After two separate incidents in which hackers hijacked virtual public meetings in Baton Rouge, posting lewd images and hollering curse words and racial slurs, local officials say the FBI may get involved.
As more workplaces and communication go online — particularly during the isolation caused by the coronavirus — experts warn this kind of intrusion can be difficult to stop, but there are some ways to prevent them.
BREC’s Thursday night meeting held on Zoom was taken over by someone who posted graphic images and playing music riddled with the lyrics “f*** all those n******!”
Earlier in the day, Build Baton Rouge’s public hearing, also held on Zoom, was interrupted.
BREC officials released a statement Friday afternoon apologizing for the incident, saying the accounts responsible for the hack used sophisticated measures to conceal their identities.
BREC’s IT department is determining which FBI Cyber Crime officials to report to, and is investigating possible alternatives to future virtual meetings, according to BREC spokeswoman Cheryl Michelet.
No other BREC internal or customer systems were affected by the incident, she said.
The Build Baton Rouge Zoom public hearing had been organized to discuss a 5-year strategic plan and the use of federal grants, but it was also quickly interrupted.
Though the Mayor-President’s Office promoted the event and Mayor-President Sharon Weston Broome attended, it was not a an official government meeting, according to spokesman Mark Armstrong.
A representative of Build Baton Rouge didn’t respond to a request for comment Friday.
Experts in the cybersecurity field say that as public entities, businesses, individuals conduct business and social meetups virtually during the coronavirus pandemic, hacking and data breech complaints are increasing.
Jeff Moulton, president and CEO of LSU’s Stephenson Technologies Corp., said though people are now more exposed than ever, there are ways to lessen the chance of an interruption.
“It’s a nightmare and Zoom just happens to be the popular (platform) this month… there’s not much you can do because you’re obviously not encrypted,” he said. “All that said, those kinds of attacks are nuisance attacks, they’re just trying to piss you off.”
Moulton likened the need for what he calls digital hygiene to wearing a mask during the pandemic. As people take steps to reduce their exposure by social distancing and wearing a mask to lessen exposure, the same too should be done online by using software with end-to-end encryption and multi-factor authentication.
“From the get-go, assume you’re being watched and act accordingly… we aren’t ever going to eliminate this cyber threat like we’ve never eradicated the fly, we’ve got to learn to live with it,” he said.
Ryan Castle, the Chief Operating Officer of Trace Security in Baton Rouge, said the nature of Zoom public meetings or hearings are difficult to police because it’s not like you can have a security guard walking the aisles if someone gets out of hand.
“It really is more of an opportunity for these people versus trying to pick on BREC or somebody specifically, it’s looking for an open meeting to go bother people,” he said.
Those types of hackers can be controlled to an extent by enabling features like a ‘waiting room’ in virtual meetings where an organizer has to manually accept the attendees, requiring passwords to join and muting participants other than authorities and public commenters.
But some of those options may not be available to taxpayer-funded bodies, which are subject to laws that require their meetings to be public and for residents to have a chance to comment.
Castle said while these incidents appear to be more prank related, there’s always the concern of hackers recording sensitive conversations or delving deeper into malware attacks.
“You always have to be vigilant. Working remotely presents some extra challenges and with online meetings you can have some of these issues,” he said.
Build Baton Rouge’s public hearing has not yet been rescheduled. BREC’s meeting was able to continue after the hacking incident.