Getting educated on security to combat Zoom-bombings

April 14, 2021

UNIVERSITY PARK, Pa. — Since the start of the COVID-19 pandemic, many universities across the nation, including Penn State, have seen a surge in Zoom-bombings, where individuals maliciously hijack and disrupt videoconferencing meetings with the intent to wreak havoc, cause distress, and upset meeting participants. Penn State takes all incidents of Zoom-bombing seriously, and instructors, staff and students should report such incidents to University Police immediately.  

Instructors, staff and students are urged to remain vigilant in learning the steps to keep Zoom meetings secure and understand why it is critical to refrain from posting links online publicly.  

Susana Garcia Prudencio, a faculty adviser for the Penn State Spanish Club and director of the Spanish basic and intermediate language programs, learned firsthand how quickly and unexpected a Zoom-bombing can occur in a meeting and how a host’s fast action can take control of the situation and remove unwanted guests. 

Fortunately, Prudencio had recently received Zoom resources and information from her dean and department head on how to handle Zoom-bombings.

“What was most helpful was the video on how to take action to secure your meetings that is on a banner, front and center, on the zoom.psu.edu website,” Prudencio said. “It was short, about four minutes long, and direct to the point. After the incident, I asked my students and other members of the Spanish Club to watch it as well.”

Additional Zoom training resources, Knowledge Base articles, and Zoom Office Hoursprovided by Penn State IT Learning and Development on Wednesdays from noon to 2 p.m. through May 5, also are available on the Zoom website

Sign up to be notified when registration is available to attend Zoom Security: Take Action to Secure Your MeetingsParticipants will learn to update their global settings for increased security, create a secure Zoom meeting, learn about security options available during meetings, and what to do in the event of a security disruption.

With Penn State spring graduation fast approaching and upcoming end-of-semester Zoom events planned, it is important to continue to remain vigilant in understanding the security settings that keep meetings secure from unwanted attendees. 

To advertise and promote Zoom events publicly, it is strongly recommended to convert the meeting to a webinar, which will give the host more control over who participates with video, audio, chat and screen sharing. To convert a meeting into a webinar, the scheduled meeting must use an automatically generated meeting ID and cannot be scheduled with one’s personal meeting ID. Under the "Schedule Meeting" options, select "Generate Automatically" in the meeting ID section.  

“As the faculty adviser for the Spanish Club, every other week, the Spanish Club organizes a conversation hour via Zoom with a high school in Ecuador, so students can practice Spanish and English,” said Prudencio. “We enabled the waiting room in the Zoom meeting, and a number of faculty as well as teachers from the high school in Ecuador would lead the students in conversations in smaller breakout rooms.” 

The host of the Zoom meeting was Sarah Nicole Raver, a junior in chemical engineering at Penn State and the president of the Spanish Club. 

“At first, nothing seemed out of the ordinary; like in the past, we had advertised the Zoom conversation hour via our Spanish Club listserv, the Penn State Spanish Department Facebook group page, which is a closed group, our Twitter account, and sent the link to teachers and students in Ecuador,” explained Raver. 

Prudencio added, “Usually, we don’t have any issues with Zoom meetings because the participants are authenticated Penn State users. But in this situation, it was an event open to non-Penn State users. Throughout the conversation hour, we continued to allow students to join the Zoom meeting at any time, and we were seeing that there were participants in the waiting room, so we allowed those participants to join the meeting, and they were added to their own breakout room.”

About 40 participants in total, including students, teachers in Ecuador, and faculty advisers at Penn State, were split into breakout rooms. The host was able to jump between the breakout rooms to give instructions and to check in with participants. 

What we didn’t do was assign co-hosts to each of the breakout rooms so they could have meeting controls,” said Raver. 

In one of the breakout rooms, a faculty member was met with participants who started screaming and sharing inappropriate images. The host was immediately alerted to join the breakout room. Upon joining, Raver was able to mute the disruptive participants and find Zoom's security button to remove them from the meeting

“The whole incident happened in a matter of a few minutes. Even though I was the host, I am usually on the student-end of Zoom meetings, so I don’t typically have host controls. I had to figure out very quickly where the buttons were to mute and remove the participants,” said Raver. “It is unclear who these individuals were and how they found our Zoom link, but we were able to print out a participants’ log and report it to the University Police.” 

In addition to reviewing the training resources and Knowledge Base articles on the Zoom website, Prudencio also attended Zoom Office Hours, where instructors and staff can ask any questions they may have about how to use Zoom effectively.  

As a student, Raver admits that before the Zoom-bombing incident in March, she never really paid much attention to the specific measures to prevent Zoom-bombings.

“It was one of those things where you just don’t think it will happen to you, so you think that the security measures you already have in place are good enough,” Raver saidBut after the event, I did take time to watch the video on the zoom.psu.edu website to learn how to secure meetings and what to do if a Zoom-bombing does occur.” 

Check out this Knowledge Base article on how to report Zoom-bombing incidents, as well as which offices can provide additional support and resources: Zoom: What to do Following a Zoom-Bombing Incident

Understanding the security features in Zoom, properly using the settings for meetings or webinars, and being cautious on how links are shared to intended participants are the keys to having safe and secure Zoom meetings. 

For the latest Zoom updates, news, resources, support and training information, visit zoom.psu.edu.   

 

Last Updated April 14, 2021