Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Intel report warns Zoom could be vulnerable to foreign surveillance

Tuesday, April 28, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

The Zoom videoconferencing platform, so popular with people forced to stay home because of the coronavirus pandemic, could be vulnerable to intrusions by foreign government spy services, including China, according to a federal intelligence analysis obtained by ABC News. The analysis urges organizations to carefully consider the risk if they should continue working with the system.

The report was issued jointly by the Department of Homeland Security’s Cyber Mission and Counterintelligence Mission centers, and was distributed to law enforcement and government agencies around the country. It comes less than a month after the FBI’s Boston office warned that hackers were able to hijack or disrupt videoconferences in what has come to be known as “Zoom-bombing.”

Hackers “likely will identify new or use existing vulnerabilities in Zoom to compromise user devices and accounts for further exploitation of corporate networks,” the notice says. Even security fixes don’t eliminate the concerns, analysts said, because “the patching process is undermined by … actors who often capitalize on delays and develop exploits based on the vulnerability and available patches.”

A Zoom spokesperson told ABC News the company disagrees with the intelligence analysis and that it is “heavily misinformed, includes blatant inaccuracies about Zoom’s operations, and the authors themselves admit only ‘moderate confidence’ in their own reporting. We are disappointed the authors did not engage with Zoom to verify the accuracy of these claims and understand the real facts about Zoom.”

Regarding previously reported security issues, the company said, "We actively and quickly addressed specific security concerns as they were raised over the past few weeks.”

DHS intelligence experts noted the popularity of Zoom has skyrocketed with the platform’s daily user base growing, according to company statistics, from 10 million a day to 200 million since December. While in the last six weeks, government stay-home orders have forced learning, government and business operations to migrate from physical spaces to the internet.

“Zoom’s sudden immense growth and use across both public and private sector entities in combination with its highly publicized cybersecurity issues creates a vulnerable, target-rich environment,” the intelligence notice says. “Any organization currently using – or considering using – Zoom should evaluate the risk of its use.”

Among the specific concerns laid out by analysts is the risk posed by some development work for Zoom that is done in China. Because of China’s strict intelligence and intellectual property rules, “China’s access to Zoom servers makes Beijing uniquely positioned to target US public and private sector users,” according to the document. “China’s unique position does not prevent other nation-states from using Zoom vulnerabilities to achieve their objectives.”

And, analysts said, hackers could use Zoom’s system to deploy malware that could then make a third party’s computer system susceptible to a security breach.

The Zoom spokesperson said that the company "has layered safeguards, robust cybersecurity protection, and internal controls in place to prevent unauthorized access to data” and that its “developers in China do not have any access to Zoom’s production environment, the power or access to make substantive changes to our platform or the means to access any meeting content."

The spokesperson said Zoom's systems are "designed to maintain geo-fencing around China ensuring that users outside of China do not have their meeting data routed through servers in China." Additionally, paid Zoom customers "are now able to further customize which data center regions their account can use for real-time meeting traffic," which allows them to "opt in or out of specific data center locations," the spokesperson said.

The spokesperson said that in addition to the use of cloud data centers globally, Zoom had 17 data centers "around the world,” but only one is in China. "All Zoom source code is stored and versioned in the United States," the spokesperson said.

John Cohen, a former DHS acting undersecretary who used to oversee the department’s intelligence operations, said in general, “China, Russia and other hostile nations view the coronavirus as an opportunity to expand their intelligence-gathering efforts and they are actively targeting the private communications of those in government, the private sector, academia and others, who have increasingly turned to online communications."

“Private conversations using online communications and video conferencing apps are vulnerable to being intercepted by criminals and foreign intelligence operatives," said Cohen, a current ABC News contributor. "Securing these platforms must be a priority especially since they are being used more frequently during the current public health crisis.”

Photo: © Olivier Douliery/AFP via Getty Images A photo illustration shows a Zoom App logo is displayed on a smartphone, March 30, 2020 in Arlington, Va.

Link: https://abcnews.go.com/International/intel-report-warns-zoom-vulnerable-foreign-surveillance/story?id=70376203

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.