'Zoom-Bombing' Hijacks Online Class Meetings In Massachusetts, FBI Warns
BOSTON (CBS) -- Video conferencing is surging in popularity while the coronavirus pandemic keeps people at home, but so are reports that hackers are trying to disrupt those meetings. The FBI said Monday that two Massachusetts schools have been the victims of "Zoom-bombing" this month.
"The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language," the agency said in a statement.
The FBI said an unidentified person dialed into a Massachusetts high school class conducting a meeting using the Zoom software. That person "yelled a profanity and then shouted the teacher's home address in the middle of instruction."
In another incident, someone was able to access a Zoom meeting at a local school and showed swastika tattoos on video.
Cyber security expert Peter Tran views the recent incidents as, "the warning shot that should be heard around the world."
Tran said it can become more than just people sharing obscene images or crashing courses. "You can have the teenager-type of hacker for fun, or you can have the cyber criminal that really wants to listen in," Tran said.
Tran said people working from home are easy targets for hackers, because a lot of people don't have the same security measures in place at home as their employer does as the office. "Targeting home users is by far easier than targeting corporate users," said Tran. "Now that we've created that extension, exponentially, it's fertile ground. It's game-on for the hackers."
There are steps Tran says you can take to protect yourself and your company. First, if you plan on hosting a meeting, don't make it public, and control the access, "so anybody who tries to join, you'll get a message saying John Smith or so and so wants to join."
Second, after everyone joins the virtual meeting make sure to do a roll call. "It will tell you how many attendees are on the virtual meeting. If there's twelve and you only invited ten, better be sure you check out who those extra two are."
Last, don't share an invite link on public platforms like social media. Tran says that's like leaving your doors and windows wide open.
"This is our working world," he said. "The physical world has been transposed to the virtual world, and these conference rooms are the doors and locks, so we need to think about it that way."
As an added measure, treat your home internet connection as if it were your corporate connection. Log off when you're done, and change your internet and computer passwords regularly.
Here's some advice from Zoom on keeping video meetings secure:
- Remember that anyone can join your meeting if the link is shared to social media.
- Use a random meeting ID instead of your personal meeting ID to host events.
- Enable the waiting room feature to decide who can enter the meeting.
- Lock the meeting after it starts so that no one else can join
- Only allow the host to have control of screen sharing.
- Disable file-sharing so people aren't flooded with content
Zoom has more tips on directions on how to use all these features here.