Stanislaus schools fight back after porn, inappropriate content appear on students’ screens
Modesto City Schools, Ceres Unified and perhaps other districts are responding to incidents of students being exposed to or directed to inappropriate content on their learning devices as they study remotely.
Stanislaus County Office of Education spokeswoman Judy Boring said no districts have contacted SCOE’s technology department, but the office has heard anecdotally about incidents.
Modesto City Schools spokeswoman Krista Noonan said that to her knowledge, there have been four minor incidents on the Microsoft Teams platform since distance learning began Aug. 10. They have been at Beyer, Gregori, Davis and Enochs high schools.
And Ceres Unified is investigating information shared on social media that pornographic content was displayed Tuesday on screens of Blaker-Kinser Junior High students, district spokeswoman Beth Jimenez said.
Someone accessed a Blaker-Kinser Zoom session using an alias username, Jimenez said. Inappropriate content was displayed for a few seconds before the teacher terminated the session.
“Families of students in the class were contacted by the school, and district officials are working with police to identify the individual or individuals responsible for this incident,” she said in an email Wednesday. “There is no evidence to suggest the district’s Zoom account was hacked.”
It’s not hacking, but ‘social engineering’
In the Modesto City Schools cases, a link to inappropriate content was posted or someone stated derogatory language aimed at a student or students, Noonan said. In each instance, the teacher immediately disabled the virtual meeting and had students log in through the Schoology platform to continue the lesson, she said.
In her district’s cases, “it’s technically not hacking that’s occurring — it’s actually called social engineering,” Noonan said in an email to The Bee. “This involves students figuring out other students’ IDs and then guessing their passwords to log in as the other student to mimic their identity and then share inappropriate content in the chat (via the Microsoft Teams platform). Our technology team can trace it after it happens, and then disciplinary action is taken with the student who engaged in the social engineering.”
That tech team already has taken steps to reduce students’ ability to misbehave this way in Microsoft Teams, Noonan said. It also is giving teachers additional training on how they can set up their distance-learning platforms for heightened security.
Additionally, Microsoft has enhanced its system to increase safety features, giving teachers better control over which students they allow into the virtual classroom and who can be permitted to post in the chat, she said. And the district and teachers are reminding students not to share their passwords or personal information online.
Ceres Unified employs protocols including the use of Zoom waiting rooms to prevent unauthorized access and uses a paid version of the platform that includes enhanced privacy and security features, Jimenez said. “In addition, increased vigilance is being used to authenticate Zoom users before they are admitted to sessions, and measures are in place to track and identify those who use or attempt to use student credentials for illicit purposes.”
She said the district is “deeply disturbed” by Tuesday’s incident, which comes during an already difficult time of distance learning for students and families.
Students are sharing links, passwords
Among the incidents SCOE has heard about, the general cause “appears to be students sharing the links to online class meetings, or, worse, sharing their passwords,” Boring said. “Other than parents asking their children not to share class meeting links and passwords, there are no tech tips on the home front that would overcome these causes.”
This is a difficult situation for schools, she said, which are trying to balance easy connection for families with preventing access by people who want to cause problems.
Prevention starts with management of online meetings, Boring said. Teachers and other facilitators of virtual classes and meetings should:
- Require passwords to join
- Use a waiting room for attendees
- Not post classroom meeting links on public websites
- Mute all meeting attendees until their identities can be established
- Keep attendees’ cameras off until their identities can be established
- Allow screen sharing by only one person at a time
- Be ready to mute and turn off cameras of all meeting attendees
Parents who learn of their child being exposed to inappropriate content or targeted with derogatory language should contact the child’s teacher and school principal, Noonan advised.
This story was originally published September 2, 2020 at 1:41 PM.
