Virtual Zoom Bombing - CAEF Bulletin, March 31, 2020
On March 30th, the live CAEF WebTalk presented by Ms. Yifa Segal, Executive Director of the International Legal Forum, on the topic, The IHRA, One Antidote Against Antisemitism, was rudely and abruptly halted by what we now know is Zoom Bombing. A hacker took over the screen share function and played Hitler era music, scrawled hate messages like “Seig Heil” on screen, sent rude remarks via the chat function, and then blasted pornography across the screen seen by all 44 participants. It proved impossible to end the attack via normal computer controls, operated by our speaker who was presenting from her home in Tel Aviv, Israel. The hate attack, which lasted about 20 minutes was antisemitic in tone and content. CAEF chose to shut the whole webinar down realizing the hackers would not stop.
This incident has helped inform CAEF’s Executive Director, Andria Spindel, about the imperative to implement proper webinar controls. The next CAEF WebTalk will use higher-level controls to prevent hacking. As such, we are providing a list of suggested best practices for all organizations. We are particularly concerned to advise individuals and families which are planning virtual seders and any meet ups to properly use Zoom technology.
CAEF reported the attack to B’nai Brith Canada which has initiated a report to the Toronto police. CAEF and B’nai Brith are issuing a joint press release on March 31st, as warning and advisory to all Jews and Jewish organizations. Jews are targets for such Nazi oriented cyber-hate crimes! The JNS (Jewish News Syndicate), The Guardian online newspaper, The New York Times, the Algemeiner Epaper, Forbes online, Inc., and Zoom blog have all published articles about this new cyber threat within the last 48 hours. A similar attack was reported by the Anti-Defamation League in the US, in which a white supremacist disrupted a March 24th webinar about anti-Semitism hosted by a Massachusetts Jewish student group.
Many individuals and organizations may not be aware of this potential invasion into cyber meetings, specifically webinars. We hope to increase awareness by sharing advice on necessary precautions. CAEF recommends the following steps be followed for all webinars:
Webinars should be registration-based and not use a fully public URL.
There should be a co-host to help manage comments, chat, and eject users if necessary.
As well as presenters and moderators, only people approved should be able to join by video.
The chat function should be turned off.
The guest screen sharing feature should be disabled.
There is excellent information available on the Zoom blog which covers more topics outlining even more controls. This should be a compulsory read for anyone venturing to use Zoom for personal meetings, organizational webinars or any private gathering.
I would add that the incident CAEF experienced was sufficiently disruptive and unpleasant that security should be considered for all virtual meetups.
If any of the webinar participants have screenshots or info about this hack, please be in touch with firstname.lastname@example.org
Here is a summary statement from Zoom: Keep Zooming responsibly.