A brief exchange is all it took for one student to completely derail an online accounting test at the University of Arizona yesterday.
“Don’t make it too obvious at the start that you are trolling, just ease into it lmao.”
“I got you, me and two other friends are joining.”
Armed with a Zoom videoconference ID, the trolls got to work. Their efforts to disrupt the test resulted in its cancellation. Students have been asked to complete the test in their own time, the university confirmed.
This incident is just one of many disruptions to plague higher education in recent weeks as quarantined keyboard warriors seek to wreak havoc on classes that are suddenly being offered remotely because of the COVID-19 pandemic.
Such trolling, which first drew widespread attention last week, has been dubbed Zoombombing. Some of the disruption to online classrooms is random. Trolls playing “Zoom roulette” simply type a random 10-digit number into Zoom -- the videoconferencing service that many colleges and universities have relied on to move classes to remote instruction on short notice. Then the trolls see where they land.
More often than not, it seems the attacks on higher education classes are targeted. Many students are willingly sharing details of upcoming conference calls in online chat rooms and message boards. Those details often include passwords to private meetings scheduled by users with access to paid Zoom educational accounts.
On social media platforms, users with hundreds of thousands of followers have openly called on students to share details of upcoming classes so that they may disrupt them. And there appears to be no shortage of volunteers.
In “best of” compilation videos on YouTube and in live Zoombombing incidents witnessed by Inside Higher Ed, intruders frequently pose as students before taking over classes.
Some of the disrupters launch into ridiculous lines of questioning, perform supposedly comedic skits or shout or breathe heavily into their microphones. Another popular tactic is to blast loud noises and music, a method known as “ear rape.”
Often the intrusions take a far more sinister turn, with trolls sharing explicit images, streaming pornography, drawing crude images over instructors’ slides, exposing themselves or repeatedly expressing racial slurs -- sometimes aimed at specific instructors or students.
This harassment of minority instructors and students is reminiscent of the Gamergate movement, which describes the sustained misogynistic campaigns waged against women in the gaming community.
Zoombombing attacks, or Zoom raids, are planned on services such as Discord, a communication platform popular among gamers. In a Discord group accessed by Inside Higher Ed, online trolls seemed to delight in the confusion and distress they caused instructors, some of whom, they gleefully reported, had burst into tears. Some members of the group described themselves as wishing to pursue “good old-fashioned trolling” and said they drew the line at “really fucked-up shit” such as sharing child pornography or repeating the N-word over and over. “That’s boring,” one user wrote.
A single intruder can be quickly kicked out by meeting hosts, if they know how to do it. But coordinated attacks by dozens of trolls make it nearly impossible for instructors to take back control. Many Zoombombed classes descend into chaos, forcing instructors to simply shut them down.
Dozens of resources advising instructors on how to secure their videoconference calls have been published in the past week as awareness of Zoombombing grows, including this one from the company itself. The University of California, Berkeley's information security office shared this detailed prevention guide. On Twitter, instructors also shared tips and tricks to prevent intrusions.
There are several simple steps that instructors can take to minimize intrusions, including locking meetings so that no new attendees can join once classes have started and muting all attendees. Adding a password for meetings is a simple deterrent, provided students don’t share the passwords. At the University of Arizona, a spokeswoman said the institution is now advising all instructors to screen call participants in virtual waiting rooms before they start their classes.
As quickly as instructors adapt to best practices however, trolls are finding workarounds. On a recent Reddit thread, one user shared that changing your username to “iPhone” or “Samsung” may fool instructors screening participants into thinking that you are a student calling into the meeting from your cellphone, rather than accessing the call through your computer.
The escalating problem of Zoombombing isn’t exclusive to education. AA meetings, prayer groups and book readings for children have been recently commandeered by Zoombombers. A small number of people have started referring to these trolls as “Zoombies” -- a fitting term for the apocalyptic atmosphere of a nation gripped by a global pandemic.
“It’s important for faculty to understand that they are not alone in dealing with this,” said Liz Gross, founder and CEO of Campus Sonar, a company that develops social media strategies for higher education institutions.
Campus Sonar has been tracking public online conversations about higher education and the impact of the coronavirus online since March. The term "Zoombombing" didn’t show up in the company’s data set until March 21, Gross said.
“It had minimal mentions until March 31 and April 1, when we detected a threefold increase in Zoombombing mentions.”
Gross predicts that the trend will "likely get worse before it gets better" as online groups start to copy each other's Zoombombing antics.
While some students have complained about the disruption caused by Zoombombing on Twitter and other online forums, others seem to find the practice amusing, Gross said. Some trolls may be engaging in Zoombombing just for the sake of causing disruption, but others may see it as an opportunity to promote certain political agendas, including spreading extreme right-wing views through a practice known as "dropping redpills."
“I found one concerning message on 4chan from March 31 in a thread about politics suggesting that since millions of students across America are in online classes on Zoom, 4chan users could get into those classrooms and ‘drop redpills,’” said Gross. “They went on further to quip that they could ‘redpill entire schools’ if only a few committed to it.”
The link between Zoombombing and criminal activity was highlighted this week by an advisory from the FBI encouraging people who are the victims of videoconference hijacking to report it as a cybercrime.
Increased use of videoconferencing tools by higher education institutions, the private sector and government agencies in the wake of the coronavirus could be exploited by cybercriminals to steal sensitive information and target individuals, the FBI also warned.
The FBI’s Internet Crime Complaint Center, or IC3, reported that as of March 30, it has received and reviewed more than 1,200 complaints related to COVID-19 scams. These include phishing campaigns targeting first responders, distributed denial of service attacks against government agencies and ransomware attacks at medical facilities.
These same groups “will target businesses and individuals working from home via telework software vulnerabilities, education technology platforms and new business email compromise schemes,” the FBI predicted.
The rise of Zoombombing provides an opportunity for institutions to talk about the importance of data security and privacy online, said Brian Kelly, director of the cybersecurity program at higher education IT membership group Educause.
Despite many negative news articles criticizing weaknesses in the Zoom videoconferencing platform this week, Kelly says the product is not “inherently less secure” than other videoconferencing tools. It is simply under increased scrutiny since so many people are now using it.
“Zoom has been very responsive to the criticism,” said Kelly. "They aren’t circling the wagons."
He noted that earlier this week, Zoom changed the default settings for users with educational Zoom licenses so that only hosts can share content, and the company is continuously making updates. “There is some risk with all of these platforms. The trick is learning to mitigate that risk,” he said.
Zoom's CEO, Eric Yuan, wrote in a blog post Wednesday that the company would be focusing exclusively on bolstering its security and privacy over the next 90 days.
"We appreciate the scrutiny and questions we have been getting -- about how the service works, about our infrastructure and capacity, and about our privacy and security policies. These are questions that will make Zoom better, both as a company and for all its users," wrote Yuan.
"We recognize that we have fallen short of the community's -- and our own -- privacy and security expectations. For that, I am deeply sorry and I want to share what we are doing about it."