San Jose City Leaders, Residents Endure Rise In 'Zoombombings'
SAN JOSE (CBS SF) -- San Jose City Council member Raul Peralez fell victim to hackers twice in one week in a new online harassment trend.
The trend, known as "Zoombombing" is when video conferences are interrupted by unwanted visitors, who often display pornography or slurs. It has become so pervasive, the FBI issued a warning about the harassment last month.
Earlier this month, a naked, obscenity-screaming man hacked into a Berkeley High School instruction session, leading Berkeley school officials to suspend all online video classes.
While many states across the country have ordered residents to stay at home, several schools and businesses have transitioned meetings to online video conferences with software from San Jose-based company Zoom Video Communications.
Peralez was in a video conference with the Roosevelt Neighborhood Association April 1. It only took five to 10 minutes before the meeting went awry.
"All I could hear was, 'N***er, n***er, n***er,'" said Chris Patterson-Simmons, a local business owner who attended the videoconference.
After screaming the n-word repeatedly, hackers projected an illustration of male genitalia onto the screen and a video of a couple performing oral sex.
Jeff Levine, a neighborhood advocate, hosted the videoconference. He said he has used Zoom for a few years and was able to kick out the first hacker swiftly.
"It started with one account, so I was able to block that one, but then it just exploded," Levine said.
That was when dozens of accounts logged in and Zoombombed the meeting, Levine said. He couldn't tell if it was a team of Zoombombers or just one hacker generating several accounts.
After about five minutes of epithets and obscene images, Levine shut off the video conference.
"They were also saying, 'Raul Peralez is a child molester,'" Patterson-Simmons said.
Levine and Peralez said they did not hear a hacker say that, but they're not sure if that means Peralez was targeted, or if a hacker simply read his name on the screen.
Peralez said he logged off after two minutes, and perhaps that's why he didn't hear it.
"It could have been someone 2,000 miles away or it could have been someone local in San Jose," Levine said.
The following day, Peralez participated in another video conference - this time with the Valley Transportation Authority. After about 15 minutes, he saw multiple accounts log in as "Lan Diep," a fellow council member who was already on the video conference.
Similar to the previous online meeting, hackers shouted racial slurs and displayed pornography.
People are drawn to Zoom for its user-friendly and seamless experience, said Ahmed Banafa, a cyber security expert and engineering professor at San Jose State University. But the company can't have both convenience and safety, he warns.
"There are some people benefiting off the sudden fame of Zoom, and Zoom isn't ready for this," Banafa said. "They weren't ready to become No.1 in the world when it comes to video conferencing. ... [But] they're trying to catch up with this."
Zoom CEO Eric Yuan apologized in a blog post this month for the unwanted interruptions and committed to fixing the problem with new security measures as the company's client base balloons from 10 million users per day to more than 200 million. Last week, the company made it mandatory by default for all video conferences to require passwords and approval from the host for other accounts to join.
The difference between the two video conferences where Peralez witnessed his first Zoombombings is one was public and the other required authorization.
Levine takes the blame for the outcome of the neighborhood meeting. He said by making the video conference public and sharing the link to social media, it was bound to get Zoombombed.
Although the VTA video conference was viewable to the public, it required account verification for people to access their cameras and microphones to engage in the meeting. Somehow, hackers were able to bypass this step.
"The online disruption during VTA's Board of Directors virtual meeting is of great concern, and we regret that it happened," said Brandi Childress, media and public affairs manager for VTA. "While VTA is not unique in having to use technology for solutions, which also increases vulnerabilities, we are tightening our procedures to improve security and other general operational protocols going forward to prevent this from happening in the future."
Meanwhile, New York City schools have banned Zoom. Chancellor Richard Carranza announced on Twitter on April 5 that the New York City Department of Education will use Microsoft Teams for online classes instead.
In Michigan, lawmakers turned Zoombombing into a federal offense.
The U.S. Department of Justice this month published a notice with Michigan's attorney general and the FBI, warning hackers and pranksters of potential legal penalties for Zoombombing, including fines and imprisonment.
Those who are Zoombombed may also be at risk for having important documents or confidential information stolen, the agencies warned.
This story was first published by San Jose Spotlight.
