Sacrilegious Zoom-webinar held by International Maritime Federation with the Honorable Minister of Shipping as the Chief Guest exposing the Nation to

In perpetual tribute to the departed souls of Colonel B Santosh Babu of the Bihar Regiment, Havildar Palani and Sepoy Ojha and seventeen other soldiers who laid down their lives in Galwan Valley in Ladakh for India, the Citizens of India have unanimously avowed not to use any Chinese products, despite all the repeated warnings contained in my trailing Email dated Wed 10-06-2020 14:48 and despite forwarding specific MHA Advisory on Zoom  that such a dubious organization like the so-called International Maritime Federation is likely to dope you into forbidden security quagmire of the Chinese Zoom that plunges the users into the Security Quicksand, the Honourable Minister of Shipping  and Directorate General of Shipping did not pay heed to my well informed advice and did participate in the Webinar hosted by International Maritime Federation for their own vested interests on the weird Chinese Zoom technology, exposing the nation to the horrors of State-sponsored cyber-hacking, as the attached screenshots may throw light if you like. Of course, the Honourable Minister of Shipping is not aware Zoom directs all the user data of the conference participants to servers based in China, where it isn’t safe under their law, as China doesn’t enforce many laws protecting users’ privacy. But I warned you, Sir, before, well in time.

The policy change came not long after the University of Toronto found in its research of the popular platform that users’ data had been transferred through China. That routed data and users’ privacy could be at risk, given that China could force Zoom to decrypt the data that was transferred through China.

“During a test of a Zoom meeting with two users, one in the United States and one in Canada, we found that the AES-128 key for conference encryption and decryption was sent to one of the participants over TLS from a Zoom server apparently located in Beijing, 52.81.151.250,” the University of Toronto researchers wrote in their findings. “A company primarily catering to North American clients that sometimes distributes encryption keys through servers in China is potentially concerning, given that Zoom may be legally obligated to disclose these keys to authorities in China.”

Pentagon bans Zoom

The Pentagon has banned most versions of a popular video conferencing application for its personnel after reports surfaced revealing major security issues linked to China.

Service members, civilians, and contractors can no longer use free versions of Zoom in official capacities, said a Pentagon spokesman, Air Force Lt. Col Robert Carver, in a statement to Military.com. However, personnel will be allowed to used Zoom for Government, a paid and more secure version of the application, but only for “publicly-releasable DoD information not categorized as For Official Use Only,” Carver said.

Zoom for Government has been issued a Federal Risk and Authorization Management Program (FedRAMP) provisional authorization, Carver added.

“The department requires our workforce only use DoD-approved platforms when conducting official business,” Carver said

The FBI said last week that it saw an increase in “Zoombombing,” the phenomenon of uninvited users infiltrating Zoom video conference sessions, in this case, between Pentagon personnel.

China – the country full of most riled hackers.

China has been discovered by experts to have the most hackers when compared to the rest of the countries around the world. Most of the cyber-attacks being experienced on the internet can be traced to China. It makes up a whopping 41% of such attacks. Most people claimed that the majority of the groups that are into hacking seem affiliated to the Chinese military. The same way technology seems to be advancing in China, that is how hacking is also growing even though the country’s media has claimed otherwise.

“China remains the most active strategic competitor responsible for cyber espionage against the US Government, corporations, and allies,” the report states, adding that the country also “has the ability to launch cyber-attacks that cause localized, temporary disruptive effects on critical infrastructure” in the U.S.

The report also found that Chinese intelligence services “will exploit the openness of American society, especially academia and the scientific community, using a variety of means.”

Director of National Intelligence Dan Coats told senators on Tuesday that over the past 1 1/2 decades, “China had a remarkable rise in capabilities that are stunning.”

U.S. intelligence leaders said Tuesday they believe China currently poses the most dangerous and complex counterintelligence threat to the nation.

How Zoom users are being targeted by COVID-19-capitalizing hackers

Since the onset of the COVID-19 pandemic in January, a whopping 1,700 new domains contained the word "Zoom" -- 25% of those domains (425 to be exact) were registered within the past 7 days. Lead investigators classified 70 of these domains as "suspicious." In other words, these websites were likely created with malicious intent.

"The numbers reinforce the trend of hackers taking advantage of millions now working from home through Zoom, the popular video conferencing service used by over 60% of the Fortune 500," the Check Point Research report said.

Check Point researchers also discovered maliciously created files -- “zoom-us-zoom_##########.exe,” for example -- aimed at targeting unsuspecting Zoom users. Running such files on one's computer leads to the installation of the InstallCore malware, which is known for installing more than one threatening application.

The recent, staggering increase means that hackers have taken notice of the work-from-home paradigm shift that COVID-19 has forced, and they see it as an opportunity to deceive, lure and exploit," Omer Dembinsky, manager of cyber research at Check Point Research, said. "Each time you get a Zoom link or document messaged or forwarded to you; I’d take an extra look to make sure it’s not a trap.”

Although the lead investigators' main focus for this report was Zoom, researchers also discovered that opportunists were capitalizing off other popular conferencing platforms such as Google Hangouts and Google Classroom.

Zoom Makes Encryption Keys in China

Zoom, the video conferencing giant that’s gained huge popularity in the work-from-home coronavirus age, handles user data in China, according to researchers. That information, on occasion, also includes encryption keys, the chunks of data that can unlock conversations, even if the participants aren’t based in China, the academics found in their tests of the software.

The research, handed to Forbes ahead of publication on Friday, comes after a difficult week for Zoom, in which it had to apologize for various shortcomings in its privacy and security. The report’s authors, Bill Marczak and John Scott-Railton at the University of Toronto-based Citizen Lab, say their findings raise issues about whether U.S. government organizations should be using it at all. 

Recently, Forbes revealed U.S. agencies handling the coronavirus response had spent a collective $1.3 million on Zoom tech in just a few days at the end of March. Not only had the Centers for Disease Control and Prevention (CDC) and the Federal Emergency Management Agency (FEMA) spent hundreds of thousands on Zoom for COVID-19-related webinars and calls, but other government agencies had bought into the tech, too. That included the State Department and one organization that was the alleged victim of a major Chinese hack, the Office of Personnel Management, in a breach that saw the private data of 21 million Americans leak. 

Zoom Encryption Contains a Chinese Backdoor and Uses Data Mining to Find Your LinkedIn Profile and Sell Your Information

The pandemic has forced millions of people to look for other ways to stay in touch from a distance, resulting in the growing popularity of video conferencing platforms such as Zoom, although it has also caught the attention of data security training experts, cybercriminal groups and even unreliable security practices present in the service have been unveiled.

A recently published research has revealed that Zoom’s encryption could contain a backdoor developed in China, in addition to the company’s use of data mining processes from its users’ LinkedIn profiles to sell their information.

Zoom Servers in China

To begin with, it is necessary to clarify that, contrary to what the platform claims, Zoom does not have end-to-end encryption, as pointed out by experts in data security training. When users start a Zoom session, the software on the user’s device obtains a key to encrypt audio and video, which is sent from the company’s cloud infrastructure, which in turn contains servers around the world.

The key comes from a server known as the Key Management System, which generates the same encryption key and sends it to all the Zoom session participants. This key is sent to the video conferencing software using TLS, the same technology used in the “https” protocol. Depending on the session configuration, some Zoom cloud servers (known as “connectors”) might get a copy of the encryption key.

Data security training specialists mentioned that, in total, Zoom has 73 key management systems; of these, 5 are found in China and the remaining in the U.S. This is a worrying behaviour because, given the laws under which technology companies operate in China, Zoom may be forced to share encryption keys with the authorities of the Asian country if they are generated on a server hosted in Chinese territory. If the Chinese government or any other threat actor tried to spy on a Zoom session, it would also require monitoring the target user’s Internet access, or monitoring the Zoom cloud network. By collecting this information, the attack can be completed, decrypting the session audio and video.

Weak encryption is just one of the many security weaknesses in Zoom. While the platform conforms to the Advanced Encryption Standard (AES), the encryption keys used in the company are only 128 bits; while still considered secure, most technology companies have migrated to the use of 256-bit keys for years. Specialists believe that these deficiencies could be of particular concern to government officials around the world and large companies, as Zoom failures could expose them to leaks of confidential information or espionage activities.

LinkedIn Data Leaking

Unfortunately, this is not the only privacy drawback discovered in Zoom over the last few days. In a report published in The New York Times, data security training specialists revealed a data mining bug that would be filtering data from the LinkedIn profiles of videoconferencing session participants.

This flaw is affecting any user subscribed to a LinkedIn service called “LinkedIn Sales Navigator”. When this service is enabled, LinkedIn data for all participants in a Zoom session can be quickly accessed without requesting their consent. Among the leaked information are details such as:

Current work

Charge

Name of employer

Location data

After multiple tests, researchers discovered that the data mining tool is able to instantly link the Zoom user’s name to their LinkedIn profile name. In addition, Zoom automatically sends this personal information to your data collection tool, regardless of whether the session members activated it or not.

After the publication of this report, Zoom issued a statement to inform that it had permanently disabled this tool, although it is not possible to define how many users were subjected to this invasive practice. LinkedIn also reported some measures in this regard.

The International Institute of Cyber Security (IICS) says that, since the start of the coronavirus outbreak, the number of Zoom users rose from 10 million to 200 million, including individuals, academic institutions, private companies and government agencies. Social estrangement will continue for at least the next three months, so it is worth requiring the company to reveal more details about its data collection policies and ties with the Chinese government, as the millions of users who depend on it tool to continue your academic and professional activities deserve to know what protections your information can provide this platform.

How do you make amends is your option? The moral is one is known by the company he keeps. I understand the Honourable Minister of Shipping was not aware of the dangers his learned office was exposed to when he nodded his consent to participate in the webinar hosted by the International Maritime Federation. a bad action bequeaths bad results. Especially when one plays in the hands of ill-informed ‘Federations’ which are not worth their salt, he exposes himself and his country to International hackers a lot of whom are concentrated in one nation namely Peoples Democracy of china.

I can produce terabytes of cyber literature to substantiate my stand. And there are a million IT Experts at your disposal who will testify the maladies of the Chinese Technology the pariah of the IT world NIC is the best, In any case, the faulty approval granted to International Maritime Federation is forever flawed, mired in controversies, corrupt, vitiated and against all rules of administrative propriety, final propriety and unconstitutional. Still, I humbly pray that better sense prevails upon all concerned to derecognized the wrongly recognized International Maritime Federation. And stay away from the dangerous technologies that comprise the security of the Nation.