String of racist attacks via videoconferencing software leads to heightened security concerns

A recent string of incidents where Zoom meetings have been “hacked” has put the future viability of teleconferencing security in doubt. (Courtesy Pixabay)
A recent string of incidents where Zoom meetings have been “hacked” has put the future viability of teleconferencing security in doubt. (Courtesy Pixabay)

A recent string of incidents where Zoom meetings have been “hacked” has put the future viability of teleconferencing security in doubt. (Courtesy Pixabay)

Following orders from local cities and counties that prohibited gatherings of 10 people or more, many workplaces across the Austin area have pivoted to conduct business virtually over teleconferencing and videoconferencing software.

Private companies, independent school districts, institutions of higher learning and governmental bodies are all using Zoom, one of the more popular videoconferencing software downloads since the beginning of the coronavirus outbreak, according to recent market analytics.

App market analytics company App Annie found Zoom in mid-March was downloaded 14 times more than its weekly average at this point last year.

But locally, a recent string of incidents where Zoom meetings have been “hacked” puts the future viability of teleconferencing security in doubt.

On April 2, a virtual town hall hosted by Workforce Solutions that featured officials from the Texas Workforce Commission was disrupted by a “hacking attack” within minutes of broadcasting, according to an email sent out by Workforce Solutions.

The meeting, which intended to provide an opportunity for local employers to get answers about business services and employment law, was inundated with racial slurs and loud music before the meeting was shut down by Workforce Solutions officials.

Workforce Solutions attempted to restart the meeting minutes later only to have it be attacked again, forcing it to be shut down and rescheduled.

Officials from the workforce development organization said in a followup email that some users who registered for the town hall may have received phishing emails, in whcih scammers try to trick users into revealing personal information.

“Thank you for all of your patience and support as we work to reschedule the Virtual Town Hall after the hacking attack on Zoom," said Brian Hernandez, communications director for Workforce Solutions Rural Capital Area, in an April 2 email. "If you registered to attend the session, we’ve been made aware that some attendees have received phishing emails as a result of a Zoom registration vulnerability.”

Workforce Solutions sent out an email April 3 outlining changes it has since made to its videoconferencing protocols. According to the email, Workforce Solutions will not be promoting the rescheduled town hall over social media, instead sending out invites to emails it has verified as legitimate. Further, the town hall will be set up in a way where only the hosts can be seen or heard with questions submitted via the chat function.

The Workforce Solutions town hall incident follows a similar attack on a Zoom meeting hosted by the Heman Sweatt Center for Black Males at The University of Texas at Austin.

On March 30, the Heman Sweatt Center, a faculty-led program that provides support and opportunities for black men at UT Austin, had a Zoom meeting interrupted by users with derogatory usernames who began calling attendees racial slurs.

“We are investigating the racist Zoom bombing of a meeting of UT students, staff & faculty," UT President Greg Fenves wrote in a March 30 tweet. "It was reprehensible. If the perpetrators are members of the UT community, they will be disciplined. We will also increase online security for all UT staff to prevent similar incidents.”

According to officials from the university, organizers from that meeting shared the meeting on social media, which made it easier for unauthorized users to enter the meeting.

“We have protocols in place for our classes to help keep them secure, and those were not default,” said J.B. Bird, director of media delations for UT Austin. “We have good security measures that were not in place for that call.”

Bird said Zoom is one of several videoconferencing tools the university employs across its system. UT Austin is hosting its classes completely online now, and Bird said the university logged approximately 9,000 classes on the first day of online education alone. The majority of those classes, Bird told Community Impact Newspaper, are using the online education software Canvas to host classes.

UT Austin will not move away from Zoom following the attack on the Heman Sweatt Center meeting, though Bird said the university has since implemented stronger security measures for calls across the university, including switching-on default security settings for all staff Zoom meetings.

Officials from the city of Austin told Community Impact Newspaper in an email that the city does not use Zoom as its videoconferencing platform.

Austin City Council uses Webex, a Cisco tool, for its meetings. Emily Tuttle, a senior public information specialist for the city of Austin, said Webex was chosen because of its features and security settings.

Increasing Zoom security

On March 30, the same day the Heman Sweatt Center Zoom meeting was attacked, the Federal Bureau of Investigations published a document reporting multiple instances of videoconferencing hijacking—also called “Zoom-bombing,” according to the post.

According to the FBI post, a Massachusetts-based high school reported that a class being taught over Zoom was interrupted by an unidentified individual, who began yelling profanity before shouting out the teacher’s home address. In another incident at a school in Massachusetts, a Zoom meeting was accessed by an unidentified individual, who was seen displaying swastika tattoos over video.

In its March 30 post, the FBI shared recommendations and steps to strengthen videoconferencing security. According to the FBI, meeting hosts on Zoom should decline to make meetings or classrooms public and should not share meeting links in any publicly available social media posts.

