William Fleming, a Weitzman School of Design faculty member, was co-hosting a Zoom call on the Green New Deal with nearly 60 of his colleagues and friends on April 1. An hour in, Fleming said the event was raided by "Nazis."
Fleming, who is the Wilks Family Director of the Ian L. McHarg Center at Weitzman, began co-hosting a weekly "Green New Deal happy hour" in March via video conferencing service Zoom for his colleagues and friends to discuss climate-related issues such as the Green New Deal and the role of landscape architects in the face of climate change. And during one early April meeting, Fleming said 20 to 25 people stormed the Zoom call.
“They started yelling and typing a bunch of incredibly offensive slurs, racial slurs, all kinds of things," Fleming said. "We immediately ended the call after that."
Computing and Educational Technology Services at the School of Engineering and Applied Sciences said they are aware of Zoom's security concerns and have advised professors to set a password for their Zoom meetings and lectures. Despite Fleming's encounter with 'Zoombombing,' other professors and students have not had to deal with security breaches on Zoom.
Zoombombing has come to Penn. The term refers to hackers invading video meetings on Zoom, and the disruptions pose threats to schools across the country that rely on the application for virtual learning. The Federal Bureau of Investigation issued a warning about using Zoom on April 3, citing incidents of conferences being disrupted by hackers sending pornographic images and threatening language.
Following the FBI warning, school officials in New York City, Washington D.C., and Las Vegas announced that they would no longer use Zoom for remote learning due to security concerns, NPR reported.
Many Penn professors have turned to Zoom to conduct lectures, particularly those that are discussion-based, with students.
Kristofor Varhus, CETS Informational Technology senior director, wrote in an email to The Daily Pennsylvanian that Penn Engineering IT has been monitoring and evaluating security issues on Zoom as they have become known.
Varus wrote that Zoom's sudden increase in popularity due to social distancing guidelines has unsurprisingly led to security issues and that he has encouraged faculty to set a password for their Zoom meetings to decrease the chances of Zoombombing.
"Zoom's response [to the security issues] has been encouraging," Varhus wrote. "They quickly released software updates to fix security problems and have announced a feature freeze to focus their efforts on improving security and privacy."
Zoom enacted a 90-day feature freeze on April 1, during which time the company will not implement any new features until safety and privacy issues are fixed.
Fleming said that the happy hours were promoted via social media and emails from the McHarg Center. A link to the Zoom meeting, without password protection, was included in these postings, which is presumably how the Zoombombers were able to hack the meeting.
Many of the Zoombombers joined the call under anonymous names, Fleming said. He has reported the event to Zoom and asked that the unauthenticated accounts be banned from the application. So far, Fleming said he has not heard back from the company about his request.
“The things that make Zoom by far the easiest interface for these kinds of meetings are also why it’s so vulnerable to a bunch of outside people organizing themselves to raid them,” Fleming said.
William Cheswick, a former visiting scholar at the Penn Security Laboratory, said “rookie” mistakes in Zoom's software makes him concerned about its use for remote learning.
“There’s all sorts of stuff wrong with [Zoom's software],” Cheswick said. “The cryptography they used would probably be flunked by a professor in a first-year crypto class. You just never do it the way they tried to do it.”
The Penn Security Laboratory, also known as SECLAB, is a team of faculty, researchers, and students that uses skills such as hacking to investigate vulnerabilities in computer and network security and privacy.
Some Penn students said they enjoy using Zoom for their online classes because of features like breakout rooms that enable them to have smaller discussions with their peers. College first-year Justin McArdle said his 13-person class, SPAN 130: Intermediate Spanish I, meets daily using the same Zoom link.
McArdle said that although the Zoom call does not require a password, there have been no security issues so far.
“I don’t really think I’m concerned about it,” McArdle said. “I guess because there are so few people [in the class], no one is sharing the link."
Fleming said the most recent "Green New Deal happy hour" meeting on April 15 had between 60 to 70 people in attendance. The group still met via Zoom, but security measures such as a waiting room and password were put in place.
“The message we got overwhelmingly from people who were on the Zoom [call] that got raided was, ‘You have to keep doing these. You can’t let something like that stop this,’” Fleming said.
The Daily Pennsylvanian is an independent, student-run newspaper. Please consider making a donation to support the coverage that shapes the University. Your generosity ensures a future of strong journalism at Penn.
Donate