Jordan Scott, a high school student in Conejo Valley, logged on to the Zoom video-conferencing platform Tuesday evening hoping for some sense of normalcy after all the overwhelming changes brought on by the coronavirus pandemic.
Her school district was about to hold its first public meeting online, and Scott, the student board trustee, was just catching her breath after a week of helping classmates grapple with school closures, canceled events and the switch to stay-at-home learning.
Familiar faces popped up on the screen — fellow board members and district staff. But minutes before the meeting was about to start, a number of unrecognized users jumped into the group meeting and began chanting the N-word repeatedly. Close-up pornographic images suddenly took over the center screen.
The horrifying images and voices continued as the ugliest corners of the internet crashed this public online gathering. At least one unknown user cackled. School board members were sexually harassed and threatened. One voice said if someone could hack into a Zoom meeting, home addresses could be discovered as well.
“I immediately closed my laptop,” said Scott, a senior and AP-Honors student at Westlake High School in Thousand Oaks. She then paused her comments, collected her thoughts and recalled the experience:
“I was uncomfortable — being a female, and 17 years old, and African American, hearing the N-word, watching sexual intercourse knowing that my male colleagues were watching the same thing that I was looking at, hearing sexual harassment directed at my female colleagues … I felt like it would be best to just remove myself from the meeting."
With millions of people now turning to Zoom and other video-conferencing platforms to stay connected while physically apart, “Zoom-bombing” has also piled on to the many stresses overwhelming schools, companies and community groups transitioning to online lessons and meetings.
A Zoom spokesperson said in a statement that “we take the security of Zoom meetings seriously and we are deeply upset to hear about the incidents involving this type of attack.” The company urged users to report misuse.
A relatively new frontier of internet trolling, Zoom-bombing has taken over video conferences and “work from home happy hours” with hateful images and vulgar screen-shares.
Local groups just trying to provide a virtual hangout for their communities have had to terminate online events. Last week, Chipotle tried to host a public Zoom event with the popular musician Lauv — but had to shut down after someone started broadcasting hardcore porn to the hundreds of people tuning in.
As more and more colleges and school districts scramble to set up Zoom classrooms as a stand-in for canceled in-person classes, these internet bullies have found another vulnerable space.
Some grade-school teachers have already shied away from teaching their youngest students on this platform. Teachers in at least one Los Angeles public school stopped using the platform at the end of last week. Districtwide, Los Angeles Unified officials said that Zoom was one of several approved platforms that teachers could utilize, but they acknowledged that the potential security problem has been flagged.
"We are encouraging people to use what they need to get up and running with distance learning. But regardless of whether that's Zoom or other online resources, folks still have to take the appropriate security precautions," said LAUSD board member Nick Melvoin. "That's also why the training component for teachers and families is so important."
At USC, top administrators on Tuesday apologized to the school community after some virtual lectures fell prey to people crashing in with “racist and vile language.”
“We are deeply saddened that our students and faculty have had to witness such despicable acts,” USC President Carol L. Folt and Provost Charles Zukoski wrote in a universitywide letter. “You have all worked tirelessly to make the transition from in-class learning to remote learning and have done so quickly to maintain our academic progress and continuity.”
Officials at USC and other universities across the nation are working quickly to implement safeguards and new protocols. Memos by information security offices like the ones at USC and UC Berkeley have been circulating this week to students and faculty. Many warned about Zoom-bombing and laid out steps to manage screen-sharing and turning off public settings.
There is a default setting on Zoom that permits any meeting participant to share their screen. Meeting hosts should be aware that anyone who has the link to a public meeting can jump in. These links are often shared on social media and easy to dig up on public event pages.
Platforms like Zoom were built mainly to serve as a business tool — not a social tool used by the millions of people suddenly stuck at home. Moderating user behavior (and online trolls) at such a large scale was not necessarily as well-established at Zoom as companies such as Facebook and Twitter.
In a post titled “How to Keep the Party Crashers from Crashing Your Zoom Event,” Zoom representatives offered detailed tips on how to adjust security settings. Meeting hosts, for example, can change the platform’s default administrative settings and make sure the screen-sharing option is disabled for everyone but the host.
Meeting hosts can also mute participants, and those hosting private meetings or virtual classrooms can set up password protections that prevent uninvited users from joining.
For Conejo Valley school officials, the agenda and log-in information for Tuesday’s meeting had been posted days earlier. When the Zoom crashers took over, officials quickly ended the session and notified the community of “technical difficulties.” They called the police, who are now investigating the matter.
In a letter to the community, school officials said “the District is doing all it can to determine who was responsible, and to prevent something like this from occurring again.” They assured parents and students that “there are clear differences as to how these Zoom teacher hosted meetings will be set up for children, and a set number of invited participants, versus how the Board of Education Meeting was established for the public, and an unlimited number of participants.”
Balancing the need to keep their meetings open to the public, while also protecting the community that they serve, clearly will be an ongoing priority and challenge, officials said. In preparation for Tuesday’s meeting, the district had done several mock meetings and went through what they thought was due diligence in training and tutorials.
“When public officials gather to conduct official business, there is a trust that it is a safe place to meet, respectfully share concerns, and work together for the best interest of the community,” the letter said. “This trust was breached by a person or people intentionally trying to cause great harm at a time when our entire community is trying to cope with a global health crisis.”