Further, the FBI encouraged meeting hosts to make use of options to manage screen sharing and recommended that all users update their videoconferencing software to its most current version.

The FBI asked anyone who is a victim of teleconferencing or hijacking to report the incident to the FBI’s Internet Crime Complaint Center, which can be found here.

The University of California at Berkeley also posted recommendations on its website for Zoom users to strengthen security protocols. The university provided instructions to manage participants, including disabling video, disabling private chat, locking the meeting to outside participants and enabling Zoom’s “Waiting Room” feature, which stops guests from joining until the host is ready, among other tips.

You can find UC Berkeley’s Zoom security recommendations here.

Note from the editor: This article has been updated to include information from Workforce Solutions Rural Capital Area.
By Iain Oldman
Iain Oldman joined Community Impact Newspaper in 2017 after spending two years in Pittsburgh, Pa., where he covered Pittsburgh City Council. His byline has appeared in PublicSource, WESA-FM and Scranton-Times Tribune. Iain worked as the reporter for Community Impact Newspaper's flagship Round Rock/Pflugerville/Hutto edition and is now working as the editor for the Northwest Austin edition.


Travis County continues to urge residents to follow social distancing guidelines when out in public. (Nicholas Cicale/Community Impact Newspaper)
Travis County officials: 20 new coronavirus hospitalizations per day would strain local hospital capacity

Dr. Mark Escott said new admissions per day is a key measure to determine if the county should be more or less restrictive in its guidance to residents and businesses.

A May 27 preliminary budget discussion showed Central Health expects to see a slow-down in property tax revenue growth in fiscal year 2020-21. (Iain Oldman/Community Impact Newspaper)
Early budget forecasts from Central Health show anticipated 'slow-down' in tax revenue collection

Preliminary budget forecasts from Central Health show the health care district anticipates a slow down in tax revenue collection growth.

Pflugerville ISD students who rely on meals from the district will be able to continue picking up meals throughout the summer. (Courtesy Adobe Stock)
Free meal pickup services to continue through summer for Pflugerville ISD students

Pflugerville ISD students who rely on meals from the district will be able to continue picking up meals throughout the summer.

Williamson County reports additional coronavirus-related death May 28. (Ali Linan/Community Impact Newspaper)
Williamson County reports additional coronavirus-related death May 28

“Our hearts are with the family who lost their loved one due to this deadly disease," Williamson County Judge Bill Gravell said.

Outdoor venues in all Texas counties will be permitted to operate at up to 25% capacity starting May 31. (Courtesy Adobe Stock)
Spectators to be welcomed back to Texas outdoor sporting events May 31 at 25% of venue capacity

Venue owners must operate under guidelines that facilitate appropriate social distancing.

Each eligible child will receive $285 in benefits. (Courtesy Adobe Stock)
Some Texas students eligible for one-time federal benefit to aid with food purchases

Texas received approval from the U.S. Department of Agriculture to provide more than $1 billion in pandemic food benefits.

Williamson County judges are continuing to hold court even as the coronavirus pandemic forces the courts to enter digital spaces. (Chance Flowers/Community Impact Newspaper)
Justice continues in Williamson County even as courtrooms go virtual

Williamson County judges are continuing to hold court even as the coronavirus pandemic forces the courts to enter digital spaces.

Zilker Theatre Productions announced May 28 that its summer musical, "Mamma Mia," has been postponed to 2021. (Courtesy Zilker Theatre Production)
Zilker Theatre Productions postpones summer musical to 2021

This will be the first time the free outdoor show in Zilker Park has not run since it began in 1959.

Williamson County confirmed coronavirus cases have reached 588. (Screenshot courtesy Williamson County)
4 new coronavirus cases confirmed in Williamson County, which has reported more than 9,800 tests

Currently, 15 patients are hospitalized, and seven are in intensive care, per the report.

A screen shot of Dr. Mark Escott speaking
Austin Public Health planning response in case of coronavirus hospitalization spike

As local health authorities monitor an upward trend in COVID-19 cases, they are bracing for a possible uptick in hospitalizations.

There have been 1,084 total coronavirus recoveries in Travis County as of May 27. (Jack Flagler/Community Impact Newspaper)
Travis County reports 73 new coronavirus cases May 27

There have been 1,084 total coronavirus recoveries in Travis County as well.

Texas Comptroller Glenn Hegar spoke to members of the Clear Lake Area Chamber of Commerce on May 27 about what the state's post-pandemic economic turnaround might look like. (Screenshot of May 27 virtual luncheon)
Texas comptroller predicts slow, steady economic turnaround post-pandemic

Texas Comptroller Glenn Hegar said the state entered the era of the coronavirus in a healthy financial situation, which bodes well for the future as reopening continues, but that Texans are not out of the woods yet.