As people everywhere are under lockdown due to the coronavirus (COVID-19) pandemic, athletes and exercise enthusiasts are looking online for ways to stay fit and keep connected with their sports of choice.
SwimSwam even launched our own At Home Swim Training segment on our site, consisting of coaches, elite athletes, clubs and more offering up ways to shape up while in quarantine.
Scottish Swimming was set to do its part, having arranged a digital workout for a limited number of selected participants to follow alongside their idols. Commonwealth Games champion Duncan Scott was among the national swimmers set to partake in the workout conducted via the popular, free web conferencing app called Zoom.
However, things took a terrible turn this morning during the live workout, as the production was ‘Zoom bombed’ by uninvited guests. The intrusion resulted in graphic images being shown to age groupers and others attending the eworkout.
Scottish Swimming took immediate action by closing out the video and reporting the incident to the police. In its statement concerning the incident, Scottish Swimming said the following:
Scottish Swimming sincerely apologises for the incident that happened this morning (Tuesday 14 April) during an organised Zoom event, where the aquatics community were invited to work out alongside our performance athletes.
At the end of last week we shared information about the workout across our social media platforms, asking those interested in participating to log into a link that was shared publicly this morning. Unfortunately the link was ‘Zoom-bombed’ with disturbing content shared with circa 300 people that had signed in to the event. The video was immediately shut down and the incident referred to the police and their cyber-crime unit. We apologise to everyone involved and deeply regret the outcome of today’s event.
Scottish Swimming will continue to support and engage with our aquatic community during this time in isolation and have started a full review of the process undertaken today along with consideration of security measures across all platforms, in order to put in place measures to prevent any further incidents of this nature happening again.
At a time when the aquatics community was pulling together and supporting one another so positively, it is very upsetting to have a minority cause upset and distress during the lockdown.
Not mincing words regarding the incident, Scott also said after the call, “I am in disgust. Our open invite WOD cancelled due to a sick individual. I am sorry for what everyone and more importantly what the kids that were a part of the WOD had to see!!”
Zoom has been at the center of controversy as a result of usage skyrocketing with folks at home due to the pandemic. In late March it was discovered that the company highly overestimated its end-to-end encryption, which has resulted in several class-action lawsuits.
For Zoom bombing specifically, it’s important to note that the intruders are not doing anything of the ‘hacking’ nature. They are simply accessing meetings/conferences/presentations using the link provided to others that has been ultimately disseminated and made public.
Remedies for proactively preventing Zoom bombers can include limiting the use of your Personal Meeting ID, setting up meetings with password protection and disabling the ‘join before host’ setting. Waiting Room and Lock Meeting options can also be used for extra security. You can read more about those here.
So in essence, someone posted the link to a ZOOM session on social media and now they blame ZOOM when an intruder joined? It’s like walking up to a burglar, hand him the keys to your house and then blame the lock manufacturer for producing locks that can easily be picked.
A bigger question is whether the people organising these online sessions should even be allowed to be around your kids. Seriously.
Cisco WebEx has a free offer for 100 users and has worked out the security issues already since they have been in the B2B world for years. No funky background setting tho. https://help.webex.com/en-us/n80v1rcb/Cisco-Webex-Available-Free-in-These-Countries-and-Regions-COVID-19-Response
Set the meeting as a webinar where attendees dont have the ability to share audio/ video and this can’t happen
As someone who works in a University, we’ve been heavily warned against using Zoom for our online classes. Simply put, Zoom does not really care about security issues. There are other, free-to-use, alternatives that are much more secure, e.g. Jitsi.
That said, it really wasn’t very sensible of Scottish Swimming to post the link to the meeting on social media. That’s like a shining beacon saying “come get us” to these people.
And yes, the real villains are the bombers, obviously. Vile people, and I really don’t understand how people can get pleasure out of this sort of thing.
As someone who works for a company with over 100,000 employees and manages the team who is responsible for Zoom, I can tell you with 100% certainty that you can securely host large scale meetings/webinars like this. There are a number of controls available in the platform, if Zoom is guilty of anything it’s that they made the experience easy to host/join a meeting by default which leaves meetings like this open to attack. My experience with them these past couple weeks is that they’ve worked around the clock to implement controls that prevent these types of attacks by default, but like I mentioned earlier simply mute the audience and don’t allow them to share content when hosting public events.
Thanks good to know.
The “zoombombing” attacks are easy to avoid, it’s the myriad other security issues that cause real concern. Large organizations have robust security controls that mitigate risk. Most individuals and smaller business don’t have the resources to defend against these risks. As mentioned above, most schools/universities are currently banned from using Zoom and there are many other products out there.
Zoom’s product is just fine. People need to be held responsible for allowing these types of meetings to be posted on social media and expect nothing to happen. It’s not Zoom’s fault.
Terrible and very sad, but knowing how many sick people are around us it could be avoided if the link had not been publicly shared.
Passwords are your friends 😁😲😉😊
A password for the open workout meant for the entire swimming population of Scotland? I’m more inclined to think that, by advertising this event, the zoom bombers were alerted… which means that they would have had access either way since, y’know, Scottish Swimming wanted people to join.
You can mute the audience as well as not allow them to share. All the tools are available for you to host a secure large scale meeting like this without it being interrupted. It’s unfortunate that it happened, but when you put on a public event like this you should take some of the responsibility to understand the platform being used.
I agree, the setup was very sloppy on their end and some of the blame falls on them, I was just addressing the implication that adding a password would have changed anything.
This is a terrible app
It, like anything else, is a tool. You should know how to use that tool properly before you try using it. Same can be said for a saw or a hammer. It is an incredibly useful tool and if people follow some simple guidelines no problems will occur. It is awful that this happened, but it really isn’t Zoom’s fault. It is the actions of one person who is not right. Scottish swimming posting the meeting information on social media after everything that has come out recently regarding zoom bombing was not the best decision.
“it really isn’t Zoom’s fault”. This isn’t quite true I’m afraid. Zoom do simply not take security issues very seriously, and its development is set-up that way. While you can argue that Zoom wasn’t originally set-up for this level of use around the world, and it’s impossible to develop a tool that is completely safe and secure, they could certainly make things more secure than they are now.
Lame by the people …. learn to use the FREE application… it’s not Zoom’s fault…
Scottish Swimming posted the information to get on the Zoom meeting all over the place…how does that make it Zoom’s fault?