Latest Post | Last 10 Posts | Archives
Previous Post: COVID-19 roundup
Next Post: Question of the day
Posted in:
* Um…
A virtual press conference hosted by Chicago politicians was cut short after someone hijacked the conference call and started streaming pornographic images.
On Tuesday morning, Ald. Brian Hopkins (2nd), Ald. Byron Sigcho-Lopez (25th), and Illinois State Reps. Theresa Mah and Ann Williams held a private press conference with organizers, health officials and reporters on popular teleconferencing platform Zoom.
The leaders aimed to call on Mayor Lori Lightfoot and Gov. JB Pritzker to close metal scrappers polluting Chicago neighborhoods including General Iron in Lincoln Park and the Sims Metal Management in Pilsen, particularly because of the respiratory nature of COVID-19.
But 16 minutes into the Zoom chat, that push was interrupted by a person who said: “Yeah, I don’t care.”
As confusion set in, a pornographic video that included images of a woman who was not fully clothed began playing on the video call.
I work alone from home when the General Assembly is not in session and I’ve never used Zoom or anything like that until last week when several pals and I connected over some cocktails to celebrate a birthday. All of this is new to me.
* It could’ve been worse. From the FBI…
As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoom-bombing”) are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.
Within the FBI Boston Division’s area of responsibility (AOR), which includes Maine, Massachusetts, New Hampshire, and Rhode Island, two schools in Massachusetts reported the following incidents:
• In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction.
• A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual. In this incident, the individual was visible on the video camera and displayed swastika tattoos.As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts. The following steps can be taken to mitigate teleconference hijacking threats:
• Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
• Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
• Manage screensharing options. In Zoom, change screensharing to “Host Only.”
• Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
• Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
posted by Rich Miller
Wednesday, Apr 1, 20 @ 11:57 am
Sorry, comments are closed at this time.
Previous Post: COVID-19 roundup
Next Post: Question of the day
WordPress Mobile Edition available at alexking.org.
powered by WordPress.
Sounds similar to the Max Headroom incident at WFLD back in the day. They never solved how that was done or who was behind it.
Comment by Stones Wednesday, Apr 1, 20 @ 12:01 pm
=== I’ve never used Zoom or anything like that until last week… All of this is new to me.===
It’s been a blessing for a short while, for me, not too long, and even more so since February.
Also, now twice, done “drinks by Zoom”… good for mental health.
Comment by Oswego Willy Wednesday, Apr 1, 20 @ 12:10 pm
Stones,
They have a decent idea of how it was done, still no idea on the whom.
It was WGN and WTTW
https://en.m.wikipedia.org/wiki/Max_Headroom_signal_hijacking
Comment by OneMan Wednesday, Apr 1, 20 @ 12:11 pm
I use Google Hangouts and send the link directly to the person.
Comment by Live Wire Wednesday, Apr 1, 20 @ 12:13 pm
Thank you OneMan. My memory is cloudy but I saw a piece on that the other day.
Comment by Stones Wednesday, Apr 1, 20 @ 12:19 pm
General Iron is already going to move this year. Why close them?
Comment by All this Wednesday, Apr 1, 20 @ 12:33 pm
Well, at least the activist alderman of the 25th Ward found his way in the news once again. He just loves being the center of attention.
Comment by Blue Beard Wednesday, Apr 1, 20 @ 12:39 pm
Anybody ever seen the movie “Used Cars”? Drive in cult classic from the late 70s. “20,000 for a used Mercedes? That’s too (really, really bad banned word) high(banned puctuation)
Comment by Captain Obvious Wednesday, Apr 1, 20 @ 12:47 pm
Beware state legislatures and local governments contemplate teleconferencing their meetings and actual votes. The zoom-bombing so far has come from goofy, tech-savvy amateurs. Just wait until state-sponsored pros in Moscow and Beijing decide to join in the fun.
Comment by Telly Wednesday, Apr 1, 20 @ 12:47 pm
I read something about trolls disrupting online AA meetings, Truly awful, and I imagine the anonymity might make it a little trickier to secure such a meeting–you wouldn’t necessarily have everyone’s emails to send a password to. I really feel for anyone working to stay sober who is not able to connect with their support group.
Comment by KSDinCU Wednesday, Apr 1, 20 @ 12:49 pm
The backbone of a lot of the video conferencing networks is the a modern version of internet relay chat which is sort of another way of saying is not at all secure. Some of the lack of security is also by design — thank you very much NSA and other federal spy agencies.
I don’t know how you kids were spending your time in the 1990s, but if it wasn’t in an internet relay chat room there’s going to be a steep learning curve for folks using discord, zoom, et al, to facilitate meetings.
It’s healthy to assume that nothing that happens on a chat server that isn’t in your basement, garage, or closet, is public. Some networks also allow for 3rd party hosts, either formally or informally.
We’re probably just a couple of weeks away from state and local governments dealing with some incredibly embarrassing accidental disclosures of private information due to a lack of familiarity with the underlying security risks of online meeting tools.
After all, the fundamental purpose of the internet and it’s underlying networks is to share information.
Comment by Candy Dogood Wednesday, Apr 1, 20 @ 12:49 pm
Is this another case of Carlos Danger strikes again?
Comment by SOIL M Wednesday, Apr 1, 20 @ 12:57 pm
UIUC had a classroom hijacked by a Nazi a couple of days ago.
Unfortunately, with no end-to-end encryption it’s always a risk (although these are mostly by people not knowing how to configure a meeting to be secure-ish).
Comment by Stuff Happens Wednesday, Apr 1, 20 @ 1:16 pm
Sounds like Roger Stone has found a manner in which to entertain himself while he is in the clink.
Comment by Al Wednesday, Apr 1, 20 @ 1:36 pm
It is well known in the security and IT community that Zoom has serious privacy and security flaws. I am not surprised pranksters have taken advantage of the increased usage of Zoom and lack of awareness by users.
Comment by Angry Republican Wednesday, Apr 1, 20 @ 1:38 pm
Happened in Nebraska during a townhall too.
Comment by Just Another Anon Wednesday, Apr 1, 20 @ 1:51 pm
My sister is having the nursing home my dad is in set up a Zoom tomorrow. My dad is doing well but if we get hacked that might be a little too much for the old guy. And if it happens to me I would prefer it happened while I am celebrating with some of my friends and not my sisters.
Comment by Been There Wednesday, Apr 1, 20 @ 2:02 pm
Captain Obvious, you have exceptional taste in movies. There are several phrases from Used Cars that regularly work their way into my discussions. None of which can be repeated here.
Comment by SSL Wednesday, Apr 1, 20 @ 2:20 pm
“Beware state legislatures and local governments contemplate teleconferencing their meetings and actual votes.” No need to worry about excess democracy in Whiteside county, most votes by the absurdly large 27-member board are “unanimous” voice votes, presided over by Great Helmsman James Duffy. The intimidated, elderly board members usually look at the floor, and maybe once per year a roll call vote is called for, which Duffy deigns to grant- grudgingly.
The Whiteside county website showed a “Special County Board Meeting- Conference Call” for Tuesday, March 24, 2020, 3:00 p.m., but no listed way for the little people to listen in. Board meetings are not video taped, minutes are altered and censored, and county deputies do not wear body cams either. No need to worry about anyone hacking county board meetings, secrecy and fear is a way of life in the home county of Nicholas Sheley.
Comment by Buford Wednesday, Apr 1, 20 @ 3:04 pm