Cyber Incident Victim: United States District Court for the Northern District of Georgia
Date:
Sep 2020
Location:
United States of America
Summary
A public hearing in an Atlanta federal district court on election security was disrupted when unauthorized Zoom participants shared offensive content, including pornography, swastikas, and imagery referencing a major terrorist attack, coinciding with its anniversary. The intrusion occurred after screen-sharing privileges were inadvertently enabled for all attendees, prompting the court to terminate the session and restart it with enhanced security measures such as a virtual waiting room and restricted sharing controls. Court officials recorded participant details and engaged law enforcement to assess potential criminal violations, which could include contempt of court or federal charges related to teleconference hacking. The incident highlighted vulnerabilities in public virtual proceedings during increased reliance on remote platforms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 11, 2020, a public hearing regarding election security hosted by an Atlanta federal district court was disrupted by zoombombing during a Zoom conference call. Approximately 100 participants were present when an individual using the name "Osama" and at least one other unidentified person gained control of the screen-sharing function. The attackers displayed pornographic content, swastikas, and images of the September 11, 2001 World Trade Center attacks, accompanied by music. The timing of the incident coincided with the 19th anniversary of the 9/11 attacks, amplifying the offensive nature of the content. The disruption occurred when the court temporarily enabled participant screen sharing to facilitate exhibit presentations during the hearing. Court clerk James Hatten later confirmed the vulnerability stemmed from Zoom's default settings allowing unrestricted sharing by all attendees under their current license agreement.
The court immediately terminated the Zoom session and resumed proceedings one hour later with enhanced security measures, including a virtual waiting room and modified exhibit-sharing protocols. Attorneys were required to email exhibits to court staff for controlled sharing instead of allowing direct participant sharing. Hatten stated the court had records of participant information and had notified law enforcement to determine whether federal or state crimes occurred, though no specific suspects were publicly identified. The court acknowledged plans to upgrade its Zoom license to restrict sharing privileges exclusively to designated panelists. While the incident caused operational delays, no long-term system compromises or data breaches were reported. Zoom responded to media inquiries by condemning the behavior and referencing recent security updates to default settings, including host-controlled screen sharing and participant removal tools, but did not address specific law enforcement cooperation procedures. This incident occurred amid increased reliance on videoconferencing during COVID-19 and followed similar zoombombing cases, including a University of Houston bombing threat prosecution and a North Carolina town board meeting disruption that authorities declined to prosecute.