US attorney and FBI warn that 'Zoom bombing' is a federal offense

[Cal Jeffrey]

Why it matters: With an unprecedented number of people working, schooling, and socializing from home, there are a lot more victims for cybercriminals to target. However, even playing a seemingly harmless prank on unsuspecting victims can result in fines and prison time under the Computer Fraud and Abuse Act.

Federal prosecutors have put pranksters and hackers on notice: If you are thinking about "Zoom bombing" — don't. Zoom bombing is where someone barges in on a video conference and displays porn or some other disruptive content. According to the Department of Justice, such acts are a federal offense and subject to harsh fines and imprisonment.

"You think Zoom bombing is funny? Let's see how funny it is after you get arrested," Matthew Schneider, US Attorney for the Eastern District of Michigan, said in a DoJ press release. "If you interfere with a teleconference or public meeting in Michigan, you could have federal, state, or local law enforcement knocking at your door."

The warning comes as the Zoom video conferencing app has exploded in popularity. The tool's user base has grown 20-fold to over 200 million in just over three months, causing the company to freeze feature development to fix security issues brought on by the increased numbers and use cases that extended beyond the scope the company intended.

However, Zoom is not the only telecommuting application, and the law applies to them all. Regardless of whether a person interrupts a Zoom meeting or a Microsoft Teams conference, it is still a violation of USC 18 section 1030 of the Computer Fraud and Abuse Act. Sentences can range from one to 10 years in federal prison, depending on the specifics of the violation. Fines can be up to $100,000 for misdemeanor acts and $250,000 for felonies as well as the seizure of property.

"We were alerted to this problem by a Michigan reporter who participated in a Zoom conference that was hijacked," said Michigan Attorney General Dana Nessel. "Since then, we have learned of other incidents around the country."

The FBI urges people to exercise "good cyber hygiene" when using teleconferencing apps and has outlined some tips and steps to reduce risks on the FBI's Internet Crime Complaint Center (IC3) website. Victims of conference hijacking can also report it on the IC3's reporting page.

Masthead credit: Zoom Lock by Ink Drop, Video Conferencing by Girts Ragelis

Permalink to story.

https://www.techspot.com/news/84696-us-attorney-fbi-warn-zoom-bombing-federal-offense.html

 

[QuantumPhysics]

Yeah because the people who normally focus on identity theft are so fearful of "federal laws"?

Furthermore, you're most likely dealing with young kids who think it's funny to force porn onto classroom meetings. You have no prosecution for them at all - and their own parents can do nothing about them.

This whole "work from home" ordeal is gonna get really hilarious really fast.

I opine that people who hack, steal ID and other computer crimes effecting others negatively should be publicly beaten and fined. Jail is a waste of my tax dollars.

 

[cliffordcooley]

Unless people can join without an invite. I don't see where the issue is.

 

[Lew Zealand]

Zoom meetings can be as open or as locked down as you want them to be. Requiring registration for a meeting is a standard option that not everyone chooses to use. If everyone did, there would be no option of a Zoom bomb unless an invitee was intent on bombing.

 

[ColdSoup]

Unless people can join without an invite. I don't see where the issue is.

Many people don't know how to use a computer let alone a specific application on a computer. By default, Zoom only requires a meeting number to join and nothing more. Anyone can guess random meeting numbers to try and join.

There are options to require meeting owner approval to join and also password protect meetings. Do people do this? No because that would require even the slightest amount of effort.

 

[Sherwoodnt]

Many people don't know how to use a computer let alone a specific application on a computer. By default, Zoom only requires a meeting number to join and nothing more. Anyone can guess random meeting numbers to try and join.

There are options to require meeting owner approval to join and also password protect meetings. Do people do this? No because that would require even the slightest amount of effort.

Burn!

ColdSoup - 1
People - 0

;-)

 

[wiyosaya]

Many people don't know how to use a computer let alone a specific application on a computer. By default, Zoom only requires a meeting number to join and nothing more. Anyone can guess random meeting numbers to try and join.

There are options to require meeting owner approval to join and also password protect meetings. Do people do this? No because that would require even the slightest amount of effort.

Sounds like Zoom is cashing in on the fad by making itself useful to the computer illiterate. Perhaps it should rebrand itself to "Computer Meetings for Dummies."

 

[Bullwinkle M]

Everything you put on the Internet is now public property

Your Copyright has been invalidated and the Legal System cannot help you
(regardless of their lame-a$$ rulings)

If you want property rights, keep it out of the public domain

We do not recognize any privacy / ownership or copy-rights if you place your content in the public domain

We make the Rules Here!

 

[Uncle Al]

Until the day comes where hackers are exposed publicly being tried, sentenced, and serving out their punishment it will never be taken as seriously. Hackers that steal should be dealt with as harsh as the law allows and when that theft results in the loss of a persons life the punishment should be the same. When the law stopped applying the simple formula "An eye for an eye, a tooth for a tooth" the basis and usefulness of the law started loosing it's meaning.

