SEATTLE — The FBI and IT experts are warning people to take precautions when using popular video chat apps to prevent incidents of so-called "zoombombing."
Zoombombing is a term recently coined for online meetings that are interrupted by scammers or trolls – think photobombing in the time of social distancing.
The FBI is keeping tabs on some of the worst violations and incidents of harassment – and noticing an increase as more work moves online.
“We saw some pornographic material, hate speech, and just foul language being used during conferences,” said Steve Bernd, of the FBI Seattle field office. “Or foul pictures being used during a conference they basically hijacked.”
The FBI’s Boston field office first raised the alarm. Bernd said Seattle has not documented any incidents that rise to the level of criminality. But he stressed people should take measures to protect themselves, as millions of Americans move their work online because of coronavirus.
“Just take the proper precautions to make sure your meetings are safe as they can be,” he said.
The FBI put out new guidance this week, recommending not sharing links to meetings publicly. Also, verify URLs, don’t click strange links, and restrict access to the meetings.
The bureau posted a long list of tips here. Officials also ask you report if you believe you've been the victim of an internet crime at IC3.gov.
Randy Orwin, Asst. Director for Learning Technologies at the University of Washington Information School echoed that advice to restrict access to meetings. On Zoom and other apps, he recommends using the "waiting room" feature, which lets admins vet users before bringing them into the meetings.
“The reason Zoom has been so popular is it just works – but anyone can get into your meeting room,” he said.
It’s why he recommends changing your apps default settings to limit screen share to only the host – not users. Zoom also announced that starting April 5, it will enable the Waiting Room feature and two password settings by default.
Orwin is no stranger to working remotely since he moved to Australia in 2012. Still – he said things happen.
“We actually had that happened here at the iSchool in one of our task force meetings about three weeks ago,” he said. “Some guy popped in and was kind of looking at us, and his two little kids were wandering around in the background.”
These security limitations also help ensure good behavior from intended users. UW spokesperson Victor Balta said the university is “…aware of a few situations this week in which some participants in a class used a feature within Zoom that allowed them to annotate the presentation or include chat messages in ways that were inappropriate and offensive to many participants.”
“These presentations were not hacked,” Balta said in a statement. “There are settings that allow only authenticated users to participate in a meeting, and settings that allow participants to annotate the presentation. In this case, those settings were not active.”
UW has since changed its default settings for Zoom to require a university login and limited features.
"The people that like to do bad things are going to find a way to do bad things, especially if it's easy and the settings aren't correct,” said Orwin.
He said those people are now flocking to these platforms, as new users expose old vulnerabilities.
"Absolutely and when you talk about zoom bombing, it's really about the settings and how open Zoom was initially,” he said.