The security of online video-conferencing platforms was once again raised when a webinar of the Thuma Foundation (the Thuli Madonsela foundation) titled “De Beer vs Minister of CoGTA: Lessons of a constitutional response to Covid-19” was disrupted on the morning of 11 June.
According to an attendee the Zoom-webinar was interrupted shortly after the start when malicious individuals took control of the meeting and displayed anime porn to the attendees. Initially it was planned to move the meeting to another Zoom “location” but after consultation it was decided that the chances of a recurrence of the same event was likely and the event was postponed.
The event has been postponed to Thursday 11 June from 10:00 to 11:30. The Zoom ID is 885 3537 4536 for those wishing to join.
Prof Thuli Madonsela says that they are uncertain who the culprits were but that they “assume it is someone who had a stake in not wanting this democracy dialogue (demologue)”. “Thuma had organised unsecured demologues without ever being cyber attacked,” she adds about their previous talks.
“Before the disruption, the facilitator Wantu Madonsela and Prof Geo Quinot had gone through the Disaster Management Act, as the source of COGTA’s powers, the reach of such powers and the boundaries or limitation. They had also discussed the difference between policies, regulations and directions. I started my presentation on the judgement but could not go beyond giving an outline and indicating the parties, the content of the application and relief sought by the applicants.”
“Thuma is deeply saddened by the disruption of a democratic platform it has laid out for young people as part of its democracy leadership and literacy empowerment initiatives. It deliberately sought to democratise access by not using passwords or limiting access,” she says.
According to Madonsela, Wantu Madonsela, the organiser and facilitator of the talk, says he is “emboldended” by the attack as it suggests that they are “making inroads towards deepening and defending democracy and making the rule of law a concern for everyone beyond lawyers and judges”.
The popularity of online meeting tools rose exponentially during the worldwide isolation response to the Covid-19 epidemic. Zoom has been especially vulnerable to hostile takeovers of meetings and webinars and users of this platform are encouraged to do thorough research beforehand on how to secure a meeting of this nature.
Several schools have also adopted these tools in order to enable online learning. It has come to public attention that inadequate security at schools leave these systems vulnerable to exploitation by malicious actors. StellenboschNews.com has seen examples of passwords provided to pupils, who can’t change these passwords, where the password is a simple combination of the pupil’s name and surname followed by a set number or character code. For instance, John Doe’s password would be Joh-Doe&1 whilst that of Jane Doe would be Jan-Doe&1. This means that once a hacker has access to the password structure, they can imitate any person on the network and interact as them with others. This has obvious security consequences not only to the integrity of the system but to physical well-being of children.
Parents who see these types of passwords should immediately speak to their schools and have them changed to a password known to only the child and the parent. There is no reason for the administrator of the school’s system to have knowledge of these individual passwords
Parents and children should also never share these passwords with anyone, not even the system administrator as system administrators have all the tools required to act and address issues without requiring individual passwords.