Zoom-bombing: Hackers show pornographic and racist content during University of Massachusetts videoconference

Sometimes hackers do not seem to pursue specific targets, as their actions indicate that they only try to annoy other users, claim experts from a pentest training company. Recently, the Student Government Association (SGA) held a meeting remotely via the Zoom video conferencing service at the University of Massachusetts premises, although things didn’t go as expected.

As reported by Rachel Ellis, participant of the meeting, the Zoom session was attacked by an unidentified hacker group, who altered the system to show “racist insults and high-graphic images.” Ellis subsequently added: “I apologize to the participants of the meeting via Zoom for the annoying images and insults transmitted during the session; these actions will not be tolerated by the SGA.”

The attack on the Zoom session occurred about an hour after the start of the meeting, as one of the speakers was taking place: “It was absolutely negligible and unacceptable. If anyone has information about who was responsible for that, it’s their duty to inform us,” says Timothy Sullivan, president of the AMS. Specialists from a pentest training course will participate in the investigation of the incident. Other institutions have reported similar incidents in the past.

The International Institute of Cyber Security (IICS) says the number of attack incidents to Zoom sessions has increased significantly. Known as “Zoom-bombing”, these attacks involve sending inappropriate material to video conferencing sessions, showing participants pornographic material, racist insults and anti-Semitic messages. Attackers can gain access by stealing access to participants or even exploiting some security vulnerabilities on the platform.

According to the specialists of the pentest training course, the frequency with which these incidents have been presented could represent a significant decrease in the use of this platform.

Despite recent attacks, the U.S. Senate passed a motion to send a set of security recommendations to multiple non-governmental organizations that use Zoom to disseminate some of the methods most used by reducing the number of video conferencing hacking incidents.