Is American University Cybersecure?

The transition to online classes reveals new vulnerabilities

Caitlin Colucci

This story originally appeared in AWOL’s Spring 2020 magazine. See the full magazine here.

An American University professor was hosting his “American 1990s” class on the video conferencing tool Zoom as he did every Thursday morning. Suddenly, a group of unknown individuals hacked the Zoom conference and began to harass his class.

“They got into the Zoom session and immediately started shouting and yelling. One of these interlopers used the n-word directed at me and made comments about my beard and the shirt I had on,” AU professor W. Joseph Campbell said. 

These intruders are often called “Zoom bombers” and pose a threat to anyone using the platform. 

As AU operations move online, the security of teleconferencing platforms comes under far greater concern. This problem doesn’t just affect AU. Many universities have been affected by hacking attempts. In 2019, 25% of education-related breaches resulted in private information being stolen, according to Verizon’s Data Breach Investigations Report.

With these attacks targeting academia, universities are emplacing measures to address the quality of cybersecurity at universities.  

Campbell and his teaching assistant were able to quickly expel the individuals and continue with class. He plans to continue to use Zoom as a platform for online teaching with the addition of a password for each class session. 

Campbell also noted the importance of Zoom’s responsibility of protecting its users.

“One of the responsibilities Zoom has to its users is to make the learning curve regarding security issues as shallow as possible,” he said.

He believes the cybersecurity issues facing Zoom, and any online platform, are the joint responsibility of the user and the service.

This isn’t the only instance of Zoom bombers affecting the AU community. In April, the AU Student Government debate hosted on Zoom was hacked with invaders displaying sexually explicit content. 

Many cybersecurity experts say that a key way to stop these kinds of attacks is better education on how to prevent them from happening in the first place.

Dilsia Stoner, the student success manager for the HackerUSA program at AU, believes cybersecurity is more important now than ever. HackerUSA provides cybersecurity education and partners with universities, enterprises and governments to train digital skills.

The goal for this program is to provide continuing education to students and future generations that want to pursue a career in the field of cybersecurity,” Stoner said.

These students don’t necessarily need to come from a cybersecurity or information technology background, she added.

In 2019, 53% of businesses were hacked from cybersecurity attacks, Stoner said.

“It’s not a matter of if you will be hacked, but when. We need cybersecurity professionals now to help fight these attempts,” Stoner said. “For this reason, there is no surprise that there is a 0% unemployment rate in cybersecurity. We are in dire need for cybersecurity professionals.”

Stoner continued to emphasize the importance of cybersecurity careers. 

“It is a rewarding career both in what you will be doing as a professional and in the means of compensation,” she said. “Too many individuals, companies, operations, etc. are exposed to future attacks.”

The Kogod School of Business houses the Kogod Cybersecurity Governance Center, which is responsible for conducting cybersecurity and privacy research. This research is used to provide business leaders with guidance to ensure their services are cyber secure, according to the Kogod School of Business

The KCGC has paired with HackerUSA for the purpose of providing students with updated training programs to prepare them for careers in cybersecurity and IT. HackerUSA is described as the leading tech and cybersecurity education provider in global markets by the KCGC.

Maddie Ceasar

Heng Xu, director of the KCGC, described herself as a scientific researcher of cybersecurity, not a practitioner. She provided two of her recent academic papers as examples of the importance of cyber tools to companies. 

Her research demonstrates how “one-size-fits-all” identification tools often do not serve all communities equally. 

“Policy wise, regulators should carefully study the real-world implications before mandating privacy, as the direct usage of off-the-shelf anonymization tools may mask disparities that are otherwise identifiable,” Xu said in one of her papers.   

Michael Robinson, a professor of mathematics and statistics at AU and a group of his students have partnered with BAE Systems, a global defense, security and aerospace company.

This is in order to support and assist in the development of new technological tools to strengthen privacy in electronic files and private information from cyber attacks. Robinson has published a book detailing different aspects of cybersecurity tools. 

Robinson said he does not believe the cyber tools that he is developing with BAE are necessary to prevent a cyberattack, but instead, he hopes these tools will prevent a specific issue that is often ignored. The tool he described is meant to ensure PDF documents remain the same online and when printed.

“Imagine a legal document that renders with one set of terms on the screen ─ presumably as you’re reading it ─ and then prints a different set of terms, assuming you will sign without reading the printout carefully. This is the kind of thing we’re trying to identify and mitigate,” Robinson said.

Robinson said that he has little knowledge of AU’s cybersecurity precautions, but explained that universities pose a big target. 

“In general terms, universities tend to present a rather large attack surface,” he said. “It strikes me that preventing and managing an attack is not the right response — it’s more a matter of building systems that are resilient in the face of attacks.”

But this task is difficult for all organizations, Robinson said.

Professors at AU seem to be in agreement that cybersecurity, both at American University and at businesses and organizations globally, is more important today than ever before. 

“It is kind of marvelous how technology can work, but it doesn’t take much for it not to work,” said Campbell.  

Caitlin Colucci is a first-year majoring in psychology.