Further details surface about hacked common council meeting

(Photo Source: Unplash).

Further details have surfaced in regards to the hacker who disrupted the Zoom side of the city of Cortland Common Council meeting on Feb. 15.

According to emails The Cortland Voice received from city mayor Scott Steve, the city employee who ran the Zoom account for the meeting was aware of a potential security risk on Feb. 12.

An email from Zoom Trust and Safety department notified the city employee that the account didn’t “have any security features enabled” and that it “opens the door for anyone (including unwanted guests) to join your meeting.”

Here is the email from Zoom Trust and Safety that was sent to the city employee on Feb. 12:

The city employee forwarded the email (the screenshot above) from Zoom Trust and Safety to Mayor Steve the day after the Feb. 15 meeting, adding that “the difference here is (a social media account) shared the link rather than the meeting number, which would be harder to search.”

The city employee is referring to the login for the meeting, which usually requires meeting identification and passcode. The social media account, however, shared a direct Zoom link to the meeting.

For Zoom meetings, you can either sign in through a meeting ID/passcode, by calling in or simply clicking on the link. Many social media accounts can share either a direct link or a meeting ID/passcode that is required to sign in.

The Zoom Trust and Safety department continued via email and said “Unfortunately, we’ve seen a number of meetings like yours disrupted by malicious people who search social media for unprotected meetings and share them with potential intruders.” 

The email closed by saying that they “strongly recommended” the city employee convert the meeting into a webinar for “control over who participates with video, audio, chat, and screen sharing.”

No changes were made, which is why the incident was able to happen.