Canadian Security Magazine

Activists targeted in ‘Zoom bombing’ attacks call on big tech to boost security

By Adina Bresge, The Canadian Press   

News Data Security Canadian Anti-Semitism Education Foundation (CAEF) COVID-19 zoom

Several groups have reported that their video conferences have been hijacked by disruptors sending sexist and racist messages

Activist groups are reeling after their online video meetings were derailed by digital infiltrators injecting hate and profanity in so-called “Zoom-bombing” incidents.

As the COVID-19 pandemic has prohibited public gatherings, millions have turned to the video-conferencing platform Zoom to convene screen-to-screen from the safety of their homes.

Advocates say online tools such as Zoom have been crucial to organizing on behalf of marginalized communities – work they feel is essential to address inequalities exacerbated by the pandemic. But now, they’re concerned that these efforts may be exposed because of big tech’s disregard for their security.

Several groups have reported that their video conferences have been hijacked by disruptors spewing sexist and racist messages and spamming participants with pornographic and violent imagery.

A spokesperson for Zoom says it’s working to educate users about how to guard against harassment, but activists maintain that the burden falls on the company to make them feel safe on the platform.

The executive director of the Canadian Anti-Semitism Education Foundation (CAEF), which promotes the view that anti-Zionism is form of discrimination against Jews, said the group was hosting a guest speaker on Zoom last week when it became clear that not all 45 virtual attendees were invited.

Andria Spindel said about 10 minutes into the lecture, sexist messages started to pop up in the chat box, and other participants jumped in to rebuke the use of foul language.

That’s when things really went haywire, Spindel recalled.

Suddenly, a racist slur was scrawled across the screen and users heard someone exclaim a Nazi salute, followed by a spate of pornographic images.

“We were all horrified. You could see people’s faces,” Spindel said. “I heard somebody crying.”

As novices to the platform, Spindel said it took a while for organizers to figure out how to shut down the video conference.

The link had been distributed to CAEF’s email list and posted on its Facebook page, said Spindel, but she doesn’t know why the group was targeted.

She said organizers reported the cyber attack to the police and Zoom, as well as B’nai Brith Canada.

The Jewish advocacy organization says similar incidents have been reported in the United States, drawing the attention of the FBI and other law enforcement agencies.

“Many people are saying this is a gentler time and we’re spending time helping one another,” Spindel said. “I’m saying, at the same time, anti-Semitism is actually on the rise. It’s just gone online.”

Migrant-rights activists say they were also targeted while hosting a press conference on Zoom last month to raise awareness about a hunger strike being held by four men detained at the Laval immigration holding centre north of Montreal. The aim of the protest was to secure the men’s release and reduce the risk of COVID-19 contamination.

Stacey Gomez, the Maritimes co-ordinator for the Maritimes-Guatemala Breaking the Silence Network, said the proceedings were delayed after intruders drowned out the discussion with racist and sexist messages. She said organizers had to send out a new link so the press conference could go forward.

While activists are frequent targets of social media harassment, Gomez said the attacks have intensified in tandem with the inflammation of xenophobic and racist sentiment, pointing to the proliferation of rhetoric blaming “foreigners” for the COVID-19 outbreak.

“I think that (tech companies) have a responsibility to do more,” she said. “And that includes shielding from surveillance, as well as doing more to address the threat from far-right groups.”

A Zoom spokesperson told The Canadian Press last week that the company is “deeply upset to hear about the incidents involving this type of attack and we strongly condemn such behaviour.”

The company is also working to educate users about features they can use to safeguard their meetings, the spokesperson added. Earlier this week, Zoom enabled people with free accounts to set up password protections and “virtual waiting rooms” to filter out unwanted guests.

But a researcher at University of Toronto’s Citizen Lab said these steps may have come too late for a company that has emphasized speed at the expense of users’ security, putting activists at risk of online harassment and potential surveillances.

Bill Marczak co-authored a report published last week that called into question many of Zoom’s claims to confidentiality, suggesting the company was not following “best practices” regarding encryption.

Among these concerns, the researchers noted that the Silicon Valley-based company appears to have several servers in China, which they suggest could make the company vulnerable to pressure from the Chinese government.

In a blog post responding to the report, Zoom CEO Eric Yuan acknowledged that in the company’s haste to build up server capacity during the COVID-19 outbreak, “certain meetings were allowed to connect to systems in China, where they should not have been able to connect.”

Yuan said the issue has since been corrected.

But Marczak said these post-hoc remedies show how Zoom prioritized streamlining features such as screen-sharing and easy-to-click meeting invitations without thinking through the potential consequences.

“It turns out that when things are easy and frictionless, that’s often an aid for people who are trying to do malicious things or trying to spy on communication.”


– This report by The Canadian Press was first published April 8, 2020.


News from © Canadian Press Enterprises Inc. 2020

Print this page


Stories continue below