LANSING, MI – The office of Michigan Attorney General has had a dramatic increase in complaints of video-teleconferences being hijacked by unknown individuals and now the FBI is involved in the investigation.
With the increasing popularity in video-teleconferencing due to employees, students and others communicating remotely during the coronavirus disease 2019 (COVID-19) outbreak, Michigan Attorney General Dana Nessel is warning consumers of potential hijacking and cybersecurity breaches.
“We were alerted to this problem by a Michigan reporter who participated in a Zoom conference that was hijacked,” Nessel said. “Since then we have learned of other incidents around the country. There are steps people can take to protect their cybersecurity and we encourage all users to follow the proper procedures to ensure their teleconferences are secure.”
Attorney General Nessel issued a consumer alert to make people aware of the situation. The warning taken by the Attorney General’s office follows a similar alert made by the Federal Bureau of Investigation (FBI).
The FBI has received multiple reports of teleconferences set up through Zoom being disrupted by pornographic and/or hate images and threatening language. Schools using the technology to conduct classroom exercises have also reported interruptions in video-teleconferencing sessions.
In Michigan, this conduct could result in criminal charges under several statutes relating to Fraudulent Access to a Computer or Network (MCL 752.797) and/or Malicious Use of Electronics Communication (MCL 750.540).
There are procedures that can be implemented to operate a more secure video-teleconference, including when the creator of the session must prevent screen sharing.
The FBI recommends exercising due diligence and caution in cybersecurity efforts, and recommends taking the following steps to mitigate teleconference hijacking threats:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated its software. In the security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.