ZoomBombing: the 2020 Hacking Trend that Disrupted our Coronavirus Confinement

All of a sudden, a new app turned into one of the lockdown essentials. With large sectors of the population working from home, Zoom became one of the web’s favourites, outperforming Google’s Hangout Meet and Microsoft Teams and topping the app store’s charts worldwide in February and March 2020.

Launched in California in 2013, Zoom Cloud Meetings found in the Coronavirus pandemic an unexpected ally that helped its downloads rise by 14x in March when compared to 2019 in the US. Also, with 20x more downloads in the United Kingdom, 22x more in Spain and 55x more in Italy, the rise in popularity of Zoom is unprecedented. While in December 2019 there were 10 million daily meeting participants, in March 2020 the usage shot up to 200 million, and 300 million by the following month. The UK cabinet and schools all around the world were among the brand-new users.

The number of downloads of business apps such as Zoom, Microsoft Teams and Hangouts skyrocketed as Coronavirus became a pandemic. Graph source: App Annie.

But just as with great power comes great responsibility, the Spiderman principle can be paraphrased today: with many downloads come great headaches. Zoom CEO Eric Yuan not only became a billionaire in a matter of weeks. His trendy app turned into an easy target for professional hackers, computer addicts and amateur intruders.

ZoomBombing – that is, the form of cyber harassment in which calls are hijacked by unidentified individuals who belch hateful language or post graphic content – quickly became a term. US Government meetings were attacked, the FBI was forced to issue a news release to warn people and NYC banned the service from the city’s classrooms.

ZoomBombers not only interrupt conversations. While they do it they record themselves or even stream their actions live (This video contains offensive language).

ZoomBombing origins and motivations

Since the term was coined in mid-March, ZoomBombing has boomed. The niche prank started on an abandoned Discord channel, a VoIP (Voice over Internet Protocol) platform designed for video gaming communities, where groups of bored youngsters organized the first attacks.

Soon after that, as an article on PCMag revealed, Zoom conference codes began to be shared on Reddit and Twitter. The bombers also recorded the attacks and uploaded them to YouTube or TikTok and even streamed them live on Twitch.

Among the many calls affected around the world, some of the most prominent include Alcoholics Anonymous meetings, Muslim health forums and even a carers’ online dance session.

But what is behind these attacks? What drives these teenagers to cause such distress in these already difficult times? Many of these ZoomBombing actions coincide with anthropologist and hacker expert Gabriella Coleman’s description of a hacker, which reveals certain communitarian social habits and discourses of anti-authoritarianism. In short, what these groups did was to organise themselves in their already existing online communities and challenge other more traditional structures.

It is true that the preliminary descriptions of the ZoomBombers match those of digital activists as described by Jordana George and Dorothy Leidner in their paper From clicktivism to hacktivism: Understanding digital activism. They are young, computer-literate, reduced in number but highly effective and connected via social media.

But what is behind these attacks? What drives these teenagers to cause such distress in these already difficult times? Many of these ZoomBombing actions coincide with anthropologist and hacker expert Gabriella Coleman’s description of a hacker, which reveals certain communitarian social habits and discourses of anti-authoritarianism.

However, they differ in the fact that normally digital activists and hacktivists want to achieve social or political objectives, and with that purpose they target governments, organisations and individuals (according to Tim Jordan and Paul Taylor in their book Hacktivism and Cyberwars, Rebels with a Cause). In this recent Zoom phenomenon, teenagers do not appear to have such motivations, but are simply trying to relieve the boredom of Coronavirus confinement days.

The British reporter who spied on his rivals

Not only bored teenagers have used Zoom to target its users. The case of a British journalist became a world story. Picture credit: Bloomberg.

But not only adolescents have breached Zoom’s security. What happened with Financial Times’ media and technology correspondent Mark Di Stefano could perfectly make it to one of those journalist-related thrillers in which adrenaline flows as reporters write to tight deadlines. On March 23, Di Stefano listened in on confidential Zoom meetings in which The Independent and The Evening Standard journalists were informed of salary cuts and furloughs.

According to log files, the reporter joined one of the private calls for a few seconds using his ft.com email address. After quitting it he re-joined, this time anonymously and turning his camera off during the whole of the conversation. Unluckily for him, some of his rival colleagues had already seen his name pop up on their screens.

Di Stefano used the information to tweet all the details he had overheard and later to write an article for the Financial Times, quoting “people on the call” as sources of the story. In reality, however, he was getting all his inside information from spying on their Zoom meeting.

A few days later, he tweeted again, this time to offer his resignation and announcing he would “take some time away and log off”. He had already been suspended and his story was spread all around the world, while the editor of The Independent described Di Stefano’s snoop as “entirely inappropriate and an unwarranted intrusion into our employees’ privacy”.

What now?

With world-class hackers targeting the World Health Organisation in the middle of a pandemic and others doing the same against hospitals, ZoomBombing and journalistic espionage could be perceived as a mere frivolity. Except they are not.

Working and studying from home has increased the exposure to cyberthreats to unprecedented levels, opening doors which had always remained closed or that didn’t even exist. Hackers of all levels – from bored teenagers to the very elite – have targeted people’s increased dependence on digital tools.

Different organisations have started warning the population about the most common types of cyberattacks during work-from-home times. Source: McKinsey & Company.

What is certain is that the world won’t be the same. Security in companies and schools has been forced to shift from security cameras and metal detectors to step-by-step guides to prevent ZoomBombing. While the US had its first March in 18 years without a school shooting, the concern of teachers and parents has shifted towards online security. Just as we have increased our hygiene levels by washing our hands after every physical contact, it is time to review and update our digital hygiene habits.

ZoomBombing has affected people all around the world. This CBS Boston short video summarizes some of the main concerns and gives some tips on how to avoid further attacks.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: