PUMS Zoom bombing incident prompts district to strengthen cybersecurity

February, 2021
Abigail BaoPeter Eaton


https://yusjougmsdnhcsksadaw.supabase.co/storage/v1/object/public/images/IMG_1455-1024x882.jpeg?t=2022-09-27T21%3A55%3A44.204Z

An unknown individual interrupted a sixth-grade Zoom meeting at Princeton Unified Middle School on January 8 and exposed the students to lewd drawings and a racial slur. At the time of the incident, the students were in a grade-wide community period, watching a video by Baratunde Thurston which centered around using citizenship as a verb. The meeting’s purpose was to teach students what it means to be a good citizen in society and how to treat others around them respectfully.

The Princeton Police Department is currently running an investigation of the Zoom “bombing.” This incident also propelled the district administration to modify its former online security system.

The middle school originally posted the Zoom link onto Canvas and Princeton Public School’s website. This unwittingly created an opportunity for an outside individual to take advantage of the open-access websites and links.

“There are things called web crawlers and what they do is they… go through websites to try and find things like [public zoom meetings],” explained Krista Galyon, Director of Technology and Innovation for the district. “Somebody found a… school district Zoom link and posted it on their social media account… and then people just [tried] to jump on if there’s no security.”

As a result of this incident, the district has adopted stricter approaches to online security. The main change focuses on Zoom settings — in order to prevent Zoom bombing, the district has turned on the default authentication system which only allows people with emails in the Princeton Public School domain to gain access.

“All Zoom links [now] require authentication unless you go back and disable that feature… if you are meeting with somebody outside of the district,” Galyon said.

Beyond preventing outsiders from joining protected Zoom calls, the authentication system has other measures that enhance cybersecurity.

“Everybody’s identity is now known because of the authentication feature,” Galyon said, “Even if I decided to go on and change my display name... in the records of this Zoom call, the name … will still be next to my email address.”

The online nature of the Zoom bombing also brings unique challenges to the Police Department’s investigation into the incident.

“it’s easier to hide online… [because] there is more anonymity online,” said Detective Ben Gering from the Princeton Police Department.

Nevertheless, there are still methods of identifying the perpetrators of online crimes. Every computer is equipped with its own media access control and internet protocol (IP) addresses, both of which are unique and allow police departments to trace online activities back to the individual.

Zoom bombings do not go without punishment: cyber harassment is a fourth-degree crime in New Jersey. The maximum punishment could be up to 18 months in prison and a $10,000 fine.

The ongoing investigation has not revealed the identity of the culprit; however, Jason Burr, Principal of PUMS, assures that the culprit was not a PUMS student.

“We are confident that it was none of our kids who were engaged in this particular event,” said Burr.

PUMS has launched educational programs for students to more responsibly practice digital citizenship.

“Our counselors and our Assistant Principals went and delivered… three lessons to students, as a result, to remind them that… good digital citizenship means not only do you not do these things but when these [incidents] happen, [we must] be supportive of each other,” Burr said.

Galyon expressed optimism regarding the current cybersecurity state of the district, including the measures taken to prevent any further incidents such as the zoom bombing.

“From the technology side… I wouldn’t [feel] there is any specific space or direction for improvement. I’m very comfortable with Zoom and what they’re doing… and the way that we now have all of the accounts secured.”

Elizabeth Collier, Public Information Officer for the district, expanded on Galyon’s response regarding the district’s security adjustments.

“It’s sort of a recreational thing for hackers to try to hack into all different platforms, and Zoom as a platform has had issues of their own that they’ve worked to correct,” said Collier. “The good thing that the district is doing is that we’re following all the right procedures. We’re following best practices. … You can never guarantee what’s going to happen in the future, but you can say that we’ve made every effort to make the Zoom [meetings] safe for our students.”


Subscribing helps us make more articles like this.

For $30.00 a year, subscribers to The Tower will receive all eight issues shipped to their home or business over the course of the year.