Most Zoombombing Attacks Are Inside Jobs, Researchers Show

A new study from researchers at Binghamton University and Boston University shows that most zoombombing incidents are “inside jobs.”

With videoconferencing surging during the pandemic, hacking online meetings to inject racist slurs or obscene content has become commonplace. The practice is called zoombombing, a name drawn from the popular videoconferencing tool Zoom.

Researchers recently uncovered that zoombombing is actually not caused by attackers stumbling upon meeting invitations or brute-forcing ID numbers, at least not most of the time.

Rather, the attacks are usually caused by rogue insiders who have legitimate access to these meetings, particularly students in high school and college classes, according to a new study.

Assistant Professor Jeremy Blackburn and PhD student Utkucan Balcı from the Department of Computer Science at Binghamton”s Thomas J. Watson College of Engineering and Applied Science teamed up with Boston University Assistant Professor Gianluca Stringhini and PhD student Chen Ling to analyze more than 200 calls from the first seven months of 2020. They found that the meeting hijackers are actually insiders, legitimate users sharing links, passwords and other information on the likes of Twitter and 4chan to stir up trouble.

“Some of the measures that people would think stops zoombombing — such as requiring a password to enter a class or meeting — did not deter anybody,” Blackburn said. “Posters just post the password online as well.

“Even the waiting rooms in Zoom aren”t a deterrent if zoombombers name themselves after people who are actually in the class to confuse the teacher. These strategies that circumvent the technical measures in place are interesting. It”s not like they”re hacking anything — they”re taking advantage of the weaknesses of people that we can”t do anything about.”

The call to Zoombombing happens in real time, so the posts cannot be identified ahead of time, leaving hosts little or no time to prepare for an attack.

“It”s unlikely that there can be a purely technical solution that isn”t so tightly locked up that it becomes unusable,” Blackburn said. “Passwords don”t work — that”s the three-word summary of our research. We need to think harder about mitigation strategies.”

The problem is not restricted to one country or time zone. The researchers found several zoombombing hotspots in Turkey, Chile, Italy and the United States, but the study suggests it”s a global phenomenon.

The full research can be found here: A First Look at Zoombombing (PDF).