DOJ and FBI Warn of Potential for Videoconferencing Hacking during Coronavirus Pandemic

The US Federal Bureau of Investigation and Attorney William M. McSwain warned the community about the potential for hackers to invade and disrupt videoconference meetings that are taking place as Americans use video-teleconferencing (VTC) platforms to conduct online meetings during the coronavirus pandemic.

“In the weeks following the coronavirus outbreak, videoconferencing platforms have become a part of daily living, used in a variety of ways – from conducting online classes, to hosting extended family gatherings, to holding large corporate meetings,” said U.S. Attorney McSwain. “Unfortunately, we have also seen an uptick in video hacking, where cyber actors hijack VTC meetings and cause a variety of harms, from showing inappropriate images to making death threats. Hackers beware: this behavior is not funny in any way and will not be tolerated.”

As individuals continue to engage in online learning and social and business meetings during the pandemic, law enforcement recommends exercising due diligence and caution and encourages users to take the following steps to mitigate videoconferencing threats:

Do not make the meetings or classrooms public. Videoconferencing platforms have options under “settings” to make meetings private by requiring participants to enter a meeting password, follow a link to a meeting, or wait in a virtual “waiting room.” These are all features that allow the host to limit public access and control admission of guests.
Do not share a meeting link publicly. Do not use publicly accessible social media platforms to share your meeting link with participants. Provide the link directly to specific people.
Manage screen-sharing options. Most VTC platforms have screen-sharing capability so that participants can see a host’s presentations, a feature often used in online classroom settings. Change the screen-sharing setting to “Host-Only” so that participants cannot share their screens.
Download updates. Ensure that users are using the updated version of remote access/meeting applications, as many VTC platforms have built in additional security measures in their latest updates.
Familiarize yourself with the VTC platform’s capability to remove intruders and lock meetings. Most VTC platforms have ways for hosts to remove participants and prevent them from re-joining and to lock meetings once all participants have joined. Consult with your employer’s IT professionals for more information about these features.

If you are a victim of a video-teleconference hijacking or any cybercrime, you can report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov. If you receive a specific threat of harm during a videoconference, please report it at tips.fbi.gov, 1-800-CALL-FBI.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.