Zoom Bombing, don’t be Fooled

So, there are several online conference video chat platforms now being used while businesses continue to operate even while doing the stay at home thing. We are aware of course of the common Skype platform, Uber Conference and gaining huge popularity is Zoom.

Warning to the healthcare industry: Since the United States has launched full tele-health platforms, all parties involved in the session(s) should watch carefully the platform(s) for cyber weirdness. All the same warnings and watchful eyes should be applied to the military across the spectrum as forces too are working from remote locations.

How to Record Zoom Meeting on PC, iPhone

In recent days, I have seen reports of Zoom conference/meeting events getting bombed by rogue players. Every nation while struggling to overcome the pandemic, governments and companies are quite vulnerable to breaches of cyber security due to limited employee resources. What better time for bad actors (read China) to attack?

Zoom has also seen a sharp increase in usage, but the attention the teleconferencing solution is receiving continues to be decidedly mixed. TechCrunch reports that researcher Patrick Wardle has found two local security flaws in Zoom’s macOS client.

***

While Zoom has certainly drawn investors’ eyes in a good way, it’s also attracted the ministrations of white hat researchers, cybercriminals, the plaintiffs’ bar, and state attorneys general. The platform’s encryption isn’t really end-to-end, the Intercept reports. Instead, it uses familiar transport encryption, which gives Zoom itself the potential to access its users’ traffic. The FBI’s Boston Field Office has issued a detailed warning about the ways in which criminals (conventional criminals out for gain, sleazy hacktivists, and skids out for the lulz) have been able to meddle with Zoom sessions. Check Point describes the ways in which criminals have registered domains that include the name “zoom;” these domains are of course up to no good at all. Zoom was also discovered to have been sharing analytic data with Facebook, a practice Zoom halted after it came to public attention, but not in time to forestall a class action suit under California’s Unfair Competition Law, Consumers Legal Remedies Act, and Consumer Privacy Act. And the New York Times reports that all of this news has prompted New York State’s Attorney General to ask Zoom for an explanation of its privacy and security policies.

So, as I was researching for this piece, I received an email from a distant buddy that read in part:

The government has sought the assistance of outside software experts to move online meetings. In one particular instance, my email buddy noted the following”

I have a Zoom warning. We had a Council meeting this afternoon and it had to end immediately. Fortunately, the Council was 99% finished with the meeting. The reason for ending the meeting is because we were Zoom Bombed (yup this is really the name for it). A participant joined the meeting late and his name was Mr. Off. His first name was Jack and he had a middle name “Me”. You can imaging the video. It was horrible. There were three hosts of the meeting that could control participants. The hosts could not see this participant so they didn’t think anything was wrong. Clearly, the hack knows how to enter a meeting without the controlling hosts knowing what is going on. I saw it and ordered the meeting end immediately. The Chair couldn’t see it and was wondering what to heck was wrong with me. It took about 5 more long seconds for me to yell at people to leave the meeting. We all jumped back on the meeting in five minutes and Mr. Off joined the meeting again.

I will add that only half the participants actually saw the act. We also caught it in time to not have it go live on cable or YouTube. Another participant actually viewed video of three other participants that no one else could see and were likely ready to Bomb the meeting.

In the future, we will use passwords for participants. This is unfortunate for the public because they wont be able to join the Zoom part of the meeting. They will still be able to watch it live on local cable and YouTube. We will set up an email and telephone for public comment if the agenda item requires public comment.

I highly recommend you use passwords for future meetings.

Seems we have a new kind of cyber terrorism going on here….espionage at a silent/covert level. Perhaps we can get some kind of press release from the NSA or something.

 

 

The Reason for the WH and Dr. Birx Chilling New Probability Report

Primer: We all seem to guess this except for Jim Acosta/CNN and the others at MSNBC. Media continues to blame the Trump White House for the slow response to address COVID-19, while Dr. Birx and Dr. Fauci explained what they did not know very early on. Now we know.

Now some real questions and new policy towards China must be considered. We can start with the $1.8 T in U.S. debt that China holds. The next is challenging American telecommunications companies to squelch China’s advances of 5G. Then there is the next phase of the U.S. trade agreement with China. Add in the mission to stop China’s power agenda across the globe as it is clear, China is fine with killing people and economies across the world.

China has concealed the extent of the coronavirus outbreak in its country, under-reporting both total cases and deaths it’s suffered from the disease, the U.S. intelligence community concluded in a classified report to the White House, according to three U.S. officials.

The officials asked not to be identified because the report is secret and declined to detail its contents. But the thrust, they said, is that China’s public reporting on cases and deaths is intentionally incomplete. Two of the officials said the report concludes that China’s numbers are fake.

