ST. BONAVENTURE, N.Y., June 10, 2020 — St. Bonaventure University’s Office of Technology Services has completed its investigation into the racist Zoom bombing of a Zoom conversation Friday, June 5.
The university has turned over its findings to the Jamestown office of the FBI for further investigation.
The university’s Safety and Security Office consulted with the New York State Police Computer Crime Unit before passing on the Technology Services review to the FBI.
More than one user hacked into the Zoom session just after 1 p.m. Friday and uttered racial epithets and drew swastikas and other offensive images on the PowerPoint presentation. They were quickly removed from the session, which continued without further incident.
With information provided by Chris Brown, who moderated the Zoom conversation, Dr. Michael Hoffman used Zoom’s administrative console to track down three IP addresses of the hackers. Hoffman is SBU’s associate provost and chief information officer.
He also engaged with a support staffer at Zoom, who was only able to provide a hacker’s dot com email address that’s linked to notorious phishing scams.
“Not surprisingly, Brian Kellogg discovered that the offenders had a history of botnet activity and their IP addresses were linked to servers as far away as Germany, India and Macedonia,” Hoffman said. Kellogg is SBU’s director of Technology Infrastructure and Security.
“As you can imagine,” Hoffman said, “tracking down hackers who know how to obfuscate their identities by utilizing botnets is extremely difficult.”
A botnet is a collection of internet-connected devices infected by malware that allows hackers to control them.
The fact that the hackers used botnet IP addresses makes it highly unlikely that members of the university community were behind the attack, Hoffman said.
The Zoom links to promote the events were only distributed via email, and not posted on any of the university’s social media platforms or website. But it’s possible that someone with good intentions trying to promote the event could have posted the link to their personal social media after receiving the email.