Security

Court hearing on election security is zoombombed on 9/11 anniversary with porn, swastikas, pics of WTC attacks

Atlanta to upgrade software license with more protection, clerk tells us

27 Got Tips?

A court hearing on election security in America failed in its own security efforts – when it was zoombombed with porn, swastikas and images of the World Trade Center attacks.

The public hearing in an Atlanta federal district court on Friday had approximately 100 people on a Zoom conference call before it was taken over by a participant named Osama who shared his screen and showed offensive images complete with music. At least one other person did the same. The images were particularly offensive as the hearing itself was being held on the anniversary of the September 11, 2001 attacks.

The court ended the Zoom session, and restarted it an hour later with additional security measures, including a virtual waiting room. Instead of sharing exhibits themselves, attorneys emailed them to the court and a staff member shared them.

Court clerk James Hatten told The Register the problem arose when the Zoom call was opened up to share exhibits, and the software enabled any participant to do the same.

Now that's a somewhat unexpected insider threat: Zoombombings mostly blamed on rogue participants, unique solution offered

READ MORE

Under a different license, it is possible for a Zoom host – in this case, the court – to designate specific participants as “panelists” and give them additional sharing rights, rather than open it to everyone. Hatten explained the court will shortly be moving to that license. “It’s been a little bit of a learning curve,” he confessed.

Courts have been increasingly using video conferencing as a way to continue processing cases during the COVID-19 pandemic; Zoom’s defaults and a lack of experience continues to cause problems. The link to this hearing was made public and the court did not vet participants.

The court has a record of the participants, and Hatten said it has already contacted law enforcement and would leave it up to them to determine whether a crime has been committed. The interruption would almost certainly be viewed as contempt of court but pragmatically, a judge is not in a position to do anything about a pseudonymous person on an online conference call.

A crime?

Federal prosecutors have made it plain in the past that they consider Zoombombing to be a crime that they are willing to charge people over. Back in March, Michigan’s top law officials put out a statement warning that “anyone who hacks into a teleconference can be charged with state or federal crimes. Charges may include, to name just a few, disrupting a public meeting, computer intrusion, using a computer to commit a crime, hate crimes, fraud, or transmitting threatening communications.”

The statement also noted that “all of these charges are punishable by fines and imprisonment.”

Just this month there was what may be the first case of someone charged with zoombombing: 19-year-old Ibraheem Ahmed al Bayati is accused of interrupting classes by threatening, during an online Zoom lecture, to bomb the University of Houston.

But less egregious examples of zoombombing have been dealt with differently. Last month, the small town of Sylva in North Carolina decided that no crime had been committed when its town board meeting in June, taking place over Zoom, was disrupted by participants shouting racist abuse.

We asked Zoom for details over how it deals with zoombombing, particularly when it comes to requests and complaints from law enforcement. The biz sidestepped those questions, with a spokesperson telling us: "We have been deeply upset to hear about these types of incidents, and Zoom strongly condemns such behavior. We have recently updated a number of default settings and added features to help hosts more easily access in-meeting security controls, including controlling screen sharing, removing and reporting participants, and locking meetings, among other actions.

"We encourage users to report any incidents of this kind to Zoom and law enforcement authorities so the appropriate action can be taken against offenders." ®

Sign up to our NewsletterGet IT in your inbox daily

27 Comments

Keep Reading

Days after President Trump suggests pausing election over security, US House passes $500m for states to shore up election security

Chances of it getting enacted in time for November – slim to almost nil

Homeland Security demands a 911 for reporting security holes in federal networks: 'Vulns in internet systems cause real-world impacts'

Great – and who will be the first responders?

Verizon: Just 25% of global businesses comply fully with the Payment Card Industry Data Security Standard

Gives you confidence in an era where nobody accepts cash any more

Softly-as-a-service: IBM whispers plan for security SaaS based on a Cloud Pak

Appears to cook a new way to shift containerised wares and get you onto OpenShift

Remember the Titans: Yubico jangles new NFC and USB-C touting security key

Apple crowd included - as NFC can now be used for something other than Apple Pay

Galaxy S20 security is already old hat as Samsung launches new safety silicon

Passport-grade chippery to help mobile devices prove their identity

COVID-19 security tips: Ensure you sack your staff without leaving their IT access enabled, says Secureworks

Infosec biz issues mildly off-the-wall guidance for incident responders

Big Tech trade association warns Uncle Sam against knee-jerk national security measures that harm industry

There'll be 'unintended negative consequences' if we continue like this

Tech Resources

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Has Recent Rapid Cloud Adoption Increased Your Threat Risk?

It’s time to embrace cloud capabilities that can help businesses address speed to market through agility, lower TCO and an increased security posture.

IBM and Nvidia® Solutions Power Insights with the New AI

IBM is well-positioned to help organizations incorporate high-performance solutions for AI into the enterprise landscape.

Breach and Attack Simulation For Dummies

This ebook covers attacks on your network. But not the ones you expect — these are actually coming from you.