As popularity of virtual meetings soar, concerns over abuse and harassment come to surfaceLaw enforcement officials say it is difficult to track down and punish people ‘bombing’ online meetings as they don’t leave behind evidence.
It was supposed to be a private Zoom webinar on ‘Women’s leadership in the forestry sector’ and Deepa Oli was all set to moderate a panel discussion on ‘Gender Equity and Social Inclusion in Forestry sector’.
But 20 minutes into the meeting on the evening of Saturday May 16, Oli along with 117 participants were “in total shock” when a close-up pornographic video suddenly took over the screen.
Not only that, the video was accompanied by horrifying voices that repeatedly kept on saying “Budi talai khub bolnu parne, aba bol” (Old lady, wanted to speak, now speak).
“Our team tried to remove the explicit content, but it was already late. The webinar was hacked, and we couldn’t do anything,” Oli told the Post. “The video and voices ran for the next two minutes or so before our team decided to shut down the entire Zoom account,” said Oli, a member of Female Foresters Nepal, a network of females working in forestry in Nepal that organised the webinar.
Along with Oli, attendees of the webinar call the incident sexual harassment deliberately targeted at the network. According to Divya Gurung, also associated with Female Foresters Nepal and one of the panellists at the webinar, the incident appeared to have been orchestrated to demean the participants. “ I feel like it was an attack on womanhood,” said Gurung.
With millions of people worldwide staying home to conform with ‘social distancing’ norms, they are now turning to video conferencing platforms such as Zoom to stay connected. Even schools, companies and various social groups are using such platforms for online classes and meetings. Zoom is free to use, and can accommodate more than 100 people if one purchases a large meeting license.
According to Eric Yuan, founder of Zoom, the number of meetings hosted on the platform reached up to 200 million in March from around 10 million in December. The latest report published by app tracking firm Apptopia also shows that Zoom was downloaded 2.13 million times around the world on 23 March- an increase from 56,000 a day two months earlier.
Despite the huge surge in its popularity, Zoom’s privacy and security loopholes have flagged concerns. Several cases have already been reported from across the world in which hackers ‘zoom bomb’ video conferences with hateful images and vulgar content.
In Nepal, other incidents such as the Female Foresters Nepal’s webinar have also been reported. Last week, the college where Manil Shrestha is doing his higher studies, had to terminate online class after a number of unrecognised “bombed” a group meeting and began chanting racial slurs and displaying pornographic images.
“It was a disturbing incident that really made us question if the platform is worth using since people are using it for cybercrime,” said Shrestha.
Representatives at the Cyber Crime Bureau also believe that Zoom bombing is a cyber crime. However, Senior Superintendent Raj Kumar Khadgi said that it was difficult to track down perpetrators of videoconference hacking as attackers don’t leave evidence that could be used against them. “We are aware of cases of Zoom booming, but we haven’t been able to take any actions,” said Khadgi.
According to Khadgi, as online platforms are a “tricky place”, perpetrators can commit the crime by creating fake IDs. Therefore, without tangible, physical evidence that a crime has been committed, it is difficult and time-consuming for law enforcement to bring the perpetrators to justice.
Deepa Oli said that following the incident, although the Female Foresters Nepal filed a complaint at the Cyber Crime Bureau, officials informed them that they couldn’t help.
According to the Metropolitan Police, Crime Division, between August 2019 and February 2020, 734 cases of cybercrime have been reported in the city. While the hacking of online platforms topped the list with 555 complaints, 61 complaints were related to the uploading and sharing of explicit content on YouTube and other social media sites.
Although hackers have been criticised for misusing Zoom to spread obscene, indecent and violent contents, researchers have pointed out that the platform is flawed with a range of and has numerous privacy issues, including the sharing of user data with Facebook. Its claim that the app is end-to-end-encrypted has also been shown to be false.
With increasing cases of bombing, Yuan recently apologised in a blogpost for “falling short” on security issues and promised to address concerns. Following the blogpost on April 1, BBC news reported that Zoom will be introducing a new level of encryption from May 30, which will “provide increased protection for meeting data and resistance against tampering.”
While the team at Zoom are working on clearing up security loopholes, Chandi Raj Dahal, assistant professor at Department of languages and mass communications at Kathmandu University, said that the users should always implement security precautions regardless of the online platform they use.
“Most people use Zoom as a medium to reach out to others, but they don’t take the privacy part into consideration. Thus, the participants on Zoom must always make use of privacy settings and they should be aware that anyone, who has the link to a public meeting can join them. Most of the hacks have taken place after links were shared on social media, where everyone can see them,” said Dahal.
Shrestha also believes that along with the Zoom’s security defects, there is a possibility that someone in his group may share the link to a conference to potential hackers.
While Gurung is unsure if the Female Foresters incident took place because of a security defect in Zoom, or carelessness on the part of attendees, she is confident that if the security measures are not boosted, more meetings will be bombed and more perpetrators will use the platform to harass and abuse others.
Gurung further said that despite the incident, they didn’t cancel the event. Instead, they changed their privacy setting by muting the microphones of people listening, disabling multiple video sharing, and allowing only the host to speak and share video.
“We tried to secure our meeting by using available privacy settings, but we didn’t let the hackers cancel our programme. We fought back,” said Gurung.