This story was first published in The Davidsonian. Click here to view the original story.
During a discussion on President Donald Trump towards the end of a COM 216: Rhetorics of Masculinities class last Tuesday, students noticed a stranger in their Zoom room. Wearing a camouflage "Make America Great Again" hat, the individual had set his username as "Hillary" and projected the face of an ape as his green screen background. After noticing the intruder himself and receiving messages from concerned students, Dr. Antonio Spikes announced he would end the session, prompting the stranger to yell "Trump 2020."
The incident in Dr. Spikes' class and several others at Davidson join the growing number of online meeting hijackings across the country, a trend labeled "Zoombombing." Video conferencing platform Zoom has experienced a surge in popularity during the COVID-19 pandemic, going from 10 million daily users in December to over 200 million last month, according to the company, but the growth has also triggered security concerns.
Last week, the FBI issued a warning on reports of online meetings interrupted by "pornographic and/or hate images and threatening language." Soon after, the New York City Department of Education banned its teachers and students from using Zoom over related concerns.
"Zoom ran under the radar for quite a while," Visiting Assistant Professor of Computer Science Dr. Doug Locke commented. "Suddenly, everybody knows what [Zoom] is, which means the hacker world also gets really interested. They are always interested in dealing with anything that is big that they can make a smash in. They somehow think it's intelligent to do what they do."
While hacking and online trolling are as old as the Internet, Zoombombings have proliferated over the past week as virtually every industry, from finance to education, moves their meetings online. Many classrooms have proven especially sensitive targets as students are exposed to racist or explicit Zoombombing content.
"It's really disappointing to see [Zoombombings] happening in the realm of people trying to work remotely and trying to teach and learn remotely. It feels like we've got enough going on with a global pandemic health crisis that you'd hope we could take a break from people bringing harmful materials literally into the homes of people trying to learn and work," Davidson's Chief Information Officer Kevin Davis said.
"It's hard enough to adjust to the new way we're doing classes, and Zoombombings don't make it easier for anyone; it's just another layer of difficulty," COM 216 student Ellie Hudson '20 commented.
COM 216 members where also taken aback by their Zoombomber and his pro-Trump demonstration, especially given that it occurred during their first classroom session dedicated to discussing the President.
"It was incredibly uncomfortable, especially in a class that you're supposed to be able to say what you think […] I think his attire and name made it more stressful than if it had just been a random stranger," said Grace Ward '20, another student in the class, with sentiments echoed by Dr. Spikes.
"His virtual background was of a monkey with some type of green foliage on his nose. To me, that was a racist jab at me, which is actually consistent with a lot of what some people have experienced when it comes to Zoombombing," Dr. Spikes noted, explaining that when he first saw the stranger he experienced "a mixture of shock and confusion and fear and anger."
Dr. Spikes also criticized media portrayals of Zoombombers. One of the first articles he read on the subject "characterized Zoombombers as people who are just bored due to the social distancing measures." To Dr. Spikes, "by characterizing these individuals as people who are bored, we may be unintentionally excusing their behaviors or minimizing the severity of these actions."
On Thursday, April 2nd, Dr. Mark Foley's ECO 320: Psychology & Economics class faced a Zoombombing of its own when an unknown individual with the username "Miguel" joined class and began interrupting presentations. "It's kind of unnerving […] people are using it for school and realizing how easy it is to just join random Zooms," Eliza Brodie '20 said, noting that Dr. Foley was forced to end the class early.
In response to Zoombombings, Davidson Technology & Innovation (T&I) and Digital Learning developed guidelines for the Davidson community on ways to maintain digital classroom security, including enabling Zoom's waiting room feature and requiring passwords so that only hosts can control who enters a room. T&I first sent out resources via social media on March 23rd after hearing "reports of bad actors" in other colleges' classes.
"I would really encourage faculty members who have not done the security measures to actually implement them right now. You may not think that this could happen to you because you may have a small class or what not, but Zoombombers don't care," Dr. Spikes said while commending T&I's response.
Zoom has also taken recent steps to address educators' security concerns. On March 27th, the company notified Davidson that they had changed the college's default settings so that only hosts would be able to share their screen or classroom content, according to Davis. The previous default allowed anyone with access to a room to share content from the class. Zoom announced in an April 1st post that they would be suspending all feature updates for the next 90 days and concentrating on addressing security concerns and bugs.
T&I Information Security Analyst and Program Manager Chris Hovis "is monitoring the IT security community's assessment of Zoom issues and fixes, and at this time, they are meeting that standard," according to an email from Davis on Sunday, April 5th.
"I'm not unhappy about Davidson using [Zoom]. I doubt that it's any worse than any of the other possible things that we could use," Dr. Locke said, stressing that colleagues had to continue educating themselves about Zoom's features with the help of T&I.
Davis concluded: "I would say that how seriously [Zoom] is taking this and how quickly they're moving is a very good sign. But at the end of the day, it's really going to be on them to prove that they can make the updates they need to and provide the platform in the way that we need them to."