Billings First Congregational Church is taking action after a recent worship service conducted via Zoom (online video conferencing) was hacked, with the perpetrator(s) reportedly showing a "criminal act against a child."
Church leaders said they "watched in horror as our Zoom worship service was overtaken this past week by someone with incredibly evil intent."
According to the church, Reverend Marc Stewart acted quickly by notifying the Federal Bureau of Investigation, and also contacted Billings police and civic leaders.
During the restrictions and closures caused by the COVID-19 pandemic, many churches have turned to hosting virtual services - broadcasting from their facilities and inviting congregants to watch via several online platforms, including Youtube, Facebook, and Zoom.
Several weeks ago, the FBI warned about “Zoom-bombing,” where hackers hijack teleconferences and online classrooms on the popular remote conferencing platform.
Billings First Congregational Church said in a Facebook post : "Our prayer is that somehow you had turned away, that no children were present to see these things, or that you were not present to see the terrible images that were being displayed. As a congregation that values strong boundaries as a display our love and health, this could not have gone deeper to the heart of who we are."
Church leaders said that they take full responsibility for not setting up security protocols to prevent the incident, and will take "all measures possible in the future to make sure this never happens again."
When using platforms like Zoom, the FBI recommends exercising due diligence and caution in your cybersecurity efforts. Investigators say to follow these steps to mitigate teleconference hijacking threats:
- Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
- Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
- Manage screensharing options. In Zoom, change screensharing to “Host Only.”
- Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated its software. In the security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
- Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.
