBI offered some tips to people who are working from home – especially using apps like Zoom. They said to make sure everyone’s software is updated, not to make meetings or classrooms public and to provide the link directly to people.
In a statement, Zoom told news that they urge people to report incidents on their website and they will take appropriate action.
"We take the security of Zoom meetings seriously and we are deeply upset to hear about the incidents involving this type of attack. For those hosting large, public group meetings, we strongly encourage hosts to review their settings and confirm that only the host can share their screen," a Zoom spokesperson said in a statement.
"For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining," the statement said.