 

[Theinsanegamer]

Until the day comes where hackers are exposed publicly being tried, sentenced, and serving out their punishment it will never be taken as seriously. Hackers that steal should be dealt with as harsh as the law allows and when that theft results in the loss of a persons life the punishment should be the same. When the law stopped applying the simple formula "An eye for an eye, a tooth for a tooth" the basis and usefulness of the law started loosing it's meaning.

"Hackers that steal should be dealt with as harsh as the law allows and when that theft results in the loss of a persons life the punishment should be the same"
Please post a source of something being stolen by a hacker killing someone.

 

[cliffordcooley]

Please post a source of something being stolen by a hacker killing someone.

Hacking into hospitals should be close enough, even if there were no deaths.

 

[Theinsanegamer]

Hacking into hospitals should be close enough, even if there were no deaths.

His comment states that THEFT resulting in loss of life. Locking computers demanding ransom is not theft, its kidnapping. Different crime. Also, you didnt even bother providing a source. There is swing and a miss, and then there is not even making it up to the batter box.

 

[cliffordcooley]

Locking computers demanding ransom is not theft, its kidnapping. Different crime.

Not when it threatens the safety of everyone in the hospital. I don't need to provide links. I was presenting a scenario not facts. But if you want facts there are several articles here at Techspot. You are making a mountain out of a mole hill.

Look up the definition of attempted murder and then tell me it is a different crime.

 

[Uncle Al]

"Hackers that steal should be dealt with as harsh as the law allows and when that theft results in the loss of a persons life the punishment should be the same"
Please post a source of something being stolen by a hacker killing someone.

List any number of identity theft's that have destroyed lives, emptied investment and/or savings accounts and left people destitute, unable to support themselves, pay for medical care and causing them a demise far sooner than it would have been. Several years ago there was a rash of suicide's reported that were specifically based on this very thing. Someone breaking into your private information, money, etc. is no different than a person breaking into your home, which is most states in the US allows the use of deadly force.

 

[Bullwinkle M]

If Zoom Bombers did not show you the vulnerabilities in such a drastic manner, then who would show you or even tell you about these vulnerabilities?

Allowing Companies to distribute " Malicious and/or vulnerable software that allows identity theft that has destroyed lives, emptied investment and/or savings accounts and left people destitute, unable to support themselves should indeed be a crime worthy of death

Those who show you these vulnerabilities any way they can are SUPER HERO's

Lets give them a Parade and National Holiday!

 

[Yynxs]

So the question would be, what would the coroner be looking for in symptoms of hacking a pacemaker. It's all FDA 2017 stuff.

The pacemaker vulnerabilities include improper authentication that can be compromised or bypassed, another flaw that could allow a nearby attacker to issue commands to drain the battery, as well as a flaw that allows sensitive patient information being transmitted without encryption.

or just looking for exploitable information:

TrapX, a deception-based cybersecurity firm, released a report about three real-world targeted hospital attacks which exploited an attack vector the researchers called MEDJACK for medical device hijack. “MEDJACK has brought the perfect storm to major healthcare institutions globally,” they warned. “Medical devices complimented by the MEDJACK attack vector may be the hospital’s ‘weakest link in the chain’.”

In three separate hospitals, TrapX found “extensive compromise of a variety of medical devices which included X-ray equipment, picture archive and communications systems (PACS) and blood gas analyzers (BGA).”

but hey, hackers are just showing us vulnerabilities and should be awarded (after they get their ransom money of course).

 

[cuerdc]

Because politicians, corporations and goverment bodies are using flawed software.
Zoom should be thanking/rewarding them for highlighting the flaws or fined/prosecuted for not fixing them.
As for without passwords etc bit like leaving your home unlocked you wont be covered by your insurance as its not forced entry.
Whole article makes me wanna download zoom to try bomb some meetings sounds amusing

 

[hk2000]

His comment states that THEFT resulting in loss of life. Locking computers demanding ransom is not theft, its kidnapping. Different crime. Also, you didnt even bother providing a source. There is swing and a miss, and then there is not even making it up to the batter box.

No it's not theft, it's a hundred times worse. Hijacking files and demanding ransom isnt different from holding a person at gunpoint and demanding their wallet. I guess you're one of those "techies" who think its cool to be be criminal if you do it in a clever, tech savvy way?!!
At least the ***** who holds a person at gun point can be excused for being too stupid to understand human values, people who are smart enough to mange to commit computer based crimes are smart enough to understand those values and therefore have no excuse, and they should be dealt with much more severely than street muggers.

 

[silversea]

Department of Justice hahaha what a laugh always threatening to take action and what happens when they do most of the time it’s a slap on the wrist and sent home to do it again that’s our justice system in action. Voom bombing is Cyber Terrorism, Computer Theft, Privacy Theft to name but a few, so the people or group of people who are doing this need to be put away, not slapped on the hand, not fined, but put away for a very long time no questions asked you did the crime you do the time that’s it nuff said.