Zoom has been an extremely useful platform, not only to EABH but to everyone who has been locked inside because of COVID-19, and has had no other choice in finding a new alternative to in-person meetings. Up until now, for our school at least, it had all been fun and games. But what happens when Zoom meetings “go wrong” and hackers invade sessions to interrupt classes and attack its participants?
With the rising demand for Zoom, as online gatherings became one of the only options for many organizations, internet trolls and hackers attempt to dodge the boredom of quarantine by entering zoom meetings uninvited, disrupting sessions with racial slurs, profanity, and pornography to get a few cheap laughs in return. This has become a recurring event all around the world: “Zoombombing”.
It comes as no surprise that most events that would normally occur in person are now being held through Zoom. I’m talking major business meetings, collabs, speeches, classes, book clubs, judicial and medical appointments, among others. Zoombombers have forced big businesses to end meetings, damaging brand deals and corporate agreements, which then had to be postponed or rescheduled. The problem has become so serious, in fact, that the FBI has warned schools, in particular, to be careful and keep an eye for intruders who may want to interrupt classes.
EABH hadn’t been affected by this at first, as students had been properly advised to keep the meeting links private. However, this is not the case any longer, as three of the seventh grade classes have been the target of Zoombombing in the last two weeks.
For many of my interviewees, much like it was for me prior to doing this article, “Zoombombing” wasn’t a concept they were familiar with. I began my research by asking two students if they knew what the term meant and how they reacted when - or would react if - their classes were attacked by these hackers. They admitted to knowing what it was, but none of them knew the actual term. I was surprised by these responses, since they were nearly completely different from one another. Jane Doe stated in a playful manner that “since she is pretty freaked out about viruses and ‘this kind of stuff’,” she would probably be left perplexed when seeing the content displayed on the screen and “would leave the meeting right away, afraid of having some kind of problem or infiltration on [her] computer.” John Doe, on the other hand, said he “wasn’t too surprised or scared away by it.” He claimed to have seen similar pranks on TikTok, Instagram, and Twitter, and simply thought those attempts of entering his class were one of those jokes.
I then asked if their parents would be concerned about such incidents and what they would do when facing this situation. Both students answered the same thing: “Yes, very concerned” and that they would probably contact the school.
“They would like to know what was going on, maybe search for new platforms or better ways to stop that from happening again. Or, if there wasn’t one before, have a required password that changes every meeting.”
Even after speaking to the students and researching about other meetings that had been Zoombombed, there were still some unanswered questions. Were the students sharing those links? Why? Where? What could happen to the school if parents were skeptical about letting their children join class meetings?
When asked how the hackers were getting access to the links, Gustavo said that “they use a random sequence of meeting numbers, and test it. If it works, they enter the conference. It is something that the software itself already has barriers against. It is a very random thing, they do not specify ‘I want to enter a meeting in the US, in this boy’s room.’ It’s not like that.” However, when I talked to Mr. Bricio and Mr. Daniel about the incidents in their own classes, they had a different side to this story.
Mr. Bricio explained that “it kind of created a ‘bad mindset’ because, when it happened, I got an email from IT telling me that my zoom meeting link was posted on Twitter. So, I got the feeling that a student did it. I don’t have any proof, I don’t know for sure. But if it was posted on Twitter, the person had to have the link. All our zoom links have the “eabh” on them, so it’s not like bombing a random zoom meeting, you should know you’re entering a meeting from EABH. And still, it’s not a huge school...It’s not something somebody would randomly type and join. It has to be shared, and I believe it was shared by someone.”
Mr. Daniel added that, at first, he thought it had been a random room selection, “but then a week later it happened in another class, and then another week later, to the same class. That doesn’t seem like a likely possibility. That’s just me putting two and two together, from my perspective. I don’t know all the details.”
I then questioned why they thought a student would share a class link, and their answers were very similar to the ones I had received from the students whom I interviewed.
“Zoombombing classes are a trending thing, people are doing this. So they thought: let’s also do it! When I told them [the students] someone was invading, they even started laughing and asked me to let them join. I didn’t, but they asked.”
“You’re bored. This is a kind of weird version of school that we’re doing at the moment. Like, I get it. I was a stupid kid too.” Mr. Daniel laughed.
Both Mr. Daniel and Mr. Bricio dealt with unsuccessful attempts of Zoombombing, since they realized it was a sort of “prank” when strange names started appearing in the waiting room--lots of them, in fact. Neither one admitted the hackers into the meetings.
I wasn’t able to schedule a meeting with the one teacher who did have her class invaded, Ms. Jane. However, I still asked some of my interviewees if they knew what had happened and how she had handled the situation. Apparently, a hacker entered by mistake - probably unnoticed among other students that were in the waiting room- and started swearing, saying absurd things, and displaying inappropriate images on camera. Ms. Jane ended the meeting immediately and resumed class in another room.
Next, I asked what they thought the consequences were (productivity-wise) and how a class could be disrupted due to Zoombombers.
“I was fortunate that I had just put them on break out rooms, so I literally don’t think that they knew. For me it was just kind of… lucky timing. Normally I think it would be pretty distracting. If they don’t get in, I, personally, don’t think it’s a problem. But if they do, that is quite a large issue, because who knows what they’re gonna say or draw. The bigger concern is what they’re actually doing on camera. You know, these are children. I wouldn’t be offended by it, it would just be distracting.”
I finished the interview by asking if they thought the parents might take a step back or stop trusting the school due to these incidents, and, subsequently, what they thought the school should do in order to fix the problem.
Mr. Bricio declared he doesn’t think the school will have problems with parents; “As I don’t believe there was a security breach, and the school can prove that, there shouldn’t be a clear concern or complaint coming from parents, they shouldn’t stop trusting the school, and I don’t believe they will. The school will talk to them if necessary, our zoom is still safe.”
He wrapped up the meeting by stating that “the school already monitors if our links are posted anywhere else, since, in my case, IT got it right away. The school should have a talk with the students. This wasn’t a breach of security, this was someone intentionally posting the link. Anyone could do it. Well, anyone inside the school. It’s important to talk about those things, how serious they are, and how bad things could happen, as they did in Ms. Jane’s classroom.”
As pointed out, this isn’t as much a security flaw as it is a problem caused by the misuse of meeting links, that can be shared in social media or even through private messages exchanged by the participants. Some researchers have raised doubts regarding the safety of using Zoom, coming to the point of stating that flaws in its software “could let hackers spy through a computer’s webcam or microphone.” However, Zoom has shut down such accusations by declaring that they had already handled the complaints and fixed what seemed to be the problem early on in the pandemic.
When this happens, it disrupts classroom time and productivity as teachers are forced to end meetings on account of Zoombombing. It also shifts students’ attention to things other than learning and may even cause questioning or lack of trust regarding the school and what is being displayed, even if by “accident”, in video-conferences.
The school will handle Zoombombers by using the already existing tools on Zoom (disabling participant screen share, posting a specific and altering meeting link, using the waiting room and checking student names, among other basic protocols) and will, additionally, suspend any students who are found contributing to Zoombombing.
From the looks of it, the school has already taken care of this issue and the incidents haven't had any serious repercussions to student learning. What we can take from them is simply the importance of being careful with what you share on the internet. Today, it’s extremely easy to get access to basically anything online. In these unstable times, if we can’t count on a safe platform for classes or, most importantly, count on the students, EABH will have more headaches due to digital learning, at least until the end of quarantine. Although this time there wasn’t severe damage to the school or to the students’ personal devices, it’s always good to remember that what you put out there can be used for the wrong purposes and that actions may have irreversible consequences.