A historically Black sorority at Slippery Rock University saw its virtual poetry workshop in February overtaken by unknown users who hurled racist imagery and slurs into the Zoom space. Other groups in the region were victims of similar attacks while trying to host Black History Month events.

Commonly referred to as “Zoombombings,” the intrusions are a national trend that began as colleges and schools moved classes to Zoom in March 2020. Platform providers and meeting organizers are still unable to reliably prevent them a year on.

Zoombombings can go beyond disruption and cause physical and mental harm to traditionally marginalized communities.

The Anti-Defamation League [ADL] has recorded 200 Zoombombing incidents that were racist or anti-Semitic since the start of COVID-19, ADL communications director Todd Gutnick told PublicSource in an email. Gutnick said that, as of Feb. 25, the ADL received reports of 30 Zoombomb attacks on events celebrating Black History Month across the country.

A number of recent attacks happened in virtual gatherings hosted by organizations in Pennsylvania. Two separate Slippery Rock University events recognizing Black History Month were interrupted by users spewing racist imagery and slurs — the poetry workshop hosted by the Alpha Kappa Alpha sorority and a history department panel discussion called “When Black Athletes Protest.”

At Penn State, a late-January meeting of the Black Caucus student group was assailed by 51 users bombarding the group with racist language and imagery. Less than three weeks later, attackers targeted a Zoom discussion titled “Pioneers of Prevention: Black Women Activists Against Sexual Violence,” including explicit threats against Black women.

The attacks haven’t been limited to schools. In June, an online service at an Allentown synagogue was halted by Zoombombers who used anti-Semitic and racial slurs, according to the Morning Call.  

Psychologists have found that exposure to racial discrimination can be linked directly to serious mental and physical harm for people of color. Robert T. Carter, a psychology professor at Columbia University who specializes in the traumatic effects of racial discrimination, wrote in a seminal 2007 paper that “racial stressors have been found, in a variety of studies, to produce physical outcomes such as high blood pressure, risk for heart disease, and increased vulnerability to a variety of negative health outcomes that can contribute to greater psychological and emotional distress.”

A student representative of Alpha Kappa Alpha at Slippery Rock declined to be interviewed for this story. The group’s faculty adviser, Monique Alexander, said in an interview that she has spoken with students who witnessed the attack and praised their calm and grace in processing it.

“From my perspective, probably the most troubling thing for me was that many of our students actually were numb,” Alexander said. “We expect them to be angry and we expect them to want change, but ultimately what really happened was they had to push that down. They are so used to things like this happening to them…their emotions wouldn’t even allow them to go to that place.”

She noted that this is the third consecutive year that there has been “some type of racist interruption” to a Black History Month event at the university.

“Every time there is an incident that is similar to this, it reminds them that maybe Slippery Rock isn’t the most inclusive space for them and it brings up their concerns,” Alexander said.

A representative of the Penn State Black Caucus, which is an umbrella group for all minority groups on the University Park campus, declined to comment but referred PublicSource to a public statement released by the group Jan. 29.

“While we are not surprised by this disgusting behavior,” the Black Caucus wrote in the statement, “we are deeply saddened and disappointed that this occurred. Communities that have been historically pushed to the margins have fought to be in inclusive environments that are safe and welcoming. This incident begs the question: If we are not safe in our classrooms, on our campus, in our homes, in an online meeting, then where are we supposed to go?”

Authorities have not been able to identify the attackers in any of these cases. Police traced the Slippery Rock intruders to foreign IP addresses, which most likely means that the users were using fake IP addresses to conceal their identities. 

“It’s not impossible that it was Slippery Rock people,” said university president William Behre in an interview. “We’re a community of more than 10,000 and I can’t say for sure that there are no hateful people here, unfortunately.”

Community and organization leaders planning future events have many steps available to reduce the risk of their events being attacked by Zoombombers. The FBI and various state law enforcement officials have called attention to Zoombombing, saying that it can be considered a federal offense on a number of charges, including hate crime and conspiracy.

John Verdi, the vice president of policy at the Future of Privacy Forum, said that meeting platforms have become significantly better protected since the pandemic began. He said the apparent rise in harassment on the platforms is a result of an increase in potential offenders who are confined to their homes with less work and activity than before COVID-19. 

Here are seven things organizers can do to secure a virtual event and react if a disruption does occur:

1. Make the meeting private. Openness is a hallmark for many organizations, including universities and religious groups, but it leaves virtual meetings far more vulnerable to potentially traumatizing disruption.

“Even a large event might be invite-only, it might be registration-only,” Verdi said. “That is a significant mitigating factor in combating this sort of harassment.” 

Behre said Slippery Rock has closed its future events to the public in the aftermath of the latest attack.

