NewsU.S. and the World

Actions

FBI warns of 'Zoom-bombing,' where teleconferences and online classrooms are hijacked

FBI warns of 'Zoom-bombing,' where teleconferences and online classrooms are hijacked
Posted at 12:19 PM, Mar 31, 2020
and last updated 2020-03-31 14:22:55-04

BOSTON, Mass. – The Federal Bureau of Investigation (FBI) is warning people of “Zoom-bombing,” where hackers hijack teleconferences and online classrooms on the popular remote conferencing platform.

FBI Boston said Monday that reports of “Zoom-bombing” are emerging nationwide as a growing number of people use Zoom to stay connected with colleagues and loved ones.

The FBI says it has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language. Two incidents were recently reported at Massachusetts schools.

In one instance, a high school reported that a teacher was conducting an online class using Zoom when an unidentified person dialed into the classroom. The individual reportedly yelled profanity and then shouted the teacher’s home address in the middle of instruction.

In the second instance, The FBI says a school reported that a Zoom meeting was accessed by an unidentified individual who was visible on the video camera and displayed swastika tattoos.

When using platforms like Zoom, the FBI recommends exercising due diligence and caution in your cybersecurity efforts. Investigators say to follow these steps to mitigate teleconference hijacking threats:

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated its software. In the security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

If you were a victim of a teleconference hijacking, or any cyber-crime for that matter, report it to the FBI’s Internet Crime Complaint Center at ic3.gov .

Additionally, if you receive a specific threat during a teleconference, please report it at tips.fbi.gov or call the FBI Boston Division at (857) 386-2000.