Police Say ‘Zoombombing’ Cases Easier Prevented Than Solved

By: Ryan Bray

Topics: Orleans news , Police, Fire And Harbormaster News , cybersecurity , Zoom

Zoom hacks have become a growing problem during the COVID-19 pandemic, but police say cases are difficult to prosecute. ORLEANS POLICE DEPARTMENT

ORLEANS -- Det. Sgt. Andrew McLaughlin has been investigating cybercrime for the Orleans Police Department for the past five years, and he says the job isn't getting any easier.

If anything, he said, it's only gotten harder as perpetrators continue to find different ways of committing crimes online.

"I try to stay on top of it as much as I can," said McLaughlin, who works with other Cape police departments on cybercrime cases. "It's changing all the time."

Police have been warning residents about phone and internet scams for years. In many of these cases, residents are reached by phone and asked to wire money or share their credit card information. Sometimes it's someone threatening prison time if the victim doesn't settle payment with the IRS. Other scams involve a caller posing as a grandchild or some other relative in need of money (see page 12 for more on how these scams target seniors).

But as individuals and businesses have depended more on video conferencing during the COVID-19 pandemic, a new threat to cyber security has emerged: Zoombombing.

At the end of September, Nauset school officials twice fell victim to Zoom hacks, first during a policy subcommittee meeting on Sept. 28 and again during a meeting of the Nauset High School Building Committee on Sept. 30. The latter meeting was quickly adjourned after hackers took control and began cursing, using racial slurs and writing offensive messages on a corresponding chatroom.

McLaughlin said while there has been an uptick in cybercrime cases during the pandemic, the recent Zoom hacks are the only ones that have been reported to Orleans police.

The Sept. 30 hack forced the building committee to reschedule their meeting for the following week. Members opted to hold the meeting in person in an effort to prevent another potential hack.

Police were made aware of the hacks, but McLaughlin said Zoombombing cases are difficult for the department to prosecute. For starters, he said, perpetrators go to great lengths to keep their identities concealed, making it difficult for police to trace where the hacking is being done and who is doing it.

"I liken it to peeling an onion," he said. "They create these layers that make it difficult for them to be identified, charged and convicted."
"These people are extremely well versed in the techniques to get access [to video meetings]," he added. "To determine how they do it, not just Zoombomb it but take control of a meeting, that in and of itself requires a deep investigation."

Unlike long-running internet and phone scams, there often isn't any financial incentive behind Zoom hacks, which McLaughlin said have been on the rise nationwide. So what's in it for the perpetrators?

"In my experience, for the people who do it, there's usually some ego behind it," McLaughlin said. "They're happy to show how smart they are, which I'd agree with. They're clearly smart, clearly intelligent, but they're narcissistic. They get their kicks watching people scramble. It gives them a little bit of power."

While he said he believes the recent Nauset hacks to be random in nature, McLaughlin cautioned that participants in Zoom calls that are hacked run the risk of having their personal information compromised. A hacker could find out information about one's address, relatives, neighbors and even credit card information just off of the name used during the Zoom call, he said.

"You don't need a law enforcement database to find this out," he said. "You're giving this information out when you sign up for Zoom, Amazon and Facebook."

Based in San Jose, Zoom skyrocketed in popularity as people around the globe pivoted to online work and school during the pandemic. In January, Forbes Magazine reported that the Zoom app was the fifth most downloaded app of 2020, with 477 million downloads.

McLaughlin said people can take simple steps to try to curb the potential for Zoombombing. Using the most up-to-date version of the app, as well as changing privacy settings to limit participation on Zoom calls to those you set up a call with, can help ward off possible hacks, he said, although he cautioned that there is no foolproof way of preventing them altogether.

But preventing hacks from occurring during a town government meeting is a little more challenging. In order to be in compliance with the state's Open Meeting Law, meetings conducted via Zoom must be open to all who want to join.

McLaughlin encouraged people to report Zoombombing cases to the police department. They should also fill out a report with the Internet Crime Complaint Center at ic3.gov.

"It's a lot easier to prevent a crime from occurring than it is to determine what the crime is, where it occurred, when it occurred and who is the victim."

Email Ryan Bray at ryan@capecodchronicle.com