With the video conferencing platform Zoom taking off among universities and other institutions during the coronavirus pandemic, the phenomenon of “Zoom bombing” has become more frequent.
There have been four reported incidents of Zoom bombing—a phrase referring to virtual intruders entering a Zoom session—during St. Joe’s online courses, according to Andy Starr, manager of academic systems in the Office of Information Technology (OIT). Starr said the usage of Zoom has doubled compared to the last three years at St. Joe’s, which has increased the possibility of technological challenges.
To join a Zoom session, users must have a link created for the class or meeting. Starr said there are multiple ways in which a Zoom bomber could get that link.
“The current theory is most of the Zoom bombings are happening on published links, so somebody has shared the link on social media, via email or on a website,” Starr said. “The other theory is that they are randomly going through, so they figure out that SJU has Zoom. There’s only so many combinations of nine numbers that you can come up with, and they just randomly try until they get a hit.”
The first case of Zoom bombing at St. Joe’s was announced in an email from Cheryl McConnell, Ph.D., provost and vice president for Academic Affairs, sent to faculty and staff on March 26. McConnell wrote that at least one class had been “disrupted by unauthorized attendees,” and OIT began offering strategies for managing Zoom sessions.
“With the Provost’s approval, OIT will disable the ability of participants to share their screens without instructor approval upon entering the Zoom room,” McConnell said. “In addition, OIT has posted additional strategies for faculty to manage their Zoom sessions including how to remove unwanted participants, locking your session or muting all participants. Faculty can decide what will work best for them.”
In another email sent to faculty and staff on April 1, McConnell reported a second incident of Zoom bombing in which the instructor removed the intruder using Zoom’s participant management feature.
While some cases of Zoom bombing around the country have been more extreme, Starr said the incidents at St. Joe’s have just been disruptive.
“One of them was so silly, it was a guy doing push ups in his backyard,” Starr said. “He shared his camera from his phone, and that’s what he chose to do with his 30 seconds before the instructor kicked him out.”
Jack Botto ’22 had a similarly disruptive incident of Zoom bombing during a session he had with a few classmates and their professor. Botto said the Zoom bomber entered the session with their camera off and began sharing their screen with information they had found online about Botto and his friends.
“They were kind of bored and just [wanted] something to do,” Botto said. “At one point they left, maybe [my friend] kicked them out, but they were able to get back in. They could join any time they wanted, so we just let them stick around.”
Botto said the link was sent through text, so they did not know how the Zoom bomber got in, but Botto and his friends were not too concerned about the person’s intentions.
In addition to OIT’s steps to prevent Zoom bombing from happening at St. Joe’s, Starr said Zoom has made changes to the software to increase security in light of the Zoom bombing trend.
“One of the other things that’s happened recently is you’ll see there’s a security icon [on Zoom] now,” Starr said, pointing out a button on the bottom toolbar of the Zoom screen. “This lets you disable chat and sharing screens and the ability for folks to rename themselves. You can remove a participant right from that security screen now—that used to be pretty buried—to kick somebody out.”
Starr said instructors can also create passcodes, require registration or have participants authenticate through The Nest in order to enter the session. To Starr, authentication is a more “extreme” option.
“Part of the beauty with Zoom is you can click the link and join a session,” Starr said. “It’s a fine balance, but we have to find where it is. We don’t want to make it too difficult to get in, but at the same time, we have to balance that security aspect.”