“Horrifying” Zoombombing attack on ICANN meeting, again
ICANN’s eleventh-hour decision to remove password requirements for ICANN 68 was proved wrong almost immediately after the meeting got underway on Zoom today.
According to participants and ICANN itself, several sessions were “zoombombed” this morning, with apparently pornographic content.
Zoombombing is where trolls disrupt public, open Zoom meetings with content designed to offend.
ICANN 68 is taking place on Zoom, but on Kuala Lumpur time. I was asleep during the attacks and ICANN has yet to post the recordings of any of today’s sessions, so I can’t give you any of the details first-hand.
But judging by a handful of social media posts that reference the attack, it seems to have been pornographic in nature. ICANN said it comprised “audio, images and video”.
One participant described it as “funny at first…until it was not”, while another said it was “horrifying” and left her feeling “completely vulnerable”.
ICANN said in a blog post that the trolls were swiftly removed from the sessions.
It added that it has changed the format of the remainder of ICANN 68, unplugging certain interactive components and requiring passwords to be entered before access is granted.
This means you’re going to have to register for each session and click emailed confirmation links, it appears.
Only the Governmental Advisory Committee is staying on the platform with its original vulnerable configuration.
ICANN had been planning to require passwords since a similar attack at an inter-sessional meeting in March, but changed its mind last week after security upgrades made by Zoom gave leaders a greater sense of confidence in the platform.
It appears that confidence was misplaced.
You won’t need a password for ICANN 68 after all
ICANN has ditched plans to require all ICANN 68 participants to enter a password whenever they enter one of the Zoom sessions at the meeting next week.
The org said today that it will use URLs with embedded passwords, removing the need for user input, after reviewing changes Zoom made last month.
These included features such as a waiting room that enables meeting hosts to vet participants manually before allowing them to enter the meeting proper.
ICANN said: “Please use these links cautiously, only share them on secure channels such as encrypted chat or encrypted e-mail, and never post them publicly.”
ICANN had said last month, before the Zoom changes, that it would require passwords in order to limit the risk of Zoombombing — where trolls show up and spam the meeting with offensive content. One ICANN Zoom session had been trolled in this way in March.
The org also said today that participants will be asked to give their consent to be recorded upon entry to a session.
“It is our hope that this small change empowers attendees by providing quick access and more control over the acceptance of our policies as it relates to attending virtual meetings,” ICANN lied, to cover for the obvious piece of legal ass-covering.
Refuse consent and see how far you get.
After Zoom trolling, ICANN 68 will be password-protected
If you want to show up to ICANN 68, which will be held online next month, you’re going to need a password.
ICANN said this week that it’s updating its Zoom software and standard configuration to require passwords. In a blog post outlining a number of changes to its Zoom instance, ICANN said:
The most impactful change is the new requirement that all meetings be secured with a password. This is the first step recommended by security professionals to keep meetings secure, and one which we had largely adopted org-wide prior to making it a requirement for all. We will make another announcement in the coming weeks regarding how this may impact joining meetings during ICANN68, as we work towards the best overall solution.
Quite how this could work while maintaining the usual openness of ICANN’s public meetings — which have always been free to attend basically anonymously — remains to be seen.
At ICANN 67, Zoom sessions that were open to the public simply required you to enter a name. Any name. At in-person public meetings, I don’t think you even need to show ID to get a hall pass.
The changes come in the wake of a “Zoombombing” incident during a minor meeting in March, during which trolls showed up via a publicly-posted link and flooded the session with “inappropriate and offensive” audio and imagery.
ICANN meeting got “Zoombombed” with offensive material
An ICANN meeting held over the Zoom conferencing service got “Zoombombed” by trolls last month.
According to the organization, two trolls entered an ICANN 67 roundup session for Spanish and Portuguese speakers on March 27 and “shared inappropriate and offensive audio and one still image” with the legitimate participants.
The session was not password protected (rightly) but the room had (wrongly) not been configured to mute participants or disable screen-sharing, which enabled the offensive material to be shared.
The trolls were quickly kicked and the loopholes closed, ICANN said in its incident report.
ICANN appears to have purged the meeting entirely from its calendar and there does not appear to be an archive or recording, so I sadly can’t share with you the gist of the shared content.
Zoombombing has become an increasingly common prank recently, as the platform sees many more users due to the coronavirus-related lockdowns worldwide.
Recent Comments