As the COVID-19 pandemic continues to usher more people toward video-teleconferencing (VTC) platforms to stay connected, the FBI is now warning of the potential for VTC hijacking, also called “Zoom-bombing.”
According to the FBI, there have already been multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.
The FBI’s Boston Division has reported two such incidents. During the first, a high school reported that while a teacher was conducting an online class using Zoom software, someone dialed into the classroom, yelled profanity and shouted the teacher’s home address.
In the second case, another school reported a Zoom meeting being accessed by an unknown individual who was visible on the camera and displayed swastika tattoos.
While more people begin making the transition to online meetings and lessons, the FBI is recommending practicing caution and due diligence. The FBI also provided the following steps to mitigate teleconference hijacking threats.
Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
Do not share a link to a teleconference or classroom on an unrestricted, publicly available social media post. Provide the link directly to specific people.
Manage screen sharing options. In Zoom, change screen sharing to “Host Only.”
Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
Lastly, ensure that your organizations’s telework policy or guide addresses requirements for physical and information security.
If you were a victim of a teleconference hijacking or any cyber-crime, report it to the FBI’s Internet Crime Complaint Center at ic3.gov. Additionally, if you receive a specific threat during a teleconference, you can report it at tips.fbi.gov.