“Zoombombing” What is it and how can you protect yourself?


In the current national climate with the Novel Coronavirus, 40 out of 50 states governors have issued stay at home orders state-wide. One of those 40 states is Minnesota with Governor Tim Walz issuing the order on March 27th.

This has led to an influx of online meetings for Schools like us at St. Cloud State University and Businesses with employees working from home. An increasingly popular host for these video conferences is Zoom Video Communications. These meetings make communication between multiple people easier than through email or conference call.

(Photo Credit: Hakan Nural/Anadolu Agency via CNN)

However, due to a spree of hackers leaching on to meetings across the country your meeting may not be as safe and secure as you think. The more common name for these cyber-attacks are “Zoombombing”. The attacks can range through a variety of unwanted things. Some of these include drawing profane images, symbols, and text. Another form of attack is unwanted individuals entering the meeting and saying profane words or racial slurs.

This has been seen in many forms across the country derailing public meetings such as, classes at the University of Southern California. Where individuals have signed into Zoom Lectures and started using racist and vile language to derail the class. Another instance of this is where an individual from Orange County, Florida joined in a public chat and exposed himself on camera.

(Photo Credit: CNN)

“In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction.” Stated the Federal Bureau of Investigation’s Boston Field Office in a press release posted on Monday March 30th.  It continued to outline a second incident in the region. “A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual. In this incident, the individual was visible on the video camera and displayed swastika tattoos.”

Zoom has commented on this issue, In a Blog post from Friday March 20th on the company’s website.

“When you share your meeting link on social media or other public forums, that makes your event … extremely public. ANYONE with the link can join your meeting.” It went on to say, “Familiarize yourself with Zoom’s settings and features so you understand how to protect your virtual space when you need to. For example, the Waiting Room is an unbelievably helpful feature for hosts to control who comes and goes”.

A representative from Zoom stated in an email to UTVS News that they are “deeply upset to hear about the incidents involving this type of attack and we strongly condemn such behavior.” They go on to say “We have been actively educating users on how they can protect their meetings… We have also been offering trainings, tutorials, and webinars to help users understand their own account features and how to best use the platform.”

Zoom also recommended to report any incidents directly to Zoom Support. The FBI also gave some tips on how to stay safe when teleconferencing in their Monday press release.

“Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.” They continued, “Manage screensharing options. In Zoom, change screensharing to “Host Only.”

(Photo Credit: Flickr)

At the bottom of the release the FBI stressed that if you are the victim of a teleconference hijacking that you should report it to the Bureau through their Internet Crime Complaint Center at ic3.gov. They also go on to say that if you are specifically threatened in a teleconference to report it at tips.fbi.gov or call your local FBI Field Office. I reached out to the FBI’s Minneapolis Field Office for comment on this issue, and they have yet to respond to my inquiry.

St. Cloud State also echoed these recommendations in their Town Hall from Friday, April 3rd.

“What has been shared by outside individuals on chat is unacceptable, it’s absolutely unconscionable that people would do that. And I am here to tell you that it is not St. Cloud State’s values, and we are working hard to make sure that doesn’t happen again.” Said St. Cloud State President Dr. Robbyn Wacker, when addressing the town hall viewers.

(St. Cloud State Video Town Hall, April 3rd, 2020

Deputy Chief Officer of Information Technology Services Phil Thorson added “We (SCSU) have a number of good support documents already out there on the website and knowledge bases.”

If you would like to access these resources or any others from the university about COVID-19 you can visit www.stcloudstate.edu/emergency/covid19/default.aspx . Additionally, St. Cloud State Information Technology Services has a page dedicated to Zoom Conferencing and you can access that at https://www.stcloudstate.edu/its/services/media/zoom.aspx .

Comments are closed.