Local and federal law enforcement have identified a person believed to be involved in a recent University of Florida “Zoom bombing.”
UF announced Friday that authorities have zeroed in on a 13-year-old Memphis girl, but that the investigation is ongoing, and no charges have been filed.
The UF police department launched an investigation after a March 31 student government meeting, held on the Zoom teleconference platform, was bombarded with images of swastikas and pornography.
UPD reached out to the FBI field office in Gainesville for assistance. Using information provided by UPD and UFIT, the FBI followed a lead to Tennessee, where they identified the girl.
The girl, who has not been named, told law enforcement the incident was meant to be a joke.
“This is absolutely not a joke,” UF Police Chief Linda Stump-Kurnick said. “We take these matters very seriously, and we will pursue any and all leads to help ensure anyone involved in incidents like this is held accountable.”
Hostile teleconference takeovers have become increasingly common in recent weeks as people transition to working from home to avoid spreading the novel coronavirus. The FBI issued a statement last month warning Americans about the attacks and providing recommendations to help schools, businesses and others avoid them.
The recommendations:
— Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
— Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
— Manage screensharing options. In Zoom, change screensharing to “Host Only.”
— Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
— Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
The bureau said victims of teleconference hijackings can file a report with the FBI’s Internet Crime Complaint Center at ic3.gov.