An internal government letter revealed that Zoom-bombers had disrupted a meeting held by the U.S. House Oversight Committee.
In a letter sent to Representative Carolyn B. Maloney (D-N.Y.), chairwoman of the House of Representatives’ Committee on Oversight and Reform, ranking member Jim Jordan (R-Ohio) revealed that the incident took place at the beginning of April:
…[O]n April 3, 2020, you held a Zoom-hosted Member briefing on women’s rights in Afghanistan with the Special Inspector General for Afghanistan Reconstruction (SIGAR). During this important briefing, the session was “Zoom-bombed” at least three times. The impact of hacking and malware on Member and staff devices is still being determined.
Representative Jordan explained in his letter that the experience referenced above demonstrated that “Zoom is not an appropriate platform for Committee business.” He therefore asked Chairwoman Maloney to suspend the Committee’s use of Zoom for Committee-related meetings and to evaluate Committee’s digital security policies.
The incident referenced in the Committee letter occurred just days before the Senate Sergeant of Arms wrote that Zoom posed a “high risk” to users’ security ad privacy. This federal law enforcement body therefore said it would use only “Senate-supported technologies” for its video conferencing needs and that no Senate offices were authorized to use a Zoom product.
It’s unclear what the Zoom-bombers did during the Committee’s meeting with SIGAR. As referenced in Representative Jordan’s letter, individuals commonly use Zoom-bombing to bombard video conferencing participants with hate speech, obscene gestures and/or pornographic images.
Fortunately, users and organizations can continue to use Zoom while minimizing the risk of Zoom-bombers. They can do this by creating a random meeting ID for every Zoom call instead of using their personal ID number. They should also protect each of their meetings with a password.
News of the Zoom-bombing incident in the U.S. House Oversight Committee came just days after the security community learned that malicious actors were actively selling exploits for two zero-day vulnerabilities present in the latest versions of Zoom for Windows and macOS.