Cady Stribling
News Editor
[email protected]
After two professors were Zoom hacked and students reported email scamming, the University implemented a Zoom authentication policy, requiring students to sign in before joining scheduled class sessions.
“Students: starting Monday, Feb. 22, unless otherwise instructed you will be required to authenticate with a Murray State Zoom student account,” according to a Murray State email. “We’ve had several instances where students are not being allowed through the Waiting Room, or courses are being Zoom bombed and meeting links shared, along with passcodes.”
Murray State Chief of Police Jeff Gentry said the police department has seen a recent increase in the amount of students becoming victims to phishing scams, which can be sent via email or come from various social media platforms such as Snapchat.
Biology professor Kate He said she was teaching students to analyze data when an unfamiliar name popped into the waiting room. With 41 students in the class, He said it can be difficult to remember every single student’s name but knew it didn’t look familiar.
He asked the other students if they recognized the unfamiliar name, Kenneth W., but no one was certain.
“I wasn’t sure if I should add him or not, but I thought maybe one of my students changed their name, so I let him in,” He said. “I was still in the middle of sharing my screen to my class, and I let him in from the waiting room. Then after he came in, I was looking at my screen and I heard someone talking and I heard music.”
He stopped screen sharing to check on the class and saw that the sound was coming from the person she’d just let in. She muted the box labeled Kenneth W. and kicked him out of the Zoom; afterwards, she began teaching class again.
He said students were working in groups in breakout rooms when someone entered the waiting room again. When looking at the name, He said she noticed it matched a student who was already in class then asked the student why she was present both in class and in the waiting room. He then realized the hacker was using the student’s name and didn’t let him in.
The hacker then entered the waiting room for a third time with a different student’s name and He thought this was genuinely her student, He said.
“I remembered [the student], she was my student in class, so I just let her in,” He said. “I didn’t think of anything, I just let her in. Once she was in class, I asked her which group she belongs to…this time [the student] types ‘five.’”
Not two or three minutes later, He said the group asked her to join the breakout room and informed her the intruder was not their classmate. After quickly removing the hacker for a third time, He’s students informed her that the hacker only asked some questions about Murray State.
He said the third disruption was the last, and she was still able to complete all the work with her class.
Despite the harmless interactions, He said the experience was still a little scary since the hacker was using student’s names.
“I emailed this incident to my colleagues,” He said. “I just wrote them a note about what happened to my class and to be prepared in case somebody does something similar to their classes, and exactly the second morning, the same person with the same name hacked into my other colleague’s class.”
He also called the service desk to seek assistance and prevent this instance from happening again. About two days later, He said the University changed the Zoom authentication policy.
He said she wondered what the connection was to Murray State and how the hacker got the Zoom information. He said she’d never had a problem like this before but was very glad when the University sent the Zoom policy change quickly after.
Suman Neupane, assistant professor of botany, said this is his first semester teaching a class over Zoom and had not yet had issues until the same hacker came into his class not long after He’s experience.
Similar to He, Neupane said the same name, Kenneth W., and a few other people entered the waiting room. With 62 students in his class,
Neupane said he let them in, thinking they were students.
“As I was about to start my quiz, I started hearing some disturbances and I said, ‘Did I hear something?’” Neupane said. “There was a pause for awhile, then I said, ‘Okay, this is question number one.’ Then, I heard some sort of obscene sound.”
Neupane said he couldn’t discern where the sounds were coming from but heard obscenities with sexual connotations. Wondering what was happening, Neupane said there was a pause before a flood of obscene noises came through.
“Somehow one person, or more than one, got a hold of my screen and started drawing obscene words and signs,” Neupane said. “It didn’t last for more than 30 seconds I think. I instinctively knew that we were Zoom bombed and I closed that session. Then, I created a new link and sent the link to my students by email and they came in. There were no more disturbances after that.”
How the hackers were able to get the Zoom link, Neupane didn’t know but has pondered if the intruder hacked into a student’s computer or if someone distributed the link. After checking the class log, Neupane said three names were present in the class that weren’t his students, one of which was Kenneth W. Neupane sent the names and details of the events to the University.
Neupane said the experience was shocking, especially since he never thought it’d happen to him. Since the class is on Zoom, Neupane said he makes this time very beneficial for students, but this disturbance pushed the class back by a week. Neupane said he mostly felt bad for the students since it was an early morning course and they didn’t deserve to be disturbed that way.
If you are experiencing any Zoom or technological difficulties, contact the Murray State Center for Computer and Information Technology. To learn more technology security, visit the campus Information Security website.
If you have any questions or concerns, or need to report a scam, contact the Murray State Police Department at (270) 809 2222.
