Zoom-bombing and “Hacking” Online Conferencing: A Open Challenge to Future Heroes or Future Felons

The rise of online meeting tools accompanies  the coranavirus (COVID-19) pandemic. Tools such as ZOOM, Jitsi.org (open source, community developed), GoToMeeting, and Microsoft Teams provide critical infrastructure during the pandemic and critical tools for socialization in an isolation-environment.

Zoom-bombing Arises Likely from Script-Kiddies, Not Hackers

Zoom-bombing (also possible on other platforms, not just ZOOM) takes advantage of the balance between openness in advertising socialization opportunities via online meeting tools and the need to protect the integrity of the meetings. Recently, so-called hackers, are accused of “hacking” into such meetings to cause disruption including disrupting meetings, making inappropriate comments, or scrawling offensive images on the screens of meeting attendees.

I get annoyed with the tired media portrayals of these activities as somehow the dark domain of lurking “hackers.” Little, if any, of this activity requires any type of “hacking” ability. Yet, “hackers” get blamed (in fact, at least some of those demonized “hackers” are likely helping with the pandemic by providing key computer help to non-profits, aid to 3-D printing efforts to produce protective gear, and assistance with infrastructure development.) Zoom-bombing is likely NOT caused by “hackers.”

Instead, Zoom-bombing is probably  script-kiddies—board, computer-literate individuals just trying to cause disruption (get the kids back into school and Zoom-bombing will likely dissipate). Zoom-bombing requires little, if any, real computer skills. Now before the script-kiddies get angry with me, I mean no offense with that moniker and ask that you read the rest of this post.

Zoom-bombing: No Joke in Pennsylvania—Felony Prosecution

Even if Zoom-bombings are just attempts to cause malicious disruption or offense, script-kiddies should be warned that Zoom-bombing incidents in Pennsylvania, or a meeting involving  any Pennsylvanian’s in attendance or hosting, carry steep criminal penalties.

The Pennsylvania Computer Crimes Statutes still broadly define computer crimes—so the chances of prosecution are high because a competent district attorney, under these broad statutes, can easily make a case. More importantly, while this might be viewed as a “joke” or “harmless” by some, the penalties should be a wake-up call—third-degree felonies. Yep, upon conviction, you are looking at a lifetime label of felon, likely prison time as a guest of the Commonwealth’s prison system, steep fines, no more college loans, no more voting, and a lifetime of awkwardly explaining that felony on job applications. Plus, you will likely face prosecution in Pennsylvania due to the computer crimes jurisdictional component (18 PaCS 7602) even if you do not live in Pennsylvania. This isn’t TV; this is how the law works.

Zoom-bombers risk prosecution under, at least, 18 PaCS 7611 (unlawful use of a computer) which is an offense if someone

accesses or exceeds authorization to access, alters, damages or destroys any computer, computer system, computer network, computer software, computer program, computer database, World Wide Web site or telecommunication device or any part thereof with the intent to interrupt the normal functioning of a person.

Second, the person also risks 18 PaCS 7612 (disruption of [computer] service) which is an offense if someone

intentionally or knowingly engages in a scheme or artifice, including, but not limited to, a denial of service attack upon any computer, computer system, computer network, computer software, computer program, computer server, computer database, World Wide Web site or telecommunication device or any part thereof that is designed to block, impede or deny the access of information or initiation or completion of any sale or transaction by users of that computer, computer system, computer network, computer software, computer program, computer server or database or any part thereof.

Third, the person risks 18 PaCS 7615 (computer trespass ) which is an offense if someone

knowingly and without authority or in excess of given authority uses a computer or computer network with the intent to:

(2)  cause a computer to malfunction, regardless of the amount of time the malfunction persists;

(3)  alter or erase any computer data, computer programs or computer software….

All of the computer crimes carry third-degree felony penalties (translation: you are in the Big Leagues here for criminal defense and will likely pay a hefty attorney fee). And before the more savvy of you try to argue-away these laws, understand that’s TV, not real life. The district attorney, not you, defines how these statutes apply. You may be charged. You will then need to defend.

A Unexpected Hate Crime Escalator?

As with late-night TV, “but wait…there’s more….” Diligent district attorneys, depending on the content of the disruption and targets, may add a hate crime escalator to the criminal computer crime charges under 18 PaCS 2710. This bumps-up the third-degree felony to a second degree felony. That tacks on another two to three years of prison time (5 to 10 years!). So, if attacking a religious group, making ethnic comments, or generally being a jerk to protected classes somehow, you are looking at a serious escalator.

Summary: A Quiet Challenge to Zoom-bombers

Yes, the pandemic sucks. But it sucks a whole lot more for the tens of thousands of the dying, hundreds of thousands exposed as healthcare workers or grocery store workers, millions of the out-of-work (no paycheck) or out-of-school, and the millions of elderly now isolated.

No, I don’t think “hackers” get a fair shake by being labelled the cause of this Zoom-bombing activity (but “hackers” can take the high-road and feature, in appropriate channels, what they ARE doing to help).

Instead of “hackers,” I refer to what, I think, is the real source of Zoom-bombing incidents as script-kiddies—perhaps bored people with some, at least basic, computer skills. I do not mean any disrespect by the term. But I do think that it is important to distinguish hackers from script-kiddies.

So here’s my challenge to the script-kiddies: rather than risk tens of thousands of dollars in computer crimes defense, risk five to ten years in jail (and you know they will throw-the-book at someone to make an example), living labelled as a felon (no more voting, no firearms, no college loans, and likely impaired  job prospects) put the boredom and computer skills to work to HELP. Nonprofits, faith groups, advocacy groups (hey, if you’re angry with the world, find a group that fits you), hospitals, first responders, the medical community, legal access-to-justice groups, the open source software community, etc. are reeling with the pandemic and need help, especially technology help—websites to distribute information, help training non-computer-literate people in computer use, help setting up online meetings, help with 3-D manufacturing, help with open source software (free software that benefits the community), etc.

So, my challenge to the Zoom-bombers is this: when you look back on this pandemic 25 years from now,

  • do you want to be the one who vaguely remembered for being prosecuted for Zoom-bombing (yet with possible serious long-term consequences and likely regrets) or
  • do you want to remember how you quietly used your time and computer  skills (or learned new skills) to help that fire department, local free medical clinic, elder care facility (isolated under lock-down), advocacy group that you resonate with, or faith community (struggling to maintain contact with members)?

QED