Zoom-bombed: Indonesian ICT board’s virtual meeting discussing COVID-19 misinformation hijacked with porn video

A Zoom video conference between Indonesian ICT experts hijacked with a porn video on April 16, 2020. Photo: Video screengrab
A Zoom video conference between Indonesian ICT experts hijacked with a porn video on April 16, 2020. Photo: Video screengrab

We’ve probably all heard about the security flaws in video conference platform Zoom as its popularity skyrocketed along with the enactment of work from home policies around the world. Yesterday in Indonesia, those flaws were allegedly exploited during a virtual meeting among IT experts, leading to a highly ironic and, quite frankly, embarrassing, situation.

The National Information and Communications Technology Board (Wantiknas), a government-run institution ostensibly comprising the country’s top ICT experts, held a virtual discussion on Zoom yesterday afternoon, with the topic being online misinformation amid the COVID-19 pandemic. 

The discussion, which was also streamed to the public on Youtube, took a raunchy turn when a participant with the username “Bin Laden” hijacked the meeting and played a porn video among the boxes of faces. At the time, there were reportedly some 100 people tuned in to the discussion.

The Youtube stream is no longer available as of this morning.

But this doesn’t appear to be the work of a seasoned hacker.

One of the participants, social media analyst firm Drone Emprit founder Ismail Fahmi, told Kumparan he was bothered by the Zoom-bomber but acknowledged that the admins of the discussion may have committed some grave security oversights. Ismail pointed out that the promotional poster for the virtual discussion contained the Zoom meeting ID and password, and that the admins likely did not turn on the app’s Waiting Room feature, which would require those wishing to enter the discussion to be approved by admins.

The discussion’s meeting ID and password shared on its promotional poster.

“People like Zoom because it’s very easy to use. Just share [the ID and password] and we’re connected. But they forgot to switch on [security features]. The public isn’t encouraged to switch it on,” Ismail said.

Wantiknas Executive Director Gerry Firmansyah apologized for the hijacking but has thus far refrained from blaming the discussion admins, saying that the board will conduct an investigation into how the incident happened.

Possible oversight aside, governments and tech experts around the world have warned that Zoom is not safe after several of its security and privacy lapses emerged in recent weeks. These lapses went beyond Zoom-bombing, as there have been concerns that the app’s shortcomings may allow cyber criminals to access users’ sensitive information. The app has apologized for its security flaws and says it’s determined to fix the issues.

Read the latest news on Coconuts Jakarta




BECOME A COCO+ MEMBER

Support local news and join a community of like-minded
“Coconauts” across Southeast Asia and Hong Kong.

Join Now
Coconuts TV
Our latest and greatest original videos
Subscribe on