A Corner Brook woman who joined a Zoom call to gain job skills and explore new ways to cope with her chronic illness is warning others of the dangers of such chats, after hers was hijacked with a graphic video of child abuse.
Tiffany Hancock had been hesitant about engaging in any online videoconferencing platform, but as she prepared to look for a new job amid the pandemic, she felt getting familiar with Zoom would be a resumé booster.
She decided to ease into the videoconferencing world with a Zoom drawing workshop for people who battle chronic invisible illnesses — in Hancock’s case, dealing with her endometriosis, an often painful gynecological condition. At the beginning of the chat, she was too timid to turn her own webcam on.
But as the videos and activities went on, she gained confidence and began fully participating in the workshop and flicking on her webcam. Then, Hancock said the organizers announced a timed drawing exercise and enabled screen sharing.
All of a sudden, Hancock said, a very different, alarming video began playing.
“It was very graphic, very detailed, inappropriate. It was a form of child abuse,” said Hancock, adding it was sexual in nature.
New to the technology, Hancock couldn’t figure out how to stop the video. Neither could the organizers, she said, and the video kept playing “long enough to be traumatizing,” she told CBC Radio’s Newfoundland Morning.
The video was cut off as organizers scrambled, apologized and then ended the call. Hancock said she immediately deleted Zoom from her computer, but couldn’t erase from her mind what had happened, nor the panic attacks she said followed.
“I couldn’t get the image out of my head. I still can’t.”
Hancock is far from the first person to fall victim to such hacking, which has spiked as a swath of social and professional interactions have been forced online due to COVID-19.
The digital crime has earned its own word — “Zoom-bombing” — as people around the world share online conferencing horror stories, from a man California interrupted during his dissertation by a racist attack, to an online synagogue service in Toronto subjected to anti-Semitism.
This rise in online conferencing, coupled with many users logging in on personal computers that often have looser security measures than office models has become “kind of a perfect storm, that has made this a particularly vulnerable moment when it comes to cyber security,” said Jesse Hirsh, a technology researcher and journalist.
While Hancock said her Zoom call was password protected, and organizers had assured participants they followed appropriate security measures, Hirsh noted the deluge of new Zoom users has exposed the service’s software flaws.
“They have sort of suffered from their own popularity. They really weren’t prepared for that growth of users, and that illustrated that they had a whole bunch of security practices that weren’t up to snuff,” said Hirsh, noting no video chat platforms have been immune to cybercrime.
Hancock holds no ill will against the workshop’s organizers, who weren’t based in Canada but reached out to participants to notify them local police have been contacted. Hancock hopes Zoom itself takes more action for future calls.
“I’m sure they’re taking steps to protect people, but I currently don’t feel like it’s enough,” she said.
Check your router
As videoconferencing companies work to lock down their security practices, and no return to in-person meetings appears imminent, Hirsh said there are steps people can take to decrease their own vulnerability.
“The main advice I give to people is, to think about your router,” he said.
“Tragically, most people don’t even know how their router exists, let alone how to operate it. And in many cases, your router has a firewall, it has security software you could be using to protect and monitor your network, and most people are oblivious.”
Hirsh said it’s worth taking the time to configure routers security settings, but there are also less advanced techniques that can help make a difference, such as ensuring all updates and patches for applications and operating systems are installed as soon as they’re available, changing passwords and using different web browsers for online banking and social media.
Hancock’s first line of defence will be staying off Zoom for as long as she can manage, and she would be “nervous” to use it again. She hopes others in Newfoundland and Labrador realize how easily a hack can happen, and how difficult the consequences of hacking can be.
“If it happened to me here in Corner Brook, then it must be able to happen to anyone,” she said.
“I just really don’t want anyone else to have to see that.”