FBI Warning: Online Classrooms and Teleconferencing Apps Are Being Hijacked
The agency also says school closings due to COVID-19 and children’s increased online presence pose an increased risk for child exploitation.
With so many students and workers turning to distance learning and videoconferencing so they can stay connected during the coronavirus crisis, the FBI says it is receiving reports that these platforms are being hijacked (also called “Zoom-bombing”).
Two schools in Massachusetts reported the following incidents:
- In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction.
- A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual. In this incident, the individual was visible on the video camera and displayed swastika tattoos.
The FBI recommends individuals take the following steps to mitigate teleconference hijacking threats:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
If you were a victim of a teleconference hijacking, or any cyber-crime, report it to the FBI’s Internet Crime Complaint Center at ic3.gov. Additionally, if you receive a specific threat during a teleconference, report it at tips.fbi.gov or call the FBI Boston Division at (857) 386-2000.
The FBI is also warning that videoconferencing and children’s increased online presence pose an increased risk for child exploitation. The agency is warning parents, educators, caregivers and children about the dangers of online sexual exploitation and signs of child abuse.
The FBI is providing the following background information on this issue:
Online sexual exploitation comes in many forms. Individuals may coerce victims into providing sexually explicit images or videos of themselves, often in compliance with offenders’ threats to post the images publicly or send the images to victims’ friends and family.
Other offenders may make casual contact with children online, gain their trust, and introduce sexual conversation that increases in egregiousness over time. Ultimately this activity may result in maintaining an online relationship that includes sexual conversation and the exchange of illicit images, to eventually physically meeting the child in-person.
In order for the victimization to stop, children typically have to come forward to someone they trust—typically a parent, teacher, caregiver, or law enforcement. The embarrassment of being enticed and/or coerced to engage in unwanted behavior is what often prevents children from coming forward. Offenders may have hundreds of victims around the world, so coming forward to help law enforcement identify offenders may prevent countless other incidents of sexual exploitation.
Abuse can occur offline through direct contact with another individual. During these uncertain conditions, where time with other adults and caregivers has increased immensely, parents/guardians should communicate with their children about appropriate contact with adults and watch for any changes in behavior, including an increase in nightmares, withdrawn behavior, angry outbursts, anxiety, depression, not wanting to be left alone with an individual, and sexual knowledge.
The FBI recommends parents and guardians take the following precautions:
- Discuss Internet safety with children of all ages when they engage in online activity.
- Review and approve games and apps before they are downloaded.
- Make sure privacy settings are set to the strictest level possible for online gaming systems and electronic devices.
- Monitor your children’s use of the Internet; keep electronic devices in an open, common room of the house.
- Check your children’s profiles and what they post online.
- Explain to your children that images posted online will be permanently on the Internet.
- Make sure children know that anyone who asks a child to engage in sexually explicit activity online should be reported to a parent, guardian, or other trusted adult and law enforcement.
- Remember that victims should not be afraid to tell law enforcement if they are being sexually exploited. It is not a crime for a child to send sexually explicit images to someone if they are compelled or coerced to do so.
- Teach your children about body safety and boundaries.
- Encourage your children to have open communication with you.
- Be mindful of who is watching your child for childcare/babysitting, playdates and overnight visits.
- If your child discloses abuse, immediately contact local law enforcement for assistance.
- Children experiencing hands-on abuse may exhibit withdrawn behavior, angry outbursts, anxiety, depression, not wanting to be left alone with a specific individual, non-age appropriate sexual knowledge, and an increase in nightmares.
The agency urges everyone to report suspected sexual exploitation in the following ways:
- Contact your local law enforcement agency.
- Contact your local FBI field office or submit a tip online at tips.fbi.gov.
- File a report with the National Center for Missing & Exploited Children (NCMEC) at 1-800-843-5678 or online at www.cybertipline.org.
In a press release, the FBI made the following recommendations regarding reporting: “… be as descriptive as possible in the complaint form by providing as much of the following as possible:
- Name and/or user name of the subject.
- Email addresses and phone numbers used by the subject.
- Websites used by the subject.
- Description of all interaction with the subject.
- Try to keep all original documentation, emails, text messages, and logs of communication with the subject. Do not delete anything before law enforcement is able to review it.
- Tell law enforcement everything about the online encounters—we understand it may be embarrassing for the parent or child, but providing all relevant information is necessary to find the offender, stop the abuse, and bring him/her to justice.”
Zoom, a provider of videoconferencing, says that since the start of the COVID-19 crisis, the number of its users has skyrocketed from about 10 million to hundreds of millions, reports CBS News. Its founder and CEO Eric Yuan said his company wasn’t prepared for the influx of new users.
Yuan told CBS News that novice Zoom users generally don’t use passwords or enable additional security features, unlike most businesses with IT departments.
He admitted his company’s failings: “When we offer the free service, we should have a training session, we should enable a password. Looking back, we should have done that. Absolutely. This is our oversight.”