Tuesday, March 31, 2020

FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic

As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoom-bombing”) are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.

Within the FBI Boston Division’s area of responsibility (AOR), which includes Maine, Massachusetts, New Hampshire, and Rhode Island, two schools in Massachusetts reported the following incidents:

    In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction.

    A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual. In this incident, the individual was visible on the video camera and displayed swastika tattoos.

As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts. The following steps can be taken to mitigate teleconference hijacking threats:

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
If you were a victim of a teleconference hijacking, or any cyber-crime for that matter, report it to the FBI’s Internet Crime Complaint Center at ic3.gov. Additionally, if you receive a specific threat during a teleconference, please report it to us at tips.fbi.gov or call the FBI Boston Division at (857) 386-2000.

Monday, March 30, 2020

Lehighton Man Charged With Internet Threats

SCRANTON - The United States Attorney’s Office for the Middle District of Pennsylvania announced that Corbin Kauffman, age 31, of Lehighton, Pennsylvania, was charged on March 27, 2020, by a criminal information with interstate transmission of threats to injure the person of another.  Kauffman was originally charged by a criminal complaint on April 1, 2019.

According to United States Attorney David J. Freed, The criminal information alleges that Kauffman posted a threatening image on a social media website on March 13, 2019.  The image was a digitally-created image of Kauffman’s arm and hand aiming an AR-15 rifle at a congregation of praying Jewish men, gathered in what appears to be a synagogue.  Kauffman used various aliases online to post hundreds of anti-Semitic, anti-black, and anti-Muslim messages, images, and videos.  Several of these posts, like the one charged in the information, included threats to various religious and racial groups.  Other posts expressed a desire to commit genocide and “hate crimes,” and called for or depicted images of the killing of Jewish people, black people, and Muslim people.  Kauffman also created and posted videos combining footage of a mass shooting at a Christchurch, New Zealand mosque with various audio tracks to celebrate the shooting, including video game sound effects and music.

Kauffman also posted pictures of acts of vandalism he committed, including the defacement of a display case at the Chabad Lubavitch Jewish Center in Ocean City, Maryland with white supremacist and anti-Semitic stickers.  Kauffman faces additional state charges in Pennsylvania and potentially in Maryland for those acts.

“Pennsylvanians know all too well how dangerous these kinds of white supremacist threats can be,” said U.S. Attorney Freed.  “The last thing we want is to see another tragedy like we saw at Tree of Life Synagogue in Pittsburgh, or at Al Noor Mosque in Christchurch, or at Emanuel African Methodist Episcopal Church in Charleston.  We don’t know what might have happened, but we take these threats seriously, and I commend the FBI for their vigilance and quick action in this case.”

The case is being investigated by the U.S. Federal Bureau of Investigation.  Assistant U.S. Attorney Sean A. Camoni is prosecuting the case.

Indictments and Criminal Informations are only allegations.  All persons charged are presumed to be innocent unless and until found guilty in court.

A sentence following a finding of guilt is imposed by the Judge after consideration of the applicable federal sentencing statutes and the Federal Sentencing Guidelines.

The maximum penalty under federal law for this offense is 5 years of imprisonment for each violation, a term of supervised release following imprisonment, and a fine. Under the Federal Sentencing Guidelines, the Judge is also required to consider and weigh a number of factors, including the nature, circumstances and seriousness of the offense; the history and characteristics of the defendant; and the need to punish the defendant, protect the public and provide for the defendant's educational, vocational and medical needs. For these reasons, the statutory maximum penalty for the offense is not an accurate indicator of the potential sentence for a specific defendant.

Thursday, March 26, 2020

U.S. Attorney warns public of Coronavirus email malware schemes

COLUMBUS, Ohio – U.S. Attorney David M. DeVillers advises the public to be cautious about emails purporting to offer safety information about the coronavirus and containing a hyperlink. Many such emails contain malicious programming that can harm computers, access user’s personal information, and cause financial harm.

For example, emails might promise to:

    Tell you how to protect your friends from COVID-19 if you click a hyperlink
    Directly connect with you a clinical contact if you reply and pay within a certain timeframe
    Provide updated information from a health expert via a hyperlink

U.S. Attorney DeVillers reminds you to stay vigilant, think twice before clicking on links and only respond to emails in which you know the source.