The College Post
The College Post -- Covering Higher Education in America

How ‘Zoom Bombing’ Puts Online Classes at Risk

When the world locked down in March, college classes were abruptly forced to move from lecture halls to online spaces. Lecterns, projectors, and professors were suddenly reduced to pixels on video platforms like Zoom and Microsoft Teams.

However, the sudden adaptation to the new technology revealed risky blind spots, such as “Zoom bombing.”

Zoom bombing is a form of cyberattack that can be a shocking and traumatic experience for students. Attacks have exposed students to body-shaming, slurs, racism, and even terrorism.

University of California, Los Angeles (UCLA) chemistry professor Eric Scerri and his class recently fell victim to a Zoom bombing. On October 5, just 20 minutes into the lecture, an unidentified user entered the call. When the user insulted Scerri’s age, the professor muted them. However, the invader quickly unmuted themselves and turned their attention to the students, throwing homophobic slurs.

Ecology and evolutionary biology student, Jenni Dabbert, was targeted for her weight by the attacker after she asked Professor Scerri to end their class. “I have never, ever heard anything that bad come out from somebody’s mouth in real life,” Dabbert told UCLA campus newspaper Daily Bruin. She claims she has “thick skin” but still found the ordeal “shocking and unfair.”

On the same day, Professor Koffi Enakoutsa was attacked with racist and homophobic slurs during his Math class, prompting UCLA administration to investigate whether the two incidents had the same perpetrator.

Accessibility vs. Security

Earlier in the month, the University of Pennsylvania also had two Zoom bombings on the same day. A Biology 101 class and a Criminology 101 class were both bombarded by racial slurs and inappropriate language, including the word “penis” and the N-word.

The professor of the Criminology class, Charles Loeffler, contemplated the use of Zoom at the time. “There’s a tension between accessibility and vulnerability,” he stated to The Daily Pennsylvanian, the university’s independent student media organization. “One of the things that makes Zoom so useful for so many people is how easy it is to share a link and to access a session.”

Terrorism

While the incidents at UCLA and Penn were traumatizing for students and professors, Zoom bombing can be even more serious. In September, a 19-year old man was arrested for making bomb threats during a University of Houston Zoom lecture. 

Ibraheem Ahmed Al Bayati joined the Zoom call and interrupted the class asking, “What does any of this have to do with the fact that UH is about to get bombed in a few days?” He then declared that the “Islamic State shall remain” before exiting the call. Al Bayati was later identified as an ISIS recruiter.

The incident brought fear to the UH student population. Lindsay Hutchins, who attended the lecture and heard the threats, said she debated whether to leave the campus and go home. However, she commended the school for “handling the situation well.”

Making Video Calls Safer for Staff and Students

The recent spate of Zoom bombings illustrates how online classes are vulnerable to unwanted participation. Online lessons do not have the security of physical classrooms because anyone with a Meeting ID and password can join.

The professors of the classes claimed that they used passwords. However, when the call information is shared indiscriminately through messaging platforms or social media, it can be obtained by people who are not part of the class.

To address this predicament, Vanderbilt University IT shared measures for teachers to secure their Zoom classes. Some of these include:

  • Share class details in a meeting where students need to register their name and email address. Do not share through social media or public platforms.
  • Limit the meeting to authenticated users only. Require the students to register their Zoom account beforehand. This way, even if a person has the meeting ID and password, they cannot be admitted if the account they are using is not registered. 
  • “Lock” the meeting once all identified participants are in to stop any unwanted visitors.