The Lehigh University Police Department is currently investigating an incident where an individual disrupted a public Lehigh Zoom event on April 14, according to Greg Reihman, vice provost for Library and Technology Services.
Lehigh University Police Chief Jason Schiffer said the individual(s) took over the Zoom by sharing their screen and showing a pornographic video. He said police are working to identify those responsible for the incident.
According to the LUPD Clery Crime/Fire Log, the incident, listed as disorderly conduct, was reported to police on April 17.
The incident has been referred to by members of LTS as a “Zoom-bombing.”
Reihman said this is the third case of “Zoom-bombing” that LTS has been made aware of at Lehigh.
He said the cause of the interruptions may be linked to Lehigh Zoom events being posted on public websites, such as the Lehigh Events Calendar, or on social media platforms like Instagram and Twitter.
Following the incident on April 14, LTS sent a newsletter to the Lehigh community on April 18 titled “Act now to prevent disruptions on Zoom.”
This email detailed practices recommended by LTS for creating secure Zoom meetings.
These practices included requiring a password for Zoom meetings, adding a waiting room for participants and not sharing Zoom links publicly.
“In LTS, we want to empower people to share their learning and research through public-facing events,” Reihman said. “Such openness brings heightened risks, so our job is to partner with faculty, students and staff in reducing those risks and helping to create a positive experience at Lehigh-hosted online events.”
Ilena Key, Lehigh’s chief technology officer, said LTS has offered consultations on using Zoom for classes, meetings and conferences.
Reihman said Zoom is used widely at Lehigh, and the university holds an average of more than 1,000 meetings on Zoom per day.
Key said Zoom itself has also worked to enhance its internal security settings and create more tools to minimize disruptions. These tools include registration and authentication options.
She said LTS recommends events require registration to join and that organizers share only the registration link.
“From a Lehigh community standpoint, it is important to think about the external publications of an event and to make sure that everything is set up as secure as can be,” Key said. “You want to avoid posting Zoom join links publicly, as doing so can make Lehigh a target for bots searching for such links online.”
Reihman said Lehigh classes using Zoom are more secure because they require Lehigh authentication, but events that invite members of the public are more vulnerable to disruption.
Eric Zematis, Lehigh’s chief information security officer, said although LTS provides training and resources to help others make informed decisions, it is up to students and faculty on how secure they decide to make their Zoom calls.
“Information security is always a balancing act,” Zematis said. “The more controls and security you put around something, the less user-friendly it becomes.”
Key said LTS encourages members of the Lehigh community to review the “Securing Zoom Meetings” page on the LTS website and call the LTS Help Desk with any questions.