String of racist attacks via videoconferencing software leads to heightened security concerns

A recent string of incidents where Zoom meetings have been “hacked” has put the future viability of teleconferencing security in doubt. (Courtesy Pixabay)
A recent string of incidents where Zoom meetings have been “hacked” has put the future viability of teleconferencing security in doubt. (Courtesy Pixabay)

A recent string of incidents where Zoom meetings have been “hacked” has put the future viability of teleconferencing security in doubt. (Courtesy Pixabay)

Following orders from local cities and counties that prohibited gatherings of 10 people or more, many workplaces across the Austin area have pivoted to conduct business virtually over teleconferencing and videoconferencing software.

Private companies, independent school districts, institutions of higher learning and governmental bodies are all using Zoom, one of the more popular videoconferencing software downloads since the beginning of the coronavirus outbreak, according to recent market analytics.

App market analytics company App Annie found Zoom in mid-March was downloaded 14 times more than its weekly average at this point last year.

But locally, a recent string of incidents where Zoom meetings have been “hacked” puts the future viability of teleconferencing security in doubt.

On April 2, a virtual town hall hosted by Workforce Solutions that featured officials from the Texas Workforce Commission was disrupted by a “hacking attack” within minutes of broadcasting, according to an email sent out by Workforce Solutions.

The meeting, which intended to provide an opportunity for local employers to get answers about business services and employment law, was inundated with racial slurs and loud music before the meeting was shut down by Workforce Solutions officials.

Workforce Solutions attempted to restart the meeting minutes later only to have it be attacked again, forcing it to be shut down and rescheduled.

Officials from the workforce development organization said in a followup email that some users who registered for the town hall may have received phishing emails, in whcih scammers try to trick users into revealing personal information.

“Thank you for all of your patience and support as we work to reschedule the Virtual Town Hall after the hacking attack on Zoom," said Brian Hernandez, communications director for Workforce Solutions Rural Capital Area, in an April 2 email. "If you registered to attend the session, we’ve been made aware that some attendees have received phishing emails as a result of a Zoom registration vulnerability.”

Workforce Solutions sent out an email April 3 outlining changes it has since made to its videoconferencing protocols. According to the email, Workforce Solutions will not be promoting the rescheduled town hall over social media, instead sending out invites to emails it has verified as legitimate. Further, the town hall will be set up in a way where only the hosts can be seen or heard with questions submitted via the chat function.

The Workforce Solutions town hall incident follows a similar attack on a Zoom meeting hosted by the Heman Sweatt Center for Black Males at The University of Texas at Austin.

On March 30, the Heman Sweatt Center, a faculty-led program that provides support and opportunities for black men at UT Austin, had a Zoom meeting interrupted by users with derogatory usernames who began calling attendees racial slurs.

“We are investigating the racist Zoom bombing of a meeting of UT students, staff & faculty," UT President Greg Fenves wrote in a March 30 tweet. "It was reprehensible. If the perpetrators are members of the UT community, they will be disciplined. We will also increase online security for all UT staff to prevent similar incidents.”

According to officials from the university, organizers from that meeting shared the meeting on social media, which made it easier for unauthorized users to enter the meeting.

“We have protocols in place for our classes to help keep them secure, and those were not default,” said J.B. Bird, director of media delations for UT Austin. “We have good security measures that were not in place for that call.”

Bird said Zoom is one of several videoconferencing tools the university employs across its system. UT Austin is hosting its classes completely online now, and Bird said the university logged approximately 9,000 classes on the first day of online education alone. The majority of those classes, Bird told Community Impact Newspaper, are using the online education software Canvas to host classes.

UT Austin will not move away from Zoom following the attack on the Heman Sweatt Center meeting, though Bird said the university has since implemented stronger security measures for calls across the university, including switching-on default security settings for all staff Zoom meetings.

Officials from the city of Austin told Community Impact Newspaper in an email that the city does not use Zoom as its videoconferencing platform.

Austin City Council uses Webex, a Cisco tool, for its meetings. Emily Tuttle, a senior public information specialist for the city of Austin, said Webex was chosen because of its features and security settings.

Increasing Zoom security

On March 30, the same day the Heman Sweatt Center Zoom meeting was attacked, the Federal Bureau of Investigations published a document reporting multiple instances of videoconferencing hijacking—also called “Zoom-bombing,” according to the post.

