S

ocial media analyst Ismail Fahmi was answering questions from participants during a Zoom webinar last Thursday when he noticed something was off.

Certain participants were regularly disrupting the session by hurling racial slurs and even displaying lewd images using Zoom’s screen-sharing feature.

“I wanted to concentrate, but I couldn’t because they were really disturbing,” Ismail said.

What Ismail and the 100 participants experienced was an example of “Zoombombing”, a type of cyberattack in which unknown users drop in on Zoom sessions, often uninvited, to disturb the meetings.

The webinar in which Ismail participated was organized by the National Information and Communications Technology Council (Wantiknas) to discuss how to handle online hoaxes and disinformation.

Gerry Firmansyah of Wantiknas said the organizer of the webinar had in fact taken security measures from the get-go, including by screening the participants, subscribing to the Zoom premium plan, using a unique password and IDs and employing up to five cohosts to moderate the session.

“Yet, it seems that some of them [Zoombombers] used the IDs of other participants when they were leaving the session,” he said.

Much to their surprise, an electronic flyer for the event they posted on social media that included the Zoom meeting ID and password helped the Zoombombers access the session.

Gerry apologized for the incident, saying Wantiknas would now reach out to Zoom for a review and clarification about it.

Teleconferencing platforms such as Zoom have become very popular during the COVID-19 outbreak in Indonesia, with companies implementing work-from-home policies.

Iqbal Dwiharianto, 25, a writer for a private company, has used Slack and Zoom for the past three weeks for videoconferencing to make up for a lack of in-person meetings.

He uses a premium Zoom account paid for by his employer.

“Honestly, I haven’t read about all of that [security risks], or noticed anything weird when using Zoom on my laptop,” Iqbal said. “They [the office] have prepared several security protocols though, and we have been trained to follow them since the beginning.”

Even lawmakers in Indonesia have used Zoom to host virtual hearings.

However, the United States-based platform is not free from security holes, and more and more entities around the world have begun looking for alternatives.

India, for instance, banned last week the use of Zoom for remote government meetings, saying it “is not a safe platform”. The New York school system in the US has also banned the use of the videoconferencing platform because of security concerns, while the FBI has warned of Zoom sessions being hijacked, the AFP reported.

According to a recent report by The Washington Post, up to 15,000 personal Zoom videos have been left viewable on the web.

Zoom videos from teleconferences are not recorded by default; however, users who host or initiate a teleconference can choose to record any sessions and save them to Zoom servers or their own computers without the participants’ consent, although they are given a notification if a meeting is recorded. The videos on Zoom’s system might not be easily accessed, but some videos may be stored elsewhere without the participants’ consent, including on YouTube, The Washington Post reported.

Zoom did not respond to The Jakarta Post’s email request for comment.

In a blog post from the company dated April 1, Zoom chief executive and founder Eric Yuan said that, with usage of Zoom ballooning in recent weeks, the company felt an immense responsibility to its users and was striving to improve its services.

Around 200 million people used Zoom every day in March, up from an average of just 10 million per day in December.

Unggul Sagena from digital rights group the Southeast Asia Freedom of Expression Network (SAFEnet) said the government had failed to anticipate cybersecurity risks and people’s reliance on technology to work remotely during the COVID-19 outbreak.

“When people use applications, they don’t always have enough awareness to ask simple questions about why they are using them in the first place. Not many basic users are aware of how safe the application is,” he said.