Billings church hacked with graphic images during Zoom worship service

Posted at 1:19 PM, May 04, 2020
and last updated 2020-05-04 19:54:36-04

BILLINGS - A Billings church is now working with the FBI and local authorities after its Zoom worship service was hacked with graphic images this past week.

In a Facebook post, Church leaders from Billings First Congregational Church at 310 N. 27th St. say their congregation "watched in horror as our Zoom worship service was overtaken this past week by someone with incredibly evil intent."

The post goes on to say the highjacker broadcast a criminal act against a child.

This type of act is being called "Zoom-bombing."

The post says: "As a congregation that values strong boundaries as a display our love and health, this could not have gone deeper to the heart of who we are. "

The post also stated this will call for a radical change in its worship presentation during the pandemic.

"Well, obviously, we watched in horror-- as our statement said-- as we realized that our Zoom service was overtaken by someone and our reaction was really just shock and horror," Pastor Lisa Harmon told Q2 News.

The post says Rev. Marc Stewart swiftly moved to call the FBI and file a Missing Children’s Report.

Several weeks ago, the the FBI warned about “Zoom-bombing,” where hackers hijack teleconferences and online classrooms on the popular remote conferencing platform.

When using platforms like Zoom, the FBI recommends exercising due diligence and caution in your cybersecurity efforts. Investigators say to follow these steps to mitigate teleconference hijacking threats:

  • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
  • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated its software. In the security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
  • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.