When USC sent a communitywide email last month after outsiders hijacked two Zoom classes in the Dornsife College of Letters, Arts and Sciences and the Annenberg School for Communication and Journalism, faculty and students did not expect their virtual classes to continue being interrupted.
But days later, a Zoom hacker impersonated Emad Askar, a junior majoring in public policy, during his “Public Policy and Law” class. Three hackers also entered Juliette Wimpfheimer’s “Principles of Microeconomics” class.
Fifteen minutes into the class, Askar heard a student briefly disrupt the class by murmuring a question. When the professor asked for the student to repeat the question, Askar was confused to hear that the professor was talking to him. Noticing that the hacker was using his name, Askar urged his professor to remove the individual from the classroom.
After a back and forth with the hacker and attempting to convince the professor that he was the real student, Askar said the interloper eventually left but not before insulting him.
Following the first Zoombombing disturbances, USC condemned the interruptions and assured new Zoom safeguards in a Universitywide email from President Carol Folt and Provost Charles Zukoski sent March 24.
“Students will be contacted by their instructors with new protocols to prevent this type of disruption and disturbance while attending classes online,” the email read. “We will be vigilant in determining who was responsible for these actions, and we are doing everything in our power to stop it right away.”
In response to the interruptions, the University enacted additional security measures for Zoom calls, such as having professors provide a password with the class meeting link or use the waiting room feature and approve each student to join the class.
“The measures that we have taken to require authenticating in with your USC credentials eliminate the vast majority of the opportunities for Zoombombing,” Chief Information Officer Douglas Shook wrote in an email to the Daily Trojan. “We are encouraging instructors to be very judicious regarding admitting anyone from the waiting room unless they have invited guests to class.”
Wimpfheimer, another student who witnessed a Zoombombing incident, said her Latinx classmate was targeted by three Zoom perpetrators, who directed slurs at them. The hackers also used slurs aimed at the LGBTQ community, played pornographic audio and seemed to be playing video games in the background.
After continued interruptions, the teaching assistant for Wimpfheimer’s class eventually removed the hackers from the class, although it took a while to do so, Wimpfheimer said.
Robert Dekle, Wimpfheimer’s “Principles of Microeconomics” professor, said he believes this experience made the University, faculty and students aware that the platform can be easily hacked and has thus led to stricter security measures. However, he advised everyone — including students, faculty and the University — to be vigilant to prevent future Zoombombings.
“Professors should do his or her best to make sure that the class is secure, and also the University and also the company,” Dekle said. “If it is password protected, [students] shouldn’t give away passwords to friends or they shouldn’t email the link to friends or their acquaintances. They need to take ownership, too, of maintaining security — it’s not just their issue, but it’s the issue for the common good of everyone taking the class.”
Dekle said that while the new measures would shorten class time, the enhanced security was worth the tradeoff.
“Many students don’t come in through the USC [email system] — they’re in the waiting room, so it’s going to take time for the TA to go over one by one,” Dekle said. “It might slow the opening of the class a little bit, but security is important.”
“I started thinking ‘How did they know? Are they going to follow me into other classes? … Do they have private information about me?’” Askar said. “That’s my primary worry, as well as Zoom itself having an incredible amount of access to our private information … I just think we kind of rushed to using this service without really knowing the capabilities and the faults of it.”
The New York City Department of Education banned the use of Zoom for its classes Friday due to concerns about the platform’s security, citing instances of Zoombombing at K-12 schools. The decision followed an FBI warning last week regarding the influx of interlopers on the video-teleconferencing platform. Privacy concerns with the program also include Zoom sharing data to Facebook even of those who are not users of the social media platform, NPR reported. Additionally, flaws in Zoom’s software enable hackers to access a user’s webcam or microphone. According to the company, these issues have since been resolved.
USC plans to continue to use Zoom for remote classes, Shook confirmed in a statement to the Daily Trojan, and is confident in the platform’s use for virtual instruction but expects Zoom to enhance security measures.
Askar said that while Zoom might work in the short term, he thinks USC should find a more secure and reliable platform to use should classes remain remote through the fall.
“It’s going to get way worse before it gets better,” Askar said. “It would be very irresponsible for the school to just assume we’re going to have [in-person] fall classes and that ‘Oh, we can just go another month with Zoom, we’ll survive, we’ll kind of straggle along, limp to the finish line.’”
After the class interruptions, USC added a page about Zoombombing to its course continuity website, recommending students who have encountered attacks targeting protected groups report the incident to the Title IX Office. Staff and faculty who experience an attack against a protected class can notify the Office of Equity and Diversity.