Cybersecurity

Attorney General Says His Call Was Zoombombed, Urges Safe Video Conferencing

NBC Universal, Inc.

A video conference call Connecticut’s attorney general had earlier this week was “zoombombed” and he is encouraging people who use Zoom video conferencing to be aware of the privacy and security features of technology platforms. 

Attorney General William Tong said he and Lieutenant Governor Susan Bysiewicz held a Zoom conference on Tuesday to discuss Census scams and it was interrupted by hundreds of profane and racist comments.

“Earlier this week, I attended a Zoom conference that was ‘bombed’ by hundreds of profane and racist comments.  Needless to say, I am familiarizing myself with these platforms’ privacy and security features, too. My office has been in contact with representatives from Zoom to address this and other issues relating to online security and privacy,” Tong said in a statement. “Whether on Zoom or any other digital platform, hateful and racist speech is not OK—not now, not ever. Our world is confronting an unprecedented threat, and there are trolls who seek to exploit our fear to turn us against one other. Don’t let them. Together, with love, compassion and courage, we will get through this.”

With more people working from home to help limit the spread of COVID-19, many are turning to technology platforms, like Zoom to do their work or to otherwise stay connected.

Bysiewicz said the call on Tuesday conference calls in Cromwell and Middletown were also zoombombed and she said she experienced it in video town halls.

“To the trolls, hackers and jerks, just stop it," Bysiewicz said.

She has reached out the the United States Attorney for Connecticut to ask him to work with the FBI to ensure that they are doing everything they can to stop this behavior.

The FBI has issued warnings about teleconferencing and online classroom hijacking during the COVID-19 pandemic.

Bysiewicz called on the "trolls" to do something productive instead of what they are doing, for companies that provide these services to secure their software and for residents and people who use the service to be safe and for parents to protect their children from the "vicious" and "hateful" speech.

Tong, who is co-chairman of the National Association of Attorneys General Internet Safety/Cyber Privacy and Security Committee, said it can be a challenge to learn how to use new technology platforms “on the fly,” but it’s important to take the time to learn how to use them securely and safely. 

He is encouraged everyone who is using video conferencing to ensure their video conference software is up to date; confirm that conferences are private, either by requiring a password for entry or controlling guest access through a virtual waiting room; check that the highest security settings are applied for your teleconference platform; and consult your software company’s security information or your IT department.

NBC News reports that Zoom has published a guide to locking down the app's settings to mitigate the risk of uninvited guests joining. Users can also report the incidents to the company, a spokeswoman told NBC News, so Zoom can take "appropriate action," including deactivating a user's account

"We have been deeply upset to hear about the incidents involving this type of attack," the spokeswoman said.

Following are recommendations from the FBI:

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

Learn more here on cybersecurity while working from home.

Contact Us