The report was received by the White House last week, one of the officials said. The outbreak began in China’s Hubei province in late 2019, but the country has publicly reported only about 82,000 cases and 3,300 deaths, according to data compiled by Johns Hopkins University. That compares to more than 189,000 cases and more than 4,000 deaths in the U.S., which has the largest publicly reported outbreak in the world.

Communications staff at the White House and Chinese embassy in Washington didn’t immediately respond to requests for comment.

While China eventually imposed a strict lockdown beyond those of less autocratic nations, there has been considerable skepticism of China’s reported numbers, both outside and within the country. The Chinese government has repeatedly revised its methodology for counting cases, for weeks excluding people without symptoms entirely, and only on Tuesday added more than 1,500 asymptomatic cases to its total.

Stacks of thousands of urns outside funeral homes in Hubei province have driven public doubt in Beijing’s reporting.

Deborah Birx, the State Department immunologist advising the White House on its response to the outbreak, said Tuesday that China’s public reporting influenced assumptions elsewhere in the world about the nature of the virus.

Coronavirus: Doctor at hospital in China's Hubei province ... source

“The medical community made — interpreted the Chinese data as: This was serious, but smaller than anyone expected,” she said at a news conference on Tuesday. “Because I think probably we were missing a significant amount of the data, now that what we see happened to Italy and see what happened to Spain.”

China is not the only country with suspect public reporting. Western officials have pointed to Iran, Russia, Indonesia and especially North Korea, which has not reported a single case of the disease, as probable under-counts. Others including Saudi Arabia and Egypt may also be playing down their numbers.

U.S. Secretary of State Michael Pompeo has publicly urged China and other nations to be transparent about their outbreaks. He has repeatedly accused China of covering up the extent of the problem and being slow to share information, especially in the weeks after the virus first emerged, and blocking offers of help from American experts.

“This data set matters,” he said at a news conference in Washington on Tuesday. The development of medical therapies and public-health measures to combat the virus “so that we can save lives depends on the ability to have confidence and information about what has actually transpired,” he said.

“I would urge every nation: Do your best to collect the data. Do your best to share that information,” he said. “We’re doing that.”

The outbreak began in China’s Hubei province in late 2019, but the country has publicly reported only about 82,000 cases and 3,300 deaths, according to data compiled by Johns Hopkins University. That compares to more than 189,000 cases and more than 4,000 deaths in the U.S., which has the largest publicly reported outbreak in the world.

Map of sampling sites in the Hubei Province of China. Red ... source

 

Abstract

Background: The COVID-19 outbreak containment strategies in China based on non-pharmaceutical interventions (NPIs) appear to be effective. Quantitative research is still needed however to assess the efficacy of different candidate NPIs and their timings to guide ongoing and future responses to epidemics of this emerging disease across the World. Methods: We built a travel network-based susceptible-exposed-infectious-removed (SEIR) model to simulate the outbreak across cities in mainland China. We used epidemiological parameters estimated for the early stage of outbreak in Wuhan to parameterise the transmission before NPIs were implemented. To quantify the relative effect of various NPIs, daily changes of delay from illness onset to the first reported case in each county were used as a proxy for the improvement of case identification and isolation across the outbreak. Historical and near-real time human movement data, obtained from Baidu location-based service, were used to derive the intensity of travel restrictions and contact reductions across China. The model and outputs were validated using daily reported case numbers, with a series of sensitivity analyses conducted. Results: We estimated that there were a total of 114,325 COVID-19 cases (interquartile range [IQR] 76,776 – 164,576) in mainland China as of February 29, 2020, and these were highly correlated (p<0.001, R2=0.86) with reported incidence. Without NPIs, the number of COVID-19 cases would likely have shown a 67-fold increase (IQR: 44 – 94), with the effectiveness of different interventions varying. The early detection and isolation of cases was estimated to prevent more infections than travel restrictions and contact reductions, but integrated NPIs would achieve the strongest and most rapid effect. If NPIs could have been conducted one week, two weeks, or three weeks earlier in China, cases could have been reduced by 66%, 86%, and 95%, respectively, together with significantly reducing the number of affected areas. However, if NPIs were conducted one week, two weeks, or three weeks later, the number of cases could have shown a 3-fold, 7-fold, and 18-fold increase across China, respectively. Results also suggest that the social distancing intervention should be continued for the next few months in China to prevent case numbers increasing again after travel restrictions were lifted on February 17, 2020. Conclusion: The NPIs deployed in China appear to be effectively containing the COVID-19 outbreak, but the efficacy of the different interventions varied, with the early case detection and contact reduction being the most effective. Moreover, deploying the NPIs early is also important to prevent further spread. Early and integrated NPI strategies should be prepared, adopted and adjusted to minimize health, social and economic impacts in affected regions around the World.