Skip to main content

Inside job: Why Zoombombing isn’t as random as you might think


Last year wasn’t exactly short of threats facing humanity, but “Zoombombing” was an especially 2020 kind of disruption, one that sought to hijack one of the most prominent means of communication by which people stayed in touch with everyone from co-workers to friends and family during lockdown.

Zoombombing, for those unfamiliar with it, works like this: An unwanted participant or participants access a Zoom call without being invited, against the wishes of the participants, and cause problems. One Massachusetts-based high school’s Zoom session was hijacked by an individual who screamed profanities and then shouted the teacher’s home address. On social media, some users reported that their Zoom session had been taken over and used to show pornographic content.

Zoom, whose usage exploded during the pandemic, was suddenly at the center of what appeared to be a glaring vulnerability problem: It was as if the leading manufacturer of front door locks revealed a high failure rate during a home invasion epidemic.

But researchers from Binghamton University in New York say there’s more to this story than meets the eye. According to a world’s-first study they have carried out, the majority of Zoombombing incidents are actually inside jobs. To draw an analogy with creepy campfire stories about terrified babysitters: “The calls are coming from inside the house.” Well, kind of.

“There were a lot of people that thought that maybe this was some kind of clever hacking, or else [the result of attackers] finding people that would accidentally post Zoom links on social media or sending out email blasts,” Jeremy Blackburn, an assistant professor of computer science at Binghamton University, told Digital Trends. “[People figured it was] these outsiders who were randomly showing up, somehow finding a link to a meeting. It was an act of attack that the Zoombombers were perpetuating, just by themselves.”

Lone wolves, online packs

Blackburn’s major research interest, his university website profile notes, involves “understanding jerks on the internet,” from toxic behavior and hate speech to fringe and extremist web communities. He was intrigued by the rise of Zoombombing as a phenomenon, but also not entirely convinced by the theories.

How were they getting in? They could be brute-forcing the call IDs, but given the size of the search space, it seemed unlikely that they would be able to consistently find active calls to target. And while human error was certainly possible, in terms of people leaving Zoom links lying around, this also seemed improbable.

To quote Sherlock Holmes’ popular aphorism: When you have eliminated the impossible, whatever remains, must be the truth. Or, in this case, if people aren’t breaking into Zoom calls on their own, someone on the call must be willfully letting them in.

“As it turns out, what we found is that Zoombombings were perpetuated by people that were legitimately in the call,” Blackburn said. “What would happen is that [a member of the call] would go ahead and share the meeting link on some fringe websites and say, ‘Hey guys, show up and, you know, say the ‘N-word’ or whatever in the call.’ Pretty much every time, it was a student asking people to come [and] Zoombomb lectures. They would also do things like say, ‘Hey, use this name when you connect, because that’s the name of somebody else in the class.'”


To reach this conclusion, the researchers scoured tens of millions of social media posts, uncovering more than 200 calls for Zoombombing between Twitter and 4chan during the first seven months of 2020 alone. Between January and July that year, they identified 12,000 tweets and 434 4chan threads that discussed online meeting rooms, then used thematic qualitative analysis to identify the posts calling for Zoombombing. As Blackburn noted, the majority of the calls for Zoombombing in their dataset targeted online lectures, with evidence of both universities and high schools being the most heavily targeted groups.

In addition to Zoom, they also found evidence of similar “bombing” attacks on other popular communication platforms including Hangouts, Google Meet, Skype, Jitsi, GoToMeeting, Microsoft Teams, Cisco Webex, BlueJeans, and StarLeaf.

“[For a company like Zoom], unless they perform the type of investigation we did, on their end it seems really difficult to detect this type of thing,” Blackburn said. “Because it’s not really a technical vulnerability. It’s kind of a sociotechnical vulnerability … If they were just looking at traffic [or whatever other] metrics they have, I’m not sure it would be possible to purely detect this. You would need a study like ours that goes out and specifically tries to understand how this sociotechnical problem is unfolding.”

