With classrooms and work spaces moving completely online during the COVID-19 crisis, platforms like Zoom have become a must. But federal officials are warning users this week after increased reports of hackers pose a privacy and security threat to users across the country–especially those using the platform as a virtual classroom.
It’s called ‘Zoombombing’ and according to the FBI, hackers are using it to disrupt video conferences with pornographic and/or hate images and threatening language.
Virtual Classroom Becomes Target
In a statement released Monday, the FBI Boston Division cited two recent Zoombombing incidents reported by schools in Massachusetts.
In late March, an unidentified person dialed into a high school teacher’s online class and yelled a profanity, as well as the teacher’s home address.
In a separate instance, also in a Massachusetts teacher’s virtual classroom, an individual who joined the conference call was seen on the video camera displaying swastika tattoos, the FBI said.
And in Orange County, Florida, an unidentified man entered a virtual classroom and exposed himself.
In a statement Thursday, a spokesperson for Zoom said that the company is aware of the FBI’s recent press release and “appreciates all efforts to raise awareness around how to best prevent these kinds of attacks.”
The FBI recommends exercising due-diligence and caution in cybersecurity efforts.
The agency provided the following steps to protect yourself and others from becoming a victim of Zoombombing.
- Do not make Zoom meetings or classrooms public.
- In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on a public social media post.
- Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
The FBI urges anyone who is a victim of video-teleconference hijacking to report any cyber-crime to the FBI’s Internet Crime Complaint Center at ic3.gov.