Using porn and slurs, ‘Zoom bombers’ strike KC area colleges. Here’s how to fight back
In the first week of online-only classes at Kansas State University in March, the student government senate convened for its first virtual meeting via the video conferencing app, Zoom.
Senate leaders tweeted the link to the session “to be more accessible to students,” said Jansen Penny, student body president.
About five minutes into the meeting “someone took over the screen and using the Zoom blackboard function started drawing explicit images,” Penny said. When the host tried to erase the images, more and more came up. Eventually the intruder put up a pornographic video. When the host tried to end the meeting, that function was locked and would not work. She had to power down her laptop to shut the meeting down.
It’s called Zoom bombing, an unfortunate growing trend in the age of COVID-19 stay at home orders.
The surge in online communication at schools, businesses and even places of worship has thrown open the cyber gates for computer hackers to intrude and disrupt.
Last Tuesday, three University of Missouri Zoom sessions were disrupted by individuals “using hateful, discriminatory and reprehensible language,” UM System President Mun Choi said in a notice to the campus community.
Choi said the “intrusive acts … are violations of our university’s policies and an affront to basic human values. They will not be tolerated.”
Neither University of Missouri-Kansas City nor University of Kansas responded to questions from The Star about Zoom bombing in their virtual classes.
The Chicago Tribune reported last week on a virtual mediation session interrupted by some young men who hacked in and began heckling the woman leading the meeting. They eventually took control of the screen and started searching for pornography. And when the group leader tried to mute them, the hackers scolded her and used a racial slur.
In Orange County, Florida, a man hacked into a public school’s online class and exposed himself to students, school officials said last week. They reported the incident to law enforcement.
Business Insider reported that several New York Alcoholics Anonymous meetings were interrupted by trolls shouting misogynistic and anti-Semitic slurs, along with crass references to drinking.
The FBI Boston Division put out a warning about Zoom bombing last week after receiving reports of school video conferences interrupted with hate speech, pornography and threatening language.
What to do about it
UM System officials say they immediately looked for ways to stop hackers from interrupting classes for the 70,000 students enrolled at their four campuses, which are all shuttered for the remainder of the school year.
First, Choi referred students and faculty to Zoom’s new guide on ways to secure a session by locking the virtual classroom control screen, locking chat sessions and removing participants. One key to keeping intruders out is to enable waiting rooms, which prevent guests from entering a session until the host allows them in.
Cyber security experts suggest requiring a meeting password.
“Using a password goes a long way to protect your conference,” said Matthew Gunkel, chief e-learning officer at MU. Gunkel also suggests the host get training in how to manage and moderate a meeting because, “it can be tricky,” he said, to understand all the options available.
And, he said, “for one-to-many events, like a preacher in front of a large audience, look at webinars as an option rather than an open Zoom room.”
Zoom, based in San Jose, California, has recently been under fire from users about privacy and security issues. On Wednesday the company apologized for “falling short” on security issues and promised to improve.
“Usage of Zoom has ballooned overnight,” executive director Eric Yuan said in a blog post, in ways he could not have foreseen before the coronavirus pandemic.
At the end of December, the maximum number of daily Zoom meeting participants was roughly 10 million, Yuan said. In March, Zoom reached more than 200 million.
In Kansas City, Bret Knighton, president of Complete Technology Service, has spent the last few weeks securing remote setups for a lot of small businesses adhering to the city’s stay at home orders.
“One reason this Zoom bombing is happening is because people have public sessions, they are open, so it is very easy to do,” Knighton said.
Schools and companies need to be extra careful, he said. When employees are connected to a company’s system through a virtual private network, or VPN, if their laptop is vulnerable to hackers, so is the company system.
“We live in this world where there’s a two-edged sword: a world where we can have video conferencing, but at the same time some things do need to be done to protect ourselves.”
Posting video conference links on social media, Knighton said, is a bad idea. “I recommend a private session be created, sending individual links for people to log in. And make sure the screen is locked.”
The people who are Zoom bombing school and company video conferences “are not your sophisticated hackers,” Knighton said. “The way the Zoom tool works is that it has made it easy for people to use. Zoom has provided us a great tool, but it also opened the gateway for people to be taken advantage of.”
This story was originally published April 6, 2020 at 5:00 AM.