(Digital Trends reached out to Zoom for comment, and we will update this story when we hear back.)

Security trade-offs

The results pose a challenge for communication platforms like Zoom. Their ease of use makes them appealing. Just click a link and you’re suddenly talking to your friends or joining the morning huddle at work. But this also necessitates lowering security measures that could eradicate this behavior.

“Anything involving security is always kind of a trade-off between ease of use and the robustness of the security,” Blackburn said. “I don’t think people [would want to] go through a whole process of registering individual users and creating one-time links [in a more time-intensive manner]. It’s much easier, and much more straightforward for non-tech-savvy people, to just have a link, click it, and it opens the program. That is certainly a big reason that Zoom gained the type of adoption it did. If it would have had a much more complicated, but secure, registration system, I would imagine something else would have [become] the dominant application.”

Zoom does offer passwords as a login option. However, given the complicity of users, they would seem unlikely have to blocked Zoombombers with the right advanced knowledge. The same is true for waiting rooms, in which the host must manually approve people for entrance. While this would seem to be a more secure option, they are insufficient if the Zoombombers name themselves after people in a class in order to confuse the teacher or lecturer. (Thanks to a recent update, hosts can, however, pause their meetings to manually remove troublesome participants.)

Blackburn describes Zoombombing behavior as “raiding,” and says that it has always been a part of online life. “Now, it’s using Zoom, but if you go back even to the IRC days (read: Internet Relay Chat, an early text-based chat protocol created in 1988), there were [online] wars where people would try and take over different channels,” he said. “Any time you have computer-mediated communication on the web … [that’s] instant and semi-anonymous, you’re going to have people that get into conflict and attempt to disrupt things. In that sense, it’s not new, it’s the same basic sociotechnical problem with the internet. If there’s an available mechanism to cause trouble, somebody’s going to cause trouble.”

In addition to Blackburn, other researchers on the project include Chen Ling, Utkucan Balcı, and Gianluca Stringhini. A paper describing the work, titled “A First Look at Zoombombing,” is available to read online.

Luke Dormehl
I'm a UK-based tech writer covering Cool Tech at Digital Trends. I've also written for Fast Company, Wired, the Guardian…
Skype now supports 911 calls in the U.S.
iPhone with the Skype mobile app loading screen.

Skype has updated its mobile and desktop apps to allow emergency calling in the U.S. for the first time in its 18-year history. Calls to 911 are also possible via Skype’s web-based service, notes for the recently released Skype 8.80 showed.

Emergency calling from Skype could come in handy if you find yourself in a tricky situation without a phone but have a computer close by, or if phone lines are down but you can get online.

Read more
The Interplanetary File System: How you’ll store files in the future
Cloud storage for downloading an isometric. A digital service or application with data transmission. Network computing technologies. Futuristic Server. Digital space. Data storage. Vector illustration.

When you upload a file or send a tweet, your information is stashed in some corporation-owned mega data center in the middle of nowhere. The endless racks of computers in these facilities hold millions of ledgers, and with a flick of a switch, companies can censor or misuse the data.

But what if instead of handing it to, say Amazon or Google, your data is broken down into pieces and scattered across the globe so that no one except you and your key -- not even the government -- can access it?

Read more
The best hurricane trackers for Android and iOS in 2022
Truck caught in gale force winds.

Hurricane season strikes fear into the hearts of those who live in its direct path, as well as distanced loved ones who worry for their safety. If you've ever sat up all night in a state of panic for a family member caught home alone in the middle of a destructive storm, dependent only on intermittent live TV reports for updates, a hurricane tracker app is a must-have tool. There are plenty of hurricane trackers that can help you prepare for these perilous events, monitor their progress while underway, and assist in recovery. We've gathered the best apps for following storms, predicting storm paths, and delivering on-the-ground advice for shelter and emergency services. Most are free to download and are ad-supported. Premium versions remove ads and add additional features.

You may lose power during a storm, so consider purchasing a portable power source,  just in case. We have a few handy suggestions for some of the best portable generators and power stations available. 

Read more