The FBI in Boston is warning of video teleconference hijacking after two Massachusetts schools were reportedly “Zoom bombed” in recent weeks, according to NBC News.
“Zoom-bombing” is when someone appears on Zoom or another teleconferencing session and disrupts the application with pornographic or hate images and threatening language. More and more businesses and schools have been using Zoom and other teleconferencing technology in recent weeks due to coronavirus-related shutdowns.
The FBI said two Massachusetts schools were recently hacked in this manner, which is part of a growing national trend.
In one of the cases, a high school reported that while a teacher was conducting an online class an unidentified individual dialed in and yelled profane remarks while shouting out the teacher’s home address.
In the other incident, a different Massachusetts school reported that Zoom was accessed by an unidentified individual who was seen on the video chat displaying swastika tattoos.
To prevent this from happening, the FBI suggests the following tips for schools and businesses using teleconferencing technology:
• Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private; require a meeting password or use the waiting room feature and control the admittance of guests.
• Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
• Manage screensharing options. In Zoom, change screensharing to “Host Only.”
• Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
• Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
Anyone who experiences this type of activity is urged to contact their local FBI field office or the FBI’s website for cyber-related crimes.
