Zoombombing was undoubtedly one of the more interesting words to enter the popular lexicon during 2020, as our mass transition to virtual working life created a number of security holes that allowed interlopers to gain access to virtual meetings they shouldn’t have been able to.

It’s something that we widely assume is mainly the preserve of external actors behaving either maliciously or mischievously, but new research from Binghamton University reveals that most zoombombers are actually insiders.

Anatomy of zoombombing

The researchers assessed over 200 calls conducted during the first seven months of 2020 and found that zoombombing was not typically caused by people inadvertently stumbling across meetings or overtly breaking into them, but rather by insiders who have legitimate access to the meetings.  These insiders would share legitimate meeting access information online in order to stir up trouble.

“Some of the measures that people would think stops zoombombing — such as requiring a password to enter a class or meeting — did not deter anybody,” the researchers explain. “Posters just post the password online as well.”

“Even the waiting rooms in Zoom aren’t a deterrent if zoombombers name themselves after people who are actually in the class to confuse the teacher. These strategies that circumvent the technical measures in place are interesting. It’s not like they’re hacking anything — they’re taking advantage of the weaknesses of people that we can’t do anything about.”

Real-time attacks

The paper reveals that nearly all attacks on Zoom meetings occur in real-time, which can create the appearance of opportunism, especially as hosts can have little time to prepare to such attacks.

“It’s unlikely that there can be a purely technical solution that isn’t so tightly locked up that it becomes unusable,” the researchers say. “Passwords don’t work — that’s the three-word summary of our research. We need to think harder about mitigation strategies.”

What’s more, the global nature of the internet means that the problem of zoombombing is not one that’s confined to one country or even to one timezone.

“We found zoombombing calls from Turkey, Chile, Bulgaria, Italy and the United States,” the researchers say. “It’s a globalized problem now because of the circumstances of COVID.”