){kind=logo}
){kind=icon}
){kind=logo}
){kind=icon}
Zoombombing is not a random practice. It is a strategic attack that disrupts communication channels during this time of contingency.
The quarantine has forced us to rely on remote communication technology to keep in touch. Online classes and business meetings are being enabled by real-time audio and video streaming platforms. Zoom is one of the most widely used platforms.
The security issues of Zoom chat rooms have become a priority matter in the face of a significant increase in its use because hacker attacks have increased. Attackers interrupt video calls, breaking up meetings or class sessions with inappropriate content, often pornography. This type of attack is called “zoombombing.”
How does it work?
This practice of taking advantage of Zoom vulnerabilities to inject violent comments and pornographic content is not a coincidental or random action. Jeff Elder, a cyber-security and artificial intelligence reporter for Business Insider relates the experience of his virtual meeting attacked by zoom-bombers and how he was able to track one of them.
Elder explains that breaking the security of a platform such as Zoom, is not such a simple task. It usually requires a joint effort and organization to coordinate not only breaking into the chat rooms but also maintaining the attack. “They were treating their raids exactly like a video game: Attackers shared a plan, chatted as they swarmed in unison, cheered effective attacks, overwhelmed their victims, and gloated over their skill,” said Elder.
The platform they used to coordinate this investigation was Discord, a common means of communication among gamers for organizing multiplayer sessions or game exhibitions. Discord staff worked hand-in-hand with Elder, canceled the accounts of the aggressors, and cooperated in the investigation with the reporter. Elder was able to identify at least one of the attackers of his Zoom session.
The reporter emphasizes that the potential of zoombombing is not only as a weapon that disrupts communications but also as a vehicle of racial and sexual violence in spaces that should be safe, such as a classroom. He commented that zoombombing is the same as breaking into a school, either to engage in verbal violence or to exhibit oneself inappropriately, and it should be pursued as such.
Zoom’s response to these attacks
The period of mandatory isolation has been hectic for the people behind Zoom. Before the COVID-19 outbreak, the application enabled 10 million people to meet daily. In March, the figure shot to 200 million, and in April, it soared to 300 million worldwide.
After zoombombing became trendy, spokespersons for Zoom announced new policies and features aimed to improve the security of their chat rooms. These measures include encryption, new privacy controls, and updates that are part of a 90-day plan to improve the privacy and security of the platform.
Similarly, a statement was issued with recommendations directed to users to make use of features that help keep their meetings safe. This “new version of Zoom,” or Zoom 5.0, allows the organizers of conferences to report users via a security button. It includes the introduction of a waiting room in which the participants of the meeting can wait until the host approves their participation. Additionally, all the sessions can be password-protected to gain access.
The encryption added by Zoom is called AES 256-bit GCM. It is considered as the “gold standard” and is used by the United States Government to protect data. The prevention of practices like zoombombing requires a joint effort among users in charge of enforcing Zoom’s security features and the staff to monitor their effectiveness and update them accordingly.
Have you been to a virtual meeting that has been attacked by zoom-bombers? What measures do you use to prevent future attacks? How do you conduct the conversation with your students to process a zoom-bomber’s attack? Tell us in the comments.
){kind=icon}
){kind=icon}
This article from Observatory of the Institute for the Future of Education may be shared under the terms of the license CC BY-NC-SA 4.0 
)