What is zoombombing and how to prevent it?

Read in

12 min

Security camera lens

When the world transitioned to online during the COVID-19 pandemic, video-conferencing platforms experienced massive growth in their user base. For example, from December 2019 to April 2020, Zoom has increased its daily users from 10 to 300 million!

This swift rise did not go unnoticed. Many of the newly acquitted users used remote meeting platforms for the first time. Due to high demand, companies rushed to introduce many new applications, software tools, or features, leaving more space for user errors.

Cybersecurity issues and privacy incidents rose by 23% after shifting to remote work, and some even got a dedicated term: “zoombombing.”

Today, we will explain what zoombombing is and how to prevent it. Let's begin right away!

What is zoombombing?

Zoom app on a computer screen

Zoombombing is a process of an unwanted person joining your virtual meeting.

At first glance, it seems that the zoombombing meaning is related to the well-known video-conferencing Zoom web portal. And it is partly true!

There is a high chance that this term originated during a Zoom meeting – when someone illegally joined public group meetings and disrupted its close flow. Yet, it encompasses much more than just the Zoom platform. 

Many video-conferencing platforms are sensitive to this issue right now – from Zoom to Webex to many others. It can affect any organization – educational institutions, businesses, and even governments.

Is zoombombing officially illegal?

Yes! When the pandemic started, the FBI quickly recognized zoombombing as an illegal action. One of the first reported cases happened during a remote class – an unidentified person dialed into the Zoom Video Communications meeting, unmuted their microphone, and “shouted the teacher’s home address in the middle of an instruction.”

Long story short, zoombombing is now considered a cyber-crime, and any victim of a teleconference hijacking can report it as an incident.

How common is zoombombing?

While the exact scope of zoombombing is hard to predict (people rarely report its cases), data on the Internet suggests that the process is quite unpredictable itself.

Zoombombing campaigns are usually organized by teenagers who run private rooms and organize such raids to unprotected meetings and video-conferences. Thus, it is vital to always be prepared.

Is zoombombing dangerous?

closeup photo of turned-on blue and white laptop computer

Zoombombing is definitely dangerous, and it’s crucial to understand the scope of damage it can cause to a company and its clients. 

First, it can seriously harm your brand image. Zoombombers often use hate speech, include racist messages, offensive imagery, and share files that are dangerous. Although it hurts your clients, it can make it hard to restore the damage to your brand.

Besides, your company might become a dangerous place due to hijackers. They often get into the meetings and even threaten the attendees with physical harm. 

Such incidents spread quickly. Even if they happen in the virtual space, through seemingly simple tools like screen sharing or file transfer of hate images – the damage stays. These attacks might make your company employees become significantly less productive and switch to other virtual workspaces.

Does zoombombing still happen?

A cup next to a laptop with a video-conference on

Yes, but it’s also changing in some ways. Besides the fact that there have been a lot of new security features, web settings, and additional measures implemented, Boston University computer scientist Gianluca Stringhini and his team presented their research results:

  • The majority (from 59% to 74%) of the targeted calls are online lectures, both in high schools and universities.
  • In these scenarios, from 70% to 82% of the zoombombing attacks come from insiders.

This causes the most confusion since it’s almost impossible to avoid insider attacks in online meetings. It is related to the psychology of insiders and their motives to harm their own institutions.

Usually, such insiders simply get bored and want the class to end earlier, so they share meeting IDs publicly on various websites. One social media post can lead hundreds of people to your participants list.

Also, The New York Times revealed the increasing rates of zoombombing from a broader perspective. They have found over 153 Instagram accounts and many other accounts on Twitter and various online messaging boards, where thousands of people organize harassment campaigns to sow chaos in Zoom meetings.

This clearly indicates that zoombombing is here, and zoombombing prevention is the next step to avoid it.

How to protect your Zoom meetings?

