At the end of an otherwise typical Zoom class session on March 3, Diablo Valley College mathematics instructor Julie Walters was fielding students’ questions. As her students watched her solve a math problem, Professor Walters didn’t notice the video conference participant wearing a shower cap and holding a bath scrub. That is, until the oddly attired student’s input morphed from questions about the math problem in progress to harassment of Walters. It then became clear that this “student” was not a part of her class.

“He accused me of lying and saying problems like this weren’t going to be on the exam,” Walters recounted. Despite her shock, she responded quickly to the surprising disruption. “I was able to control the situation a bit and redirect him.”

Professor Walters’s experience is hardly unique. In the Covid-19 academic landscape, Zoom and other live video conference applications have become the new classroom space for students ranging from kindergarten to college. Now, along with the usual challenges of online instruction, students and teachers are facing an unpleasant and disruptive contender in the mix: Zoom-bombings.

The interruptions to classes in session can often involve pranks, loud noises, racial insults, or obscene images from uninvited participants looking for kicks. Despite Zoom implementing default password protection in March of last year, Zoom-bombers continue to find ways to get around the company’s security tools.

Frequently, whether in academic or professional settings, these attacks are an inside job.

 According to Wired, results from research gathered by Boston University and Binghamton University, spanning from December 2019 to July 2020, revealed that most Zoom-bombers are invited to attend by the video call’s participants. By publicly posting the meeting information online to sites such as the anonymous, image-based 4chan and social media giant Twitter, Zoom participants give attackers access to class video conferences where they can create mayhem.

The research showed that 70 percent of calls for Zoom-bombing on 4chan were inside jobs, meaning participants in video conference calls had shared sensitive information with site users to encourage interruptions. More Zoom-bombing opportunities created by shared information were found on Twitter, accounting for 82 percent of announced raids on the application.

Despite Zoom’s efforts to tighten security, passwords cannot protect a meeting if someone on the inside shares that information online. Intruders can also impersonate participants to gain access to the call if the list of invitee names is made public.

High school and college courses are especially subject to intrusion, as 74 percent of Zoom-bombing incidents organized on 4chan, and 59 percent organized on Twitter, have targeted these age groups, according to the research.

The Zoom-bombing that Walters experienced occurred despite her use of password protection limiting access to the call. After Walters invited the class to rejoin her for office hours if they had any questions, many students attended to discuss what had happened.

Walters said she performed damage control, posting a Canvas announcement that confirmed the interruption was not instigated by any member of the class and that the comments made by the person should be ignored.

The article in Wired, by reporter Andy Greenberg, noted that adjusting Zoom’s security settings to only allow call participants who are logged in and authenticated to join a meeting offers more insurance against Zoom-bombers, as does utilizing the default password protection feature.

DVC has responded to an increase in Zoom-bombings by sending out information to all faculty regarding safety protocols and advising teachers to report perpetrators following any incidents.

Walters has since enabled Zoom’s “waiting room” feature, which allows the meeting host to control when a participant joins the conference.

“[The Zoom-bombing] was a bit demoralizing,” she said. “I want my students to have a positive experience whether via Zoom or face-to-face. I was relieved the Zoom-bomber didn’t say anything negative about anyone in my class.”