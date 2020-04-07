WASHINGTON – Ceri Weber had just started defending her dissertation when the chaos began: echoes and voices interrupted her. Someone repeated his words. Then the music for Britney Spears started, and someone told Weber to shut up. Someone threatened to rape her.

The hackers had targeted the meeting on the Zoom video conferencing platform while Weber was completing the final step of his doctorate at Duke University. The harassment lasted 10 minutes, the result of an increasingly common form of cyber attack known as a "zoom bombardment."

As tens of millions of people turn to video conferencing to stay connected during the coronavirus pandemic, many have reported uninvited guests making threats, interposing racist, anti-gay or anti-Semitic messages, or displaying pornographic images. The attacks have drawn the attention of the FBI and other law enforcement agencies.

"It seemed like someone was just being silly," but then the intrusions "started to get more serious and threatening," Weber recalled. "I was really in the zone and kept introducing myself." She said she was more concerned about others in the chat who might have been scared. She was interrupted despite having chosen to "silence everyone,quot; on stage for her meeting from her home in Durham, North Carolina.

A Massachusetts high school reported that someone interrupted a virtual class at Zoom, yelled profanity, and revealed the address of the teacher's home. Another school in that state reported that a person agreed to a meeting and showed swastika tattoos, according to the FBI.

The agency's field office in Boston recommended that users of video conferencing platforms prioritize their security by ensuring that hosts have exclusive control over screen-sharing features and meeting invitations.

In New York, Attorney General Letitia James sent a letter to Zoom with questions about how users' privacy and security are protected. At another time, Senator Richard Blumenthal of Connecticut sought information on how the company handles users' personal data and protects against security threats and abuse.

Zoom has referred to trolls as "party hunters," which some critics have taken as a sign that the company is downplaying attacks.

In a statement released last week, the company told The Associated Press that it takes meeting security very seriously and encourages users to report any incident directly to Zoom. The company suggested that people hosting large public gatherings confirm that they are the only ones who can share their screen and use features like mute controls.

"For those who host private meetings, password protections are on by default, and we recommend that users keep those protections to prevent uninvited users from joining," the company said. Zoom recently updated the default screen sharing settings for education users, so teachers are the only ones who can share content by default.

Despite the update, the Clark County School District of Nevada, which includes all Las Vegas public schools, and the New York City Department of Education, which is responsible for the largest school district in the US In the USA, teachers have been told to stop using Zoom.

The zoom-in blitz was always a threat given the video conferencing app's configuration, geared more toward ease of use than privacy, said Justin Brookman, director of privacy policy and technology for Consumer Reports.

When the mandates of sheltering at home suddenly made Zoom a lifeline for tens of millions of families, he became a juicy target for mischief, he said.

For years, “usability problems outweighed potential security problems because society was less dependent on them. Obviously, that has changed dramatically in the last month, "added Brookman.

Some Zoom-bombers have been able to randomly guess crash meeting and conference IDs not configured to prevent intruders, he said.

In other cases, inexperienced users have exposed online meeting IDs, including UK Prime Minister Boris Johnson, who tweeted a screenshot of a Zoom Cabinet meeting showing the ID and username. of all.

Brookman said Zoom can do more to increase privacy protections for a massive user base that now ranges from elementary school children to senior citizens who discuss their wills with lawyers.

"Many people, including us, criticize how they allow hosts to monitor users to make sure they are paying attention to the screen, or reading text messages or recording the call when it is not entirely clear," Brookman said.

A mother in Georgia told a local television station that her son was "embarrassed and a little hysterical,quot; after someone hacked his online class and showed pornography to the children and the teacher.

The Rev. Jason Wells was holding a recently advertised forum on Zoom when a troll entered and used the chat box to post a racial slur so many times that it made the feature unusable for other participants.

"I wouldn't say it was random vandalism in hopes of interrupting someone," said Wells, who is executive director of the New Hampshire Council of Churches in Concord and co-chair of a state chapter of the Campaign for the Poor, part of a movement initiated by the Rev. Martin Luther King Jr. The intruder was eventually removed and blocked.

When Reverend Laura Everett delivered a sermon via Zoom for Boston First Baptist Church, a user who had seen the announced church service entered the video conference session and shouted homophobic and racist slurs. Everett said he had tweeted the link to the sermon because he wanted "the doors of the church to open to every weary soul who seeks a word of comfort."

"This was, for all intents and purposes, a house of worship that was raped," he said. "Zoom and all other businesses have primary responsibility for the safety of users."

In Oakland, California, Malachi Garza reported an attack at a Zoom conference he organized for approximately 200 participants, including previously incarcerated people who have experience in solitary confinement and are struggling with orders to stay home from the pandemic.

The conference organized by the Solidare philanthropic network was interrupted by racist and anti-transgender language, and the pornographic images appeared on a shared screen.

Zoom needs to "tell the truth and call this what it really is," Garza said. "It is racial terror, not party intruders."

Morrison reported from New York. Associated Press Technology writer Frank Bajak in Boston also contributed to this report.