How to defend yourself against VTC hijacking and being Zoom-bombed. FBI Warns

April 9, 2020
min read

Reports of VTC hijacking also called Zoombombing are emerging with the recent influx of video-teleconferecing (VTC) as a primary form of communication during the COVID-19 pandemic.

The FBI has received several reports including video conferences being interrupted by hate-speech/images, threats and or pornographic messages.

Lately Zoom has seen a record number of user traffic and the FBI Boston Division reported two incidents at Massachusetts schools. One instance where someone hacked into a high school’s online class and another where an unauthorized user displayed racist symbols in a school’s Zoom meeting.

In light of these reports, the FBI has released several ways organizations and individuals can defend against VTC hijacking or Zoombombing on the VTC platform Zoom.

The FBI recommends exercising caution and due diligence in your company and personal cybersecurity efforts as we transition more to online conferencing.The following steps have been recommended by the FBI to mitigate VTC or Zoom hijacking threats:

  • Refrain from making meetings or classrooms public.  Zoom has two options to make a conference private:
  1. Require a password
  2. Use the waiting room feature to control guest admittance
  • Control screensharing options. In Zoom you can choose your meeting preferences to screenshare “Host Only”
  • Ensure your colleagues, family or friends have the most up to date version of the VTC software or application that you are using.  Zoom updated their software Jan 2020 including a security update where they added passwords by default for meetings and disabled the ability to scan for meetings that are available for random users to join
  • Ensure your organization has an updated telework policy or guide that addresses your company’s requirements for information and physical security

Zoom also provided an update on their blog recently to its users describing how quickly they have grown overnight due to the pandemic.

The update includes the user growth from this year to last year booming from 10 million users to 200 million users. Updates to their customer service portal including a toolkit that provides users support and training documentation on how to best use the platform. They also include a resource to help users address Zoombombing on their platform. Moving forward, the company plans on dedicating resources to identify and fix issues more proactively. This includes launching a CISO council to facilitate a continuous dialogue of privacy and security best practices.

In addition to the FBI’s report and Zoom’s blog CISA has provided more resources here.