Federal prosecutors are now warning pranksters and hackers of the potential legal implications of “Zoombombing,” wherein someone successfully invades a public or sometimes even private meeting over the videoconferencing platform to broadcast shock videos, pornography, or other disruptive content.
The warning was posted as a press released to the Department of Justice’s website under the US Attorney’s office for the state’s Eastern district with support from the state attorney general and the FBI.
More and more of the world is increasingly self-quarantining due to the COVID-19 pandemic, and core pillars of society like public education and policy are moving from in-person meetings to remote conference calls on platforms like Zoom. In turn, that’s led to an uptick in conference call hacking and pranks. The most vulnerable forums are those of school classrooms, political meetings, and other sensitive gatherings including minors or confidential information. And as The New York Times reported on Friday, the weaponization of Zoom, not just for pranks but for harassment campaigns, has become a pressing concern at the highest levels of law enforcement as growing online groups gather on Instagram, Reddit, Twitter, and 4Chan to coordinate attacks.
“You think Zoom bombing is funny? Let’s see how funny it is after you get arrested.”
Now, prosecutors say they’ll pursue charges for Zoombombing, including “disrupting a public meeting, computer intrusion, using a computer to commit a crime, hate crimes, fraud, or transmitting threatening communications.” Some of the charges include fines and possible imprisonment. The press release says that if you or anyone you know becomes a victim of teleconference hacking, they can report it to the FBI’s Internet Crime Complaint Center.
“You think Zoom bombing is funny? Let’s see how funny it is after you get arrested,” stated Matthew Schneider, the US Attorney for the Eastern Michigan district, said in a statement. “If you interfere with a teleconference or public meeting in Michigan, you could have federal, state, or local law enforcement knocking at your door.”
The press release also contains some helpful tips for schools, political offices, companies, and individuals to avoid getting Zoombombed. (The Verge has also put together a handy guide for maneuvering the privacy and security settings on Zoom.) Oftentimes, it’s not a prankster hacking into a call so much as the organizer overlooking key privacy settings to help protect the call from unwanted third parties sneaking on.
“Do not make the meetings or classroom public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guest,” the guidance reads. “Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.”
The guidance also advises against allowing anyone but the host to screenshare and asks that users of Zoom and other apps install the latest updates; Zoom has put out quite a few this week to address the litany of complaints from the media and security experts over its lax privacy and security. Zoom also announced earlier this week that it would halt the development of new features for the next three months to beef up its user and platform defenses.