Federal, State, and Local Law Enforcement Warn Against Teleconferencing Hacking During Coronavirus Pandemic
As our country finds new ways of communicating during the COVID-19 pandemic, Michigan residents have turned to video-teleconferencing (VTC) platforms, such as Zoom, to stay connected. Unfortunately, as the FBI reported this week, there has been a rise in the number of so-called “Zoom-bombing,” or video hacking across the United States. The State of Michigan has seen several instances of such hacking just this week. Hackers are disrupting conferences and online classrooms with pornographic and/or hate images and threatening language.
Michigan’s chief federal, state, and local law enforcement officials are joining together to warn anyone who hacks into a teleconference can be charged with state or federal crimes. Charges may include – to name just a few – disrupting a public meeting, computer intrusion, using a computer to commit a crime, hate crimes, fraud, or transmitting threatening communications. All of these charges are punishable by fines and imprisonment.
“You think Zoom bombing is funny? Let’s see how funny it is after you get arrested,” stated Matthew Schneider, United States Attorney for Eastern Michigan. “If you interfere with a teleconference or public meeting in Michigan, you could have federal, state, or local law enforcement knocking at your door.”
Western District of Michigan U.S. Attorney Andrew Birge advised video conference users: “Whether you run a business, a law enforcement meeting, a classroom or you just want to video chat with family, you need to be aware that your video conference may not be secure and information you share may be compromised. Be careful. If you do get hacked, call us.”
“It is a shame that during a pandemic which is causing fear and anxiety across the globe that there are wrongdoers seeking to disrupt virtual environments which have become essential to communication, teleworking and online learning,” said Special Agent in Charge Steven M. D’Antuono. “While Michiganders are sheltering in place, it is important to practice good cyber hygiene. We encourage our communities to visit fbi.gov or ic3.gov to learn more about tips they can take to keep their devices secure.”
“We were alerted to this problem by a Michigan reporter who participated in a Zoom conference that was hijacked,” stated Michigan Attorney General Dana Nessel. “Since then we have learned of other incidents around the country. There are steps people can take to protect their cybersecurity and we encourage all users to follow the proper procedures to ensure their teleconferences are secure.”
Robert Stevenson, Michigan Association of Chiefs of Police stated, “While the state is practicing social distancing, our law enforcement partners are coming together to help keep the people of Michigan safe during this crisis. Please report any incidents of hacking or any other type of fraud to your local, state or federal law enforcement agency.”
As individuals continue the transition to online lessons and meetings, law enforcement recommends exercising due diligence and caution in your cybersecurity efforts. The following steps can be taken to mitigate teleconferencing threats:
- Do not make the meetings or classroom public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guest.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options in Zoom, change screensharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January, 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
If you were a victim of a teleconference hijacking, or any cyber-crime for that matter, report it to the FBI’s Internet Crime Complaint Center at https://www.ic3.gov/default.aspx. Click here for more information regarding teleconference hijacking: https://www.ic3.gov/media/2020/200401.aspx.
Additionally, if you receive a specific threat during a teleconference, please report it to the FBI at https://tips.fbi.gov/ or call the FBI Detroit Division at (313) 965-2323.