Slew of ‘Zoombombing’ child abuse cases being investigated by UK authorities
Image credit: Marija Stepanovic | Dreamstime
The National Crime Agency (NCA) has revealed UK authorities are currently investigating more than 120 cases of Zoom video calls that have been hijacked by people to display images of child abuse.
The practice of 'Zoombombing' has increased during the coronavirus lockdown, as vast numbers of people have turned to the video-conferencing platform to speak with family, friends and colleagues whilst self-isolating to minimise viral transmission rates. The Zoom app has been the subject of many incidents of strangers disrupting video calls with offensive language and imagery.
In a statement, an NCA spokesman said: “The NCA is leading and coordinating the UK’s response to Zoom video conferences being interrupted by indecent images of children, with police forces conducting their own investigations into more than 120 cases.”
Such cases have been widely reported because of a security flaw in the platform which allowed anyone to access a meeting if hackers were able to obtain the meeting ID number or access a link.
Many instances of Zoombombing have also occurred after the meeting details were shared publicly on social media. Zoom, safety organisations and the police have discouraged users from doing this.
“Our role includes understanding whether the IP addresses used and the horrific images shared are the same. This will enable the NCA to identify links between offences and co-ordinate investigations,” the NCA said.
The spokesperson said that if any of the images are brand new, the agency’s specialist victim identification team will help forces identify and protect the children involved. “The NCA is also liaising with US authorities to deconflict inquiries,” they added.
Zoom recently announced a range of security updates to the service - including new password controls and virtual waiting rooms for meetings turned on by default - to help prevent uninvited users from joining calls. A clearer, centralised security menu and increased encryption have also been added.
In April, the firm also announced that it was suspending all other new product development to focus on updating its flagship app's security features. In the same month, Zoom was slapped with a Californian class-action lawsuit over accusations that it failed to safeguard its users’ personal information.
In advice issued on using Zoom, the NCA said social media should not be used to share conference links or passwords; that meeting hosts should turn off the ability for participants to join a call before them, and that hosts should verify all the people taking part before allowing them to join a call.
“The appalling scale of Zoombombing involving child sexual abuse imagery lays bare the platform’s failure to protect the safety of its users,” said Andy Burrows, head of child safety online policy at the NSPCC.
“Recently referring to serious incidents such as this as ‘normal speed bumps’ highlights how Zoom’s bosses have woefully underestimated the scale of the problem.”
Burrows said that if regulation was in force today, the video-conferencing platform would have significantly breached their duty of care, with such systematic failures resulting in criminal sanctions: “This is exactly why it is crucial for the Government to urgently commit to introducing a world-leading online harms bill to the statute book within 18 months”.
Phil Perry, Zoom's head of UK and Ireland operations, said it was working with the National Crime Agency to act against such incidents.
“These incidents are truly devastating and appalling and our user policies explicitly prohibit any obscene, indecent, illegal or violent activity or content on the platform,” he said, adding that the company condemns such behaviour and acknowledges the NCA’s efforts to raise awareness around how best to prevent these kinds of attacks.
Perry has urged users to report any incidents of this kind either to Zoom, so it can take appropriate action, or directly to law enforcement authorities.
“We have a dedicated trust and safety team that uses a mix of tools to proactively identify accounts that may be in violation,” Perry said.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.