Since the COVID-19 pandemic, the town of Laurel has joined other municipality and state governments in implementing digital online feeds of Mayor and Council meetings. The town, like many organizations, initially started the Zoom meeting access to help avoid in-person contact and possibly spreading the disease. However, the feeds have also brought about a convenience, which allows the public, some who may experience physical challenges, or respiratory illnesses, to access the meetings online rather than travel to the town hall council chambers in person.
In contrast to the convenience of the online meetings, technology sometimes opens the door to some unsavory elements seeking to manipulate the digital landscape. Such is the case during the most recent meeting of Laurel Mayor and Council on Monday, July 15.
A few minutes into the public meeting, the live feed was hijacked by a streaming host of pornographic videos, photos, and racial epithets, which were accompanied by deafening high-pitched screaming audio. As Town Manager Jamie Smith tried to close out the pornographic barrage, the images time and time again reappeared with the same degree of intensity, causing her to cut the feed and close out the live video access to the meeting.
This type of hacking is apparently not unusual, as towns across the country, including Hertford, N.C., Laguna Beach, Fla., Camp Hill, Pa. and even a Zoom meeting being conducted by the Federal Reserve.
The practice has now been termed “Zoom bombing,” and it has impacted business, civic, religious, governmental and education-focused Zoom meetings, including high school classrooms. According to a report by “VICE Digital,” prior to the pandemic, Zoom had about 10 million daily users; post-pandemic that number has risen to more than 300 million meeting participants.
According to the report, trolls hijacked an Alcoholics Anonymous meeting in New York, with one shouting “Alcohol is so good!” to the assembled group. “A group of anti-Semites crashed an online Holocaust memorial service in Berlin, broadcasting images of Adolf Hitler, while another synagogue service in London was hijacked with anti-Semitic remarks. School classes and church services have also been affected the world over. Recordings of these incidents and others end up on YouTube and TikTok. For Zoom bombers, the horrified reactions are digital trophies.”
In response to the hacking episode, Town Manager Smith released a statement on behalf of the Mayor and Council:
“During the Mayor and Council Meeting on July 15, the town’s Zoom meeting was hacked within eight minutes of its start. Despite efforts by town staff to remove the hacker, they were unsuccessful, and the hacker continued to disrupt the meeting with inappropriate behavior. As a result, the town decided to disconnect the Zoom meeting. We apologize for any inconvenience this may have caused and are taking measures to prevent similar incidents in the future.”
In March 2020, during the pandemic, the FBI issued a warning about the trending incidents of teleconference hijacking. In its statement the law enforcement agency made recommendations to help combat the problem. “As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts. The following steps can be taken to mitigate teleconference hijacking threats:
• Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
• Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
• Manage screen-sharing options. In Zoom, change screen-sharing to “Host Only.”
• Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
• Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
