Penn hit with two ‘Zoom bombings’ last week, prompting profs. to increase class security

'Zoombombing' has returned to Penn. Last week, multiple large lecture classes held over Zoom were raided by unknown people yelling racial and homophobic slurs, forcing professors to end the classes prematurely.

BIOL 101: Introduction to Biology A, which took place at 1 p.m., and CRIM 100: Criminology, which took place at 2 p.m., were 'Zoom bombed' — a term used to refer to hackers invading video meetings on Zoom — last Wednesday. BIOL 101 professor John Wagner and CRIM 100 professor Charles Loeffler said their Zoom sessions were password-protected, and are unsure how the hackers obtained access to the meetings.

Halfway into his BIOL 101 lecture, Wagner noticed that a couple of new users had entered the call. One of them began shouting racial and homophobic slurs, followed by the rest. He successfully kicked the users out of the Zoom call and ended the lecture early.

“I was completely surprised when it happened,” Wagner said. “I had to shut [the lecture] down. I was very surprised, and then I got very upset afterwards.”

College junior and BIOL 101 student Darya Bershadskaya left the call early after feeling uncomfortable listening to the offensive language blaring out during the raid. She said she felt that the existing security for the Zoom call was sufficient and never expected hackers to sabotage the lecture.

She added that despite the incident, she is thankful to the BIOL 101 professors — Wagner and Biology professor Richard Scott Poethig — for making the effort to conduct synchronous classes and mimic the experience of a lecture during a normal semester.

“I feel bad for the professors. I feel like they’re trying hard to make up for their inexperience with Zoom,” Berdshadskaya said. “The live session is [the professors] trying to make an effort to get to know the students.”

Wagner said he received over 25 emails from students after the incident offering words of support and concern over what had just happened. 

“[The students were] supportive of what [the professors and TAs] are trying to do and how invasive this was," he said. "I was really proud of them.”

Loeffler recounted nearly the same experience with CRIM 100's Zoom raid, which occurred approximately an hour after the disruption in BIOL 101. 

College first-year and student in CRIM 100 Isabelle Weiss said she first thought that someone was streaming loud music but quickly realized the class was being hacked, as the hackers repetitively blared inappropriate language and racial slurs such as penis and the N-word.

Loeffler said he and his teaching assistants attempted to kick out the intruders, though some rejoined under different usernames. After Loeffler succeeded in kicking out the users, he attempted to continue the lecture. He and the students, however, were too shaken up by the raid, prompting Loeffler to end the class early.

“We all tried to watch the lecture, but it was really hard to concentrate after all that,” Weiss said. “[The Zoom bombing] was a disturbing experience.”

Wagner believed that the hackers had accessed a student group chat for BIOL 101 while pretending to be a student who could not find the Zoom link to the class. He said Zoom offers security measures that limit a call’s access to individuals with a Penn email, but he elected not to require students to enter their Penn email and password every time they attended class. Because the class largely consists of first-year students, Wagner said he was worried students would have trouble accessing his lectures with these extra steps. 

Wagner said he regretted his decision to not implement such precautions at the beginning of the semester and will do so moving forward.

“People should be aware that this is really happening at Penn, and they should probably take some precautions," he said.

Weiss, on the other hand, said requiring students to log in with extra steps would make some students late for class due to technical confusion, particularly for students, like herself, who are not used to navigating Zoom.

“I’m not sure if it’s worth making it that much more difficult for students to join class just to prevent something that might not happen again,” she said.

Loeffler said he will also implement a Penn email certification to his synchronous Zoom sessions, in addition to utilizing waiting rooms and a registration system to issue links. He echoed Weiss's thoughts that doing so, however, may make accessing synchronous class sessions more confusing for students.

“There’s a tension between accessibility and vulnerability,” he said. “One of the things that makes Zoom so useful for so many people is how easy it is to share a link and to access a session."

Wagner said he previously had not heard of any Penn professors having to deal with 'Zoom bombing' and therefore was under the impression that Penn classes over Zoom were protected from these raids.  

“I would have appreciated hearing from somebody that this was happening at Penn and that we needed to close vulnerabilities," he said.

Last April, a Weitzman School of Design faculty member's Zoom call with nearly 60 colleagues and friends was similarly raided by a group of unknown people yelling offensive slurs. After schools across the U.S. shifted classes online following the coronavirus outbreak in March, the Federal Bureau of Investigation issued a warning about using Zoom, citing incidents of conferences being disrupted by hackers sending pornographic images and threatening language.

Loeffler said that while online video conferencing platforms like Zoom have allowed classes to shift online and continue despite the COVID-19 pandemic, the risks associated with the online learning environment will always exist. Wagner agreed, adding that professors and students are working together to navigate this unprecedented online semester.

“There’s a lot of different problems that come with doing online courses if you don’t have much experience, and I’ve had a really good experience working with students to make the best of it,” Wagner said.