“There’s always a tradeoff when you make things more locked down,” Behre said. “There’s less spillover into the broader community, which we like to include in these online events, as we did with our in-person events. …I guess we’re learning that we can’t do that right now. I mean, I lock my doors at night for a reason.”

2. Have someone in control behind the scenes. Separate from the person who is actively running the meeting, a person or a team of people should watch the virtual waiting room, checking registrations before admitting each user. Offenders have used the name of a legitimate group member, so it should raise alarm if there are several accounts using the same name. 

This person should monitor participants throughout the meeting and be on alert for bad actors. 

History professor Melissa Ford was facilitating the Slippery Rock panel that was targeted in February without a co-organizer designated to make sure things stayed orderly and secure. She said after an initial outburst, there was a second one about 15 minutes later, though nobody had entered the meeting in the meantime.

“In the future, I would have someone else there with their hand on the mute button, ready to take action right away,” Ford said. 

3. Upgrade your password protection. A 2020 paper from researchers at Boston University and Binghamton University, “A First Look at Zoombombing,” found that a majority of organized attacks on Zoom meetings were enabled by somebody within the targeted community who had legitimate access to a meeting link or password. Particularly for large groups, using one password or one link for entry may not be strong enough. 

“Insiders instruct attackers of the password and what type of name you should use,” said Chen Ling, one of the study authors. “With this kind of information, it’s very hard to use traditional security protections to prevent such attacks.”

Ling urged event organizers to create personalized links for each attendee and limit sign-ons to one per link. This can deter group members from sharing their link with bad actors because organizers can identify them and hold them accountable. The setting is activated automatically by requiring registration, which is done by checking a single box when creating a meeting.

This also limits any attack to one rogue user rather than a group of disruptive users to track down and eject.

4. Require participants to use a registered Zoom account. This requires participants to supply and confirm an email address with Zoom, making it harder for them to stay anonymous. To activate this requirement, check “Only authenticated users can join” when creating a meeting.

“Are online abusers going to burn those registered accounts every time they do this?” Verdi said. “I’m not saying that’s never going to happen, but that’s quite a bit of friction.”

5. Tighten your controls during the event. Zoom publishes a long list of recommendations for keeping a meeting orderly after it gets running. Once all the known attendees have arrived, a meeting can be locked to prohibit any additional users, whether they have a password or not. Hosts can restrict non-hosts from using screen-sharing, disable the chat function and mute participants. Each of these actions cuts off a primary avenue for users to deliver hateful language and material.

Google Meet doesn’t offer all of the controls of Zoom, but it does have a waiting room feature and hosts can require two-factor verification. GoToMeeting allows hosts to disable the chat feature and lock meetings once all legitimate participants have arrived. Both Google Meet and GoToMeeting allow password-protected meetings.

6. Report any abusers. A Zoom spokesperson said in a written statement that the company encourages users to report incidents to Zoom and to law enforcement “so appropriate action can be taken against offenders.” 

The Zoom platform also has an optional feature that, if enabled, allows hosts to report an offending user to Zoom instantly during a meeting as they are removed. Pennsylvania Attorney General Josh Shapiro said in April that Zoombombings can be reported to the FBI’s internet crime unit, and that specific threats made during Zoombombings should be reported to the FBI Pittsburgh Division at 412-432-4000.

7. Support those who were harmed. In the immediate aftermath of an attack, Alexander said a leader should read the room and assess if participants want to continue or need time to process what happened. After the event, she said that organizational leaders should directly reach out to anyone who may have been harmed.

“There needs to be more contact between the leadership and the people who were affected,” Alexander said. “Otherwise, they’re not going to move forward. 

“I think one of the reasons why [the Slippery Rock] response was successful is that there were people from across the entire campus that came to support them, and not just people of color.”

Charlie Wolfson is a freelance journalist in Pittsburgh. He can be reached at wolfson.ch@gmail.com and on Twitter at @chwolfson.

We don't have paywalls — but your support helps us bridge crucial information gaps.

Readers tell us they can't find the information they get from our reporting anywhere else, and we're glad to provide this important service for our community. We work hard to produce accurate, timely, impactful journalism without paywalls that keeps our region informed and moving forward.

However, only about .1% of the people who read our stories contribute to our work financially. Our newsroom depends on the generosity of readers like yourself to make our high-quality local journalism possible, and the costs of the resources it takes to produce it have been rising, so each member means a lot to us.

Your donation to our nonprofit newsroom helps ensure everyone in Allegheny County can stay up-to-date about decisions and events that affect them. Please make your gift of support now.

Charlie Wolfson is an enterprise reporter for PublicSource, focusing on local government accountability in Pittsburgh and Allegheny County. He is also a Report for America corps member. Charlie aims to...