• 28°

Zoom-bombing, the latest craze 

As many attempt to stay on track in online platforms, many others attempt to hijack meetings

 

For anyone who never heard of Zoom before the virus pandemic, they definitely know about it by now. As social-distancing guidelines continue to tighten, many are teleworking from home, staying put in order not to contract or spread COVID-19. 

And that’s where Zoom, the online meeting platform, comes in. It allows multiple users to log in to a meeting, where each has a microphone and are seen in blocks of videos at the same time. 

Then, enter the Zoom-bombers, hijackers who infiltrate the sessions, normally in the aim to only disrupt. 

“We joined a national AA (Alcoholics Anonymous) group, since we can’t go to in person meetings,” said Roger Fox, a local outreach director for an outpatient drug treatment center. He loved it, he said, because there were people there from all across the country, sharing their experiences with sobriety, offering tips on how to deal with these unprecedented times. Many call addiction the disease of isolation, so groups have ramped up their offerings online to help those who want to stay on the right path. 

But, Fox said, some were jumping into the meeting, talking about alcohol in a less than appropriate way, apparently teasing and attempting to tempt those partaking in the groups. 

Many teachers are also holding some classes on Zoom, and some are concerned about reports of hijackers who are actually flashing their privates within groups they’ve infiltrated, another aspect of online learning many never thought they’d have to deal with. 

Heather Clary, director of communications for the Better Business Bureau of Central & Eastern Kentucky, says there are ways companies and meeting leaders can protect themselves from this happening. “A lot of it is free, on these meeting platforms, for a limited time,” she said, which opens it up even more for others to take advantage of, pulling pranks and popping in to hijack otherwise serious gatherings. 

“If you don’t have it password-protected, or a unique ID, or send out invitations, it can lead to one of these instances,” Clary said. 

The BBB reports of the FBI working two incidents in Massachusetts of Zoom hijackings. One consisted of an unknown person dialing into a classroom meeting, shouting profanities and the teacher’s home address. 

They are able to hack into the meetings via URLs because they are hosted on public channels which have been shared. Or they can sometimes guess the correct URL or meeting ID for a public Zoom session, gaining access to the feed. 

The second incident in Massachusetts was a person on the video camera who began showing swastika tattoos. 

The BBB says the only meetings protected from auto-dialers are the ones with set passwords. There is also a way to enable “embed password in meeting link for one-click join,” which prevents someone from accessing the meeting without losing the usability of sharing a link to join. 

The BBB says it strongly encourages hosts to review all settings, and confirm that only they can share their screen — this will prevent any disruptions from the main video feed during a public session. 

There are also warnings out about cybercriminals impersonating video conferencing sites in order to steal personal information.

BBB offers the following tips in order to prevent any types of video hijacking: 

  • Use a unique ID for large or public Zoom calls — When hosting a large call where the public is attending, use a one-time code rather than a user’s personal meeting ID. 
  • Require a meeting password — For hosting private meetings, these protections are on by default. The BBB says to keep those protections on to prevent uninvited users, which is only an option when generating a unique ID, but not when using personal meeting IDs. 

.• Don’t share the unique ID publicly — Teleconference or classroom links should not be shared publicly on social media posts. Instead, provide the link only to those invited. 

  • Allow only hosts to share their screen — Make sure settings indicate only the host is allowed to share their screens, by going to personal, settings, in meeting (basic) and look for screen sharing. 
  • Create a waiting room — Customized waiting rooms means the host can let callers into the meeting, which can be done all at one or one at a time, allowing attendees to be screened. 
  • Create an invite-only meeting — Invite-only events can happen with Pro, Business, Education or Enterprise Zoom accounts, by enabling authentication profiles, preventing those without authorization from joining. 
  • Lock a meeting once it starts — When all attendees have joined, hosts are able to look the meeting from new participants by “managing participants,” during the session. 
  • Remove attendees or put them on hold — Hosts can remove unruly participants or put them on hold by hovering over the name and choosing the participants panel on the right. Once removed, an ousted guest cannot rejoin. They can also be put on hold by clicking on the user’s image. 

Other pointers, such as disabling participants’ cameras and  using the disable file transfer settings (preventing them from sharing files), can be found at bbb.org/council/coronavirus