According to the FBI post, a Massachusetts-based high school reported that a class being taught over Zoom was interrupted by an unidentified individual, who began yelling profanity before shouting out the teacher’s home address. In another incident at a school in Massachusetts, a Zoom meeting was accessed by an unidentified individual, who was seen displaying swastika tattoos over video.

In its March 30 post, the FBI shared recommendations and steps to strengthen videoconferencing security. According to the FBI, meeting hosts on Zoom should decline to make meetings or classrooms public and should not share meeting links in any publicly available social media posts.

Further, the FBI encouraged meeting hosts to make use of options to manage screen sharing and recommended that all users update their videoconferencing software to its most current version.

The FBI asked anyone who is a victim of teleconferencing or hijacking to report the incident to the FBI’s Internet Crime Complaint Center, which can be found here.

The University of California at Berkeley also posted recommendations on its website for Zoom users to strengthen security protocols. The university provided instructions to manage participants, including disabling video, disabling private chat, locking the meeting to outside participants and enabling Zoom’s “Waiting Room” feature, which stops guests from joining until the host is ready, among other tips.

You can find UC Berkeley’s Zoom security recommendations here.

Note from the editor: This article has been updated to include information from Workforce Solutions Rural Capital Area.
By Iain Oldman
Iain Oldman joined Community Impact Newspaper in 2017 after spending two years in Pittsburgh, Pa., where he covered Pittsburgh City Council. His byline has appeared in PublicSource, WESA-FM and Scranton-Times Tribune. Iain worked as the reporter for Community Impact Newspaper's flagship Round Rock/Pflugerville/Hutto edition and is now working as the editor for the Northwest Austin edition.


Austin City Hall (Christopher Neely/Community impact Newspaper)
Some on Austin City Council want more of its $272 million coronavirus relief package to go to residents in need

City Council will determine how much to put toward direct financial assistance at its June 4 meeting.

Candidates in the Senate District 14 special election responded to Community Impact Newspaper's questions about their campaigns to fill the vacant seat in the Texas Senate. (Design by Shelby Savage/Community Impact Newspaper)
Q&A: Senate District 14 candidates discuss the issues ahead of July 14 election

There are six candidates running in the special election to fill the seat of former Sen. Kirk Watson through 2022.

Parkfield Drive at Norseman Terrace
City outlines plans for 3 North Austin roadway projects to increase mobility, pedestrian safety

Plans and timelines for three separate North Austin transportation projects are now available to review online.

Travis County judge pushes back against attorney general's reprimand of stay-at-home order

Travis County Judge Sam Biscoe responded to Texas Attorney General Ken Paxton's warning that county coronavirus orders conflicted with the state's.

Take a look at how coronavirus impacted Williamson County this week. (Chance Flowers/Community Impact Newspaper)
Take a look at how coronavirus impacted Williamson County this week

The county reported 596 total cases on May 29.

The Williamson County small-business grant program has issued more than $18.5 million as of May 29. (Ali Linan/Community Impact)
Williamson County small-business grant program issues more than $18.5 million

The program has aided more than 1,600 local businesses.

Cap Metro and its community partners have combined to delivery more than 300,000 meals to community members in need. (Jack Flagler/Community Impact Newspaper)
Capital Metro, community partners deliver more than 300K meals to community

The public transportation agency is teaming up with businesses and nonprofits to provide meals for those in need.

Williamson County and Cities Health District reported eight new cases of coronavirus May 29, bringing the county total to 596. (Screenshot courtesy Williamson County)
1 death and 8 new confirmed cases of coronavirus reported May 29 in Williamson County

Williamson County and Cities Health District reported the total number of cases at 596.

The Austin Central Library will reopen after it was closed for more than two months to prevent the spread of the coronavirus. (John Cox/Community Impact Newspaper)
Austin libraries, in-person pet adoptions to begin reopening June 1

The Austin Parks and Recreation Department will begin opening amenities, but there is no date set to open Barton Springs Pool.

A photo of the Travis County headquarters sign
Austin Public Health officials say they plan to increase support to Latino community, where coronavirus hospitalizations are up

As of May 26, 76 Hispanic individuals in Travis County were hospitalized with COVID-19, representing around 78% of all hospitalizations.

Here are the latest coronavirus updates for Travis County. (Community Impact Newspaper staff)
92nd coronavirus death reported in Travis County

Active hospitalizations in the metropolitan area dropped from 97 to 88 over the past 24 hours.

DATA: Parents, students, staff share feedback on Round Rock ISD online learning

Should schools reopen in the fall, 63% of parents who responded to the survey said they would be comfortable with their children returning to campus.