June 4, 2020

June 03, 2020

Subscribe to Latest Legal News and Analysis

June 02, 2020

Subscribe to Latest Legal News and Analysis

June 01, 2020

Subscribe to Latest Legal News and Analysis

FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic

As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “zoom-bombing”) are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.

For example, two schools in Massachusetts reported the following incidents:

  • A Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction.

  • A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual. In this incident, the individual was visible on the video camera and displayed swastika tattoos.

As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts. The following steps can be taken to mitigate teleconference hijacking threats:

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.

  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.

  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”

  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.

  • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

Jackson Lewis P.C. © 2020

TRENDING LEGAL ANALYSIS


About this Author

Paul V. Kelly, Jackson Lewis, white collar criminal defense lawyer, internal investigations attorney
Principal

Paul V. Kelly is a Principal in the Boston, Massachusetts, office of Jackson Lewis P.C. He has extensive experience in white collar criminal defense, internal investigations, complex civil litigation and crisis management. Mr. Kelly is the firm’s White Collar and Government Enforcement Practice Group Leader. A former sports industry executive, he is also one of the firm’s Collegiate and Professional Sports Practice Group Leaders.

617-305-1263