"Zoombombing": Online courses, new targets of computer attacks
The return to school in a context where coronavirus is still active highlights the massive use of remote collaboration solutions.
We then start from distance learning. The problem, massive use of these digital solutions also encourages cybercrime. Schools where school leaders are confronted with cyberattacks.
This article will also interest you: CoviD-19 and e-commerce: watch out for the online scam
This was the case of Éric Kerouac, who had to manage during one of his psychology courses, in the psychology department of Cégep Garneau in Quebec City, an intruder who invited himself to his course to disrupt him. During the session, he made rather inappropriate speeches of the kind to be uncomfortable in all participants.
Unfortunately, these kinds of practices are quite common. Whether it is to spread racist, pornographic or even hateful speech, it is not uncommon for online courses to be used in this kind of intervention.
This practice of interfering in an online course with the aim of disrupting it is called "Zoombombing." Word that draws its source from the Zoom app. A remote collaboration software that was popularized during containment.
In this act of cyber malice, the objective of the cybercriminal is simply to pollute the base. "The students in attendance were laughing a little, but at one point I was afraid it would get out of hand, so I was trying to figure out how to get him out of the group," says Professor Kirouac. After an investigation by the college's IT department, using the IP address, it became known that the person was not in fact a student but earlier and a simple Laval citizen. He had surely used a name that was not his to be able to enter the court. However, Professor Louis did not know that he had the opportunity to withdraw permission for participants to rename themselves. "It's business you learn on the job," he says.
Indeed, it is possible to activate a waiting room. From the lamp and filter it has no one who can access the course and often even establish a password. It is also possible to control screen sharing, said Professor Sébastien Combs, a professor of computer science. A privacy specialist.
Some of them are similarly reflecting this problem. "You could hear a background noise, people talking together in another language An[…]d then the sound went up, they started screaming and flashing pornographic images. It was really aggressive and traumatic for me," complained one participant, for whom the event evoked very bad memories.
Indeed, cyber malice can have disastrous and traumatic consequences. Especially the person who already have a pretty complicated past.
Interviewed by computer security expert Steve Waterhouse, "don't[Les intrus] use too advanced methods to get into conferences, because they're misconfigured! The use of tools is misunderstood. ».
In the face of such a situation, the latter recommends that digital tools for distance learning be uniform. This then facilitates its control and the application of security measures.
Sebastien Combs, professor of computer science at UQAM, said training sessions should be introduced for educational institutions but also for companies that use this kind of system as part of their collaboration.
"Someone could also break in, turn off their microphone and camera, just to listen. […] There could be privacy risks," he warned.
And beyond this practice, we must also remember that it is possible to proceed by sending massive phishing emails. This is what happened last week at HEC Montreal, to students and administrative staff. A set of emails that seemed to come from the director.
Some establishment stop classes to find a solution to the flood of cyber malice campaign. "When an institution's operations are shut down suddenly and without explanation, I see it as indicators of a ransomware that has frozen all transactions," says Waterhouse. "Despite all the investment in security architecture, protections, and antivirus, the last link in this security chain remains the human. And it is the weakest link in the absence of adequate awareness," concludes the expert.
Now access an unlimited number of passwords: