As many groups and companies have turned to videoconferencing platforms like Zoom and Microsoft Teams to host virtual meetings, the pandemic has given online hackers more opportunities for disruption, FBI officials say.
Widely reported incidents, sometimes known as “Zoom-bombings,” have cropped up during the pandemic and involve unwelcome guests at virtual events entering meetings, in some cases sharing inappropriate, racist or other offensive content.
“When everybody moved from working at work to working at home, and then from going to school at school to attending school online, there was a big uptick in these types of activities,” said Supervisory Special Agent Chad Hunt with the Federal Bureau of Investigation.
The Hall County Democratic Party experienced a “Zoom-bombing” during an online meeting in August. The group was hosting U.S. Senate candidate the Rev. Raphael Warnock, when several hackers interrupted and posted racial slurs and pornographic content.
The Hall County Democratic Party filed a report with the Gainesville Police Department, but as of Monday, Oct. 5, there have been no updates on the case nor had there been any similar reports, a spokesperson said.
Similarly, a September Lula City Council work session was interrupted by a hacker using a racial slur and foul language, but the city opted to not file a police report and instead focus on tighter security at future meetings, City Manager Dennis Bergin said.
The Hall County Sheriff’s Office had not received reports of any videoconferencing hacking incidents as of Monday.
The best way to avoid run-ins with Zoom bombers, according to law enforcement, is to adjust security settings and monitor meetings closely. But, they say, there are many factors that complicated prosecution of the more severe interruptions.
As they do with social media, people should take precautions when using videoconferencing platforms, said Gainesville police Sgt. Margaret Johnson.
“It’s the wild, wild West of the internet. You kind of have to be very cautious of who enters those rooms and be very mindful of being public and open,” Johnson said. “It’s like your social media pages. You don’t know what you’re going to see sometimes.”
Johnson said she recommends users get to know their videoconferencing platform of choice and research its security features.
“Once people start to get familiar with it, it makes a huge difference on whether or not these incidents occur,” she said.
Recording a meeting could also deter would-be “Zoom-bombers,” Johnson said. And if an incident does happen, having the meeting ID number handy will be helpful as law enforcement starts to investigate, she said.
“It allows us to send that to the platform host, like Microsoft Teams or Zoom, in order to say here’s a search warrant or subpoena to find out what IP addresses were connected, what members were connected at the time during this meeting,” Johnson said.
While some actions are in “bad moral taste,” others such as direct threats or the display of child pornography or abuse images are criminal, Johnson said.
Hunt said the FBI also works with hosts, such as Zoom to investigate reports.
“Whether it’s this or any other type of computer crime, we should take a look at the available evidence, so it’s going to depend on what information the service provider has about who has connected to the meeting,” he said.
Hunt said the FBI often collaborates with other law enforcement agencies to solve online crimes based on where the perpetrator is located.
“Very rarely in cybercrime are the perpetrators in the same place where the crime took place. Oftentimes, they are overseas,” Hunt said, adding that the ability to join a virtual meeting under any name, including a false one, also complicates some investigations.
Whether the incident is criminal or more of a prank depends on what content was shared, Hunt said.
“Different statutes that could apply would be things like cyberstalking, or, depending on the type of pornography that is shown, there could be federal obscenity charges that could be brought into play,” he said.
Hunt echoed Johnson, noting that those concerned about hacking incidents should take the time to set up the appropriate security measures.
How to secure videoconference meetings
- Connect securely on a private WiFi network with a strong password
- Require an access code or password to join the event
- Do not widely disseminate invites for virtual events
- Enable a “waiting room” to screen attendees
- Lock the event once everyone has joined
- Make sure the host can manually admit and remove attendees from the meeting
Source: Cybersecurity and Infrastructure Security Agency
“A lot of people end up being very busy and very distracted and say, I don’t have time for that,” he said. “But the consequence of not having time for it is, these kinds of things happen.”
Hunt recommended that hosts disable attendees’ abilities to share their screens, which a hacker could use to display inappropriate content.
The Cybersecurity and Infrastructure Security Agency, a U.S. federal agency, has published guidance on video conferencing security. The agency recommends that people have strong passwords for their WiFi networks and avoid using public networks. The guidance also recommends requiring a password for virtual events, setting up a “waiting room” to screen attendees, locking the event once everyone has joined, and avoiding widely disseminating virtual event invitations.
“If you were going to have a public meeting in real life in a conference center, you might want to take a look at people coming in and their bags to make sure they’re not bringing anything dangerous or inappropriate in,” Hunt said. “The same way you would do some screening in the real world, you can do some screening in the online world.”