IT takes steps to mitigate technology concerns, address ‘zoombombing’

(Illustration by Julie Freijat | Collegian Media Group)

As Kansas State transitioned to online courses, Zoom, a video-chatting service, became an instrumental component of keeping classes connected.

However, Zoom is not without its issues. A new trend called Zoombombing has become popular. It occurs when control is taken away from the host by an uninvited individual who often shares obscene or offensive material.

Jansen Penny, senior in industrial engineering and former student body president, was participating in student senate on March 26 when the call was interrupted by a zoombomber.

The topic of discussion was a bill that involved allocating student fees to a speaker who was invited to campus. Students who were not current members of the Student Governing Association wanted the chance to speak during them meeting or at least hear the bill.

Several minutes before the meeting began, someone started to share their screen and played an adult video and shared inappropriate drawings. It played for an estimated 10 to 20 seconds before the host of the meeting was able to shut their computer off.

SGA is unique in the fact that it is an offset of the university, meaning that the organization has to comply with the Kansas Open Meeting Act and the Kansas Open Records Act, which are enforced by the Kansas attorney general. Their Zoom meeting links have to be open and accessible.

“It’s something that makes us unique in a way,” Penny said. “Not a lot of organizations have to worry about a lawsuit from the state of Kansas or from people who don’t find the meetings accessible. It is something we work with General Council about.”

Penny said they were receiving criticism for not being open with their Zoom links for the meeting, so they made the choice to put the link on their Twitter accounts. They also sent it out to the all-SGA list, comprised of more than 150 people.

The day after the incident occurred, Penny made Gary Pratt, chief information officer, aware of what happened and recommended that he and his team make resources readily available to prevent it from occurring again in the future.

An article was published soon after on the K-State’s website about Zoombombing and ways to mitigate it.

“I was very impressed with how K-State handled it,” Penny said. “I brought it up to them the morning after it happened and by the end of the day, they were looking into how we can help others knowing that it was the Thursday before online classes began.”

The IT department also plays a role in supporting academic continuity at K-State.

“Everything revolves around technology these days,” Pratt said. “So, we have really been at the root of a lot of things.”

Pratt says the IT department has had very few issues during the transition, thanks to the recommendations of Chad Currier, chief operating officer and chief security officer.

Currier set up two test days for the approximately 300 staff members in central IT as well as external IT units across campus.

In regards to Zoom, the university has licensing for the product, which is why it is used as the primary web conferencing platform.

“It is the platform that we had and we’ve been Zoom customers for a really long time,” Currier said. “It is the platform that we have been leveraging and utilizing and we feel like we have a strong relationship with that particular vendor.”

Both Currier and Pratt are aware of “Zoom bombing” and are conducting training and giving directions to help mitigate concerns.

Pratt said he is thoroughly impressed at the way the company has bounced back.

“Zoom has actually been very straightforward,” Pratt said. “They come out with weekly messages saying that there is an issue and they are going to respond. They picked up the pieces very quickly recognizing that there were problems and they responded accordingly.”

One of the reasons Zoom had issues early on was the massive increase in users they inherited when campuses began to close due to COVID-19.

“No technology companies are prepared to do that,” Pratt said.

There are vulnerabilities in almost all software applications, Currier said.

“We have seen similar trends with Facebook,” he said. “We have seen it with Microsoft, and we believe that Zoom will come out on the other end of this a better company and a lot more secure. We are still fans of Zoom.”

Russell Harp, campus visits coordinator, said they have not had any issues with “Zoom bombing” and are taking the correct precautions — including only giving out links through confirmation emails. Doing this has eliminated the possibility of any uninvited users from logging in.

“We are trying our best to make sure that [Zoom bombing] doesn’t happen through these security measures and also educating everyone so that they have the right settings when they are the host,” Harp said.