Texas A&M University-San Antonio is re-emphasizing security measures for online events after two “Zoom bombings” disrupted a teach-in and a President’s Commission on Equity conversation series.
The PCOE event was Zoom-bombed on Nov. 2 by unknown individuals playing pornographic videos on the screen while assaulting the chatroom with hateful comments and racial slurs, according to event moderator Tim Gritten. This is the second Zoom bombing incident the university has experienced, raising concerns among the A&M-San Antonio community.
The hybrid in-person and online event was the first of a series promoting healthy discussions about personal beliefs and opinions with those who may hold differing views. It was promoted through university emails and JagSync, where the Zoom link was shared publicly.
“Zoom bombing” is a term referencing when strangers or “bots” enter into planned Zoom meetings, often participating in disruptive and sometimes inappropriate behavior. Zoom is not the only app this can happen on; an intruder only needs access to a virtual room to infiltrate the meeting.
About 10 minutes into the opening statements of the event, Gritten, the university library’s executive director and PCOE co-chair, was interrupted by pornographic material overtaking the screen. The chatroom was flooded with racial slurs as typeface reading “Vote Trump” was displayed across the screen.
About 50 people were attending the event.
The PCOE bombardment lasted about one minute before Gritten ended the meeting. Gritten and a member of the university’s Information Technology Services (ITS) then sent out a different Zoom link for the event, which continued despite the interruption.
“If anything, the Zoom bombing affirmed the need to do more of these,” Gritten said. “It affirmed the need to create opportunities for faculty, staff and students to work through this and to develop these skills that are so critical in working in a diverse society.”
Previous virtual event experiences similar disruption
This comes after a similar incident on Oct. 12, where Zoom-bombers entered the “Afro-Latinx Identity and Anti-Blackness in Texas” teach-in, spreading racial slurs and similar inappropriate images on the screen. The event was co-sponsored by the Language, Literature and Arts Department, Mexican American Student Association and the Mexican American, Latinx, and Borderlands Studies Program and attracted about 40 attendees.
In an email to university administrators Oct. 12, assistant professors of English Katherine Gillen, Adrianna Santos and Sonya Barrera Eddy called for better guidance on how to ensure future Zoom bombings do not occur. According to their email, the October bombing was orchestrated “by a coordinated white supremacist group using the name RAIDCORD.NET.” It is unknown if the November bombing was conducted by the same group.
According to university President Cynthia Teniente-Matson, both incidents are part of a national issue faced by institutions and organizations forced to move operations online because of the coronavirus pandemic.
“We had all the security in place for that particular Zoom meeting,” Matson said of the Nov. 2 event in an interview Nov. 9. “We had (a bombing) happen a couple weeks ago, so by this time, we had shored up all of our protocols. We had IT tech support right then and there in the meeting. Hackers are just putting attention toward finding vulnerabilities in systems even when you have safeguards in place, so we’re going to have to continue to learn.”
ITS weighs in on security guidelines
An email advertising the event was sent to the campus community Nov. 2, just four minutes before the event began. It included a Zoom ID, password and a direct link to the Zoom meeting space. Attendees could also access the meeting via JagSync, where they were prompted to register for the meeting on Zoom.
However, there were seemingly few security measures put in place for this particular event, according to one attendee. Assistant professor of communication Jenny Moore said registrants were not required to wait in a waiting room and there was no secure password for the meeting, making it easy for intruders to gain access.
“I don’t know why there wasn’t a waiting room or a passcode,” Moore said. “If you look on JagSync, the meeting is public, so all you have to do is register for it and then you’re in; you could break in from anywhere.”
Gritten said the PCOE event lacked proper Zoom security measures because of a miscommunication. He said there are new guidelines in place for future events and he will continue in his efforts to ensure safe and educational environments.
“It appears that there was some miscommunication during the setup of the Zoom meeting,” Gritten said Nov. 16 in an email to The Mesquite. “The person who created the meeting did so as a favor for PCOE the Sunday night before the event. As the event organizer, it is really my responsibility to ensure the participants learned in a safe environment, and I did not do so. As such, I must offer my apologies to anyone who endured the assault.”
William Griffenberg, associate vice president for technology, said ITS did not create the meeting link and therefore had no control over what security measures were taken beforehand.
“We’ve done everything that we can possibly do in IT, but we can’t do anything unless we’re the originators of the meeting,” Griffenberg said. “We can’t change the settings even if we’re in the meeting and it happens.”
Griffenberg said that if a meeting is Zoom-bombed, the meeting organizer can stop the disturbance by ending the meeting and starting a new one with safety protocols. He said organizers can also use alternatives like Microsoft Teams or WebEx.
Griffenberg also made a distinction between “hackers” and the incident. Because the Zoom bombers were able to easily access the meeting, hacking did not take place.
“We encourage organizers to lock (meetings) so that they are the only ones who can present, that way anybody can come in, but they can’t take charge of the meeting,” Griffenberg said. “Organizers can also send an invite to people with a password and only those people with that were invited can join.”
- Require participants to register through Zoom before the event.
- Use random meeting IDs for each event; this ensures unique log-in information.
- Disable video functions for participants so their video will not take over the screen.
- Enable the waiting room feature that allows the moderator to let people in at their own pace.
Stephanie Palitos and Andrea Cardona contributed to this story.