Editors Note: This story does discuss racism, antisemitism and sexual harassment.
On Wednesday, a federal court hearing on a lawsuit involving New York’s self-directed home care program was derailed by hackers.
“I just got hacked by some big porno thing. Can you believe that?”
Federal District Court Judge Frederic Block was stunned after his virtual hearing was invaded by “zoombombers.” Speaking with others in the meeting, he reacted in real time.
“Are we okay now? You gotta stay there with me, because I don't trust this stuff," said Block.
The hearing was to discuss a proposed final settlement in a class action lawsuit against the state Department of Health. Consumers have sued the state for allegedly violating their rights before losing home care during a major change in the state’s program.
But instead of getting into the issue at hand, just a few minutes into the hearing, a user appeared to take “host” control of the Zoom meeting, and then three users began playing vulgar videos. The videos depicted men involved in sexual activity, swastikas, KKK emblems, Confederate flags and other offensive images.
“I would say that this is a, probably, a moderately sophisticated attack at least,” said Jeremy Blackburn.
Blackburn is an associate professor of computer science at Binghamton University
“They must have had management software, some kind of script, something ready to go, to play all the videos on different screens concurrently," Blackburn said.
Blackburn has studied these types of attacks, called “zoombombing,” since they first became popular during COVID.
“My expertise lies in the large scale measurement and analysis of, kind of, jerks online. I usually say a-----s online. You know, some people don't like to print that, but that's my expertise. I'm a computer scientist that, you know, knows all a lot of this type, type of bad stuff," said.
Over the past eight days, a similar attack appears to have derailed an opioid settlement council meeting for the state of Mississippi, a board of regents meeting for Western New Mexico University and an Arkansas Board of Corrections meeting, all held over Zoom. Blackburn says the offensive content shown during the attack is typical of zoombombing.
“You shouldn't take this, these type of attacks, necessarily, at face value," said Blackburn.
Blackburn explains these attacks can be ideologically driven, but not always. Often the hackers take control of the meeting, sometimes by targeting meeting hosts ahead of time with phishing emails. Most often, once in control, they display offensive content to terrorize and upset meeting attendees.
“This sounds like something that a bunch of people on 4chan, whatever, were just... launching an attack would be very shocking. Messing with people at an extreme, you know? Like, it's much harder, but how much more can you mess with people if you take over a Zoom call than this?" said Blackburn.
Blackburn says these attacks are becoming more common. People should take typical security precautions, hosts should be aware they might be targeted, and government agencies and departments hit should investigate. But it’s hard as an attendee of a Zoom meeting to really avoid these attacks.
“I'm going to be honest, I think people kind of are gonna need to expect that this is the type of attack that they are, or cyber security incident, that they are most likely to be a part of," said Blackburn.
We reached out to the Federal Court for the Eastern District of New York, and asked if the court have any comment on the hacking, if the court will investigate this hacking and its source, as well as what security precautions or resources does the federal court have to protect itself?
"The Court has no comment," an administrative specialist for the District Executive's Office said in an email reply.