A laptop and a phone on a desk in a classroom setting

Each video-conferencing platform has its own policies to prevent zoombombing and protect your meetings from uninvited guests. The safety team continuously works to enhance security, so make sure to always look out for security updates and the latest versions. 

Despite the long-living myth, it’s not only governmental organizations and corporations that should take security and privacy measures seriously. Even those who only host individual meetings can be hijacked.

Below we’ll provide some of the most common tips that you can use to prevent illegal activities from happening at your event.

Screen sharing can cause the most problems

Assure that you disable screen sharing and only allow it to the hosts, co-hosts, and presenters of your meeting. That way, zoombombers cannot gain access to Zoom settings to screen share, admit attendees, file transfer and edit the participants list.

Make all meetings private and do not share links publicly

Public meetings can be easily hijacked, and if you distribute the meeting link on social media – there is a high chance that you will be zoombombed. Additionally, people tend to use the same personal meeting ID (e.g., their username, company name, or anything that is easily identifiable) for different meetings. This is also not recommended because any zoombomber can easily guess such IDs and share them around.

It is better to use a waiting room than a password for a meeting

Yes, enabling a password means that the meeting is now private. It might work for small business meetings, but if you are organizing a conference, passwords can be easily passed to other people. A waiting list will let you choose who has access to your event. 

Encourage individual participants to use their real names

This will help you identify the meeting attendees that registered for the event and have the right to access it. If someone enters with an unidentified nickname, you can simply keep them in the waiting room. A waiting room feature is a useful tool for keeping your meetings safe. Anyone with a meeting link can join the waiting room, but only the host can allow participants, customize waiting room settings, and allow people who are actually supposed to be there.

Disable remote control and other features

Remote control features can cause many issues for a presenter if an outsider can control their presentation. If you’re using a platform other than Zoom, check which features you can disable for your preferred video-conferencing platform.

How does Interactio prevent issues like zoombombing?

A lock on a computer keyboard

Interactio is a full solution for multilingual meetings where we combine remote simultaneous interpretation with the next-generation video-meeting platform. Since the first launch of the platform in 2015, we have put security and privacy at the heart of our product development. 

Here is what we have implemented over the years to increase security and privacy in your events:

Moderator-only functions

Moderators are the meeting hosts of your event who coordinate the meeting and manage the discussion between speakers. To prevent unwanted guests, they can use the lock meeting room function when all participants connect. They also have other advanced host controls that allow advanced sharing options, control over screen sharing, waiting room, and other zoom settings.  

If moderators do not lock the meeting from the very beginning, they can kick out the unwanted guests during the meeting. This way, removed participants wouldn't be able to join the zoom meeting anymore and disturb other participants. Continuously monitoring the flow of your event is a must to avoid interruptions and avoid zoom bombing.

Security Assertion Markup Language (SAML) integration

SAML stands for Security Assertion Markup Language, which is an open method of identity. SAML authentication enables single sign-on (SSO) to your meeting, saving your user’s pain of password proliferation. 

As a meeting organizer, you can set authentication using your company’s single sign-on. This way, you will secure your meetings, the safety of credentials, and improve user experience. 

It is beneficial in the events with multiple meetings – one button is all it takes to enter various sessions. Only if you’re invited, of course!

Individual invitations

While this seems like a fundamental way to overcome the problem, it helps! With Interactio, you can invite participants individually instead of just sharing the link to the meeting. In this case, no one will be able to leak meeting links or join using someone else's name.

Of course, the list could go longer, and we are continuously implementing new meeting safety measures.

Final words

Zoombombing proves that many crimes are becoming virtual, and it’s crucial to implement appropriate online security measures. A single zoombomber can do significant damage to your brand image and acquire sensitive information. 

Take this note: if you are not planning to use a specific function – disable it. Otherwise, a zoombomber will make use of it.

Building a secure event ecosystem is a shared responsibility of all – event organizers, service providers, and individual participants. We’ve covered security requirements for RSI providers in our blog post.

No items found.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Related articles