National Crime Agency investigating ‘Zoombombing’ child abuse incidents
The National Crime Agency (NCA) has confirmed it is investigating reports that child abuse footage was used in some recent “Zoombombing” incidents.
The BBC reported that several users of video calling app Zoom had recently experienced incidents where their meeting had been interrupted by abuse footage.
It said one of the meetings in question had been publicised on social media – something a number of online safety groups and Zoom itself urge users not to do.
Zoombombing is the name given to incidents where a stranger accesses a meeting uninvited and displays offensive material.
NCA deputy director Charles Yates said: “We can confirm we have received this report and we are now making further inquiries to establish the circumstances.
“We are also aware of a number of other reports of similar instances and the NCA is working with partners in the UK and abroad, law enforcement and private sector, to respond to these cases.
“Operators of these platforms need to do all they can to ensure their services aren’t exploited or compromised in this way, particularly at a time when live streaming applications have reported significant increases in their use.
“Child sexual abuse remains a priority threat for the NCA. We are continuing to pursue high-risk online offenders to ensure they are arrested and children are safeguarded.”
Zoom has been the subject of security concerns over some of its features, including previously not requiring a password to access a meeting by default.
Concerns have also been raised after the service inaccurately suggested on its website that it used end-to-end encryption when it does not, and in another incident admitted that some meeting data may have been routed through servers in China, sparking privacy fears.
In a statement on the Zoombombing incidents, a company spokesman said: “This incident is truly devastating and appalling, and our user policies explicitly prohibit any obscene, indecent, illegal or violent activity or content on the platform.
“We are looking into this specific incident to ensure the appropriate action is taken. Zoom strongly condemns such behaviour and recently updated several features to help our users more easily protect their meetings.”
The video app announced on Wednesday that a new version of its software would be released shortly which fixes many of the security issues raised about the platform, including upgrading encryption, making using passwords a default to access a meeting and allowing hosts to quickly report malicious users in meetings.
In response to the China concerns, Zoom confirmed that users will be able to choose the data centre their data is routed through as part of the update.
“We encourage users to report any incidents of this kind either to Zoom so we can take appropriate action or directly to law enforcement authorities,” Zoom added.
It comes as a London NHS trust confirmed it has recommended staff not to use the app to talk to patients.
The Central London Community Healthcare (CLCH) NHS Trust employs nearly 3,500 people and supports two million patients across London and Hertfordshire.
It said that because its staff already have access to BlueJeans, an alternative platform for secure video calls as part of patient appointments, it was not recommending the use of Zoom or any other tools for this purpose.
The @NCSC have launched a 'Cyber Aware' campaign to combat cyber security threats. Read more below: https://t.co/KE5qhPof96
— ICO (@ICOnews) April 21, 2020
“In light of alternative, secure tools being available to our staff, Central London Community Healthcare NHS Trust is not recommending the use of Zoom for patient video appointments,” a spokesman for the trust said.
“This is in line with recently published guidance from the Information Commissioner’s Office and NHSX.
“The security of patient information and our responsibilities as a data controller are of paramount importance to the trust, and we continue to review national guidance on this matter.”
The Information Commissioner’s Office (ICO) has encouraged businesses to select a video conferencing platform “that matches their policies” on privacy and security.
Zoom said numerous other organisations, including other NHS trusts, had approved it for use.
“A large number of global institutions ranging from the world’s largest financial services companies, to leading telecommunications providers, government agencies, universities, NHS trusts and others have done exhaustive security reviews of our user, network and data centre layers and confidently selected Zoom for complete deployment,” the company said.
