Von Glitschka’s primary aim was to educate individuals on creating designs using Adobe Illustrator. Glitschka, who is one half of the design firm Glitschka Studios based in Salem, Oregon, had originally shared the link to his Zoom video call on his social media profiles on Facebook, LinkedIn, and Twitter. Several people, around a dozen or so, joined the call in response.
Unexpectedly, an attendee took control of the meeting and began playing a YouTube channel featuring offensive content with neo-Nazi undertones. The individual, described as a man with a French accent by Glitschka, proceeded to annotate the screen with a racial slur.
Glitschka expressed his embarrassment, as the attendees had joined the call with the intention of witnessing creative content, only to be subjected to such idiocy. Previously, Glitschka had been using Zoom for approximately 2½ years without incident until the occurrence of this zoombomb, a term recently coined in the past two weeks.
Consequently, Glitschka decided to refrain from publicly posting links to his Zoom calls. Instead, he now requires interested individuals to send him private messages for access information.
Due to the COVID-19 outbreak, Zoom has experienced a surge in popularity as people resort to video chat while staying at home. It has become a cultural icon and synonymous with video chat, much like “Google” for search or “Uber” for ride-sharing.
According to analysts from Bernstein Research, Zoom’s mobile app now boasts over 32 million daily active users, a tenfold increase from the previous year. However, as the phenomenon of zoombombing illustrates, sudden popularity can uncover unanticipated issues. In Zoom’s case, if a conference organizer publicly shares a link without implementing access restrictions, anyone who encounters the link can join the call and engage in any behavior they desire.
To address this problem, the FBI’s Boston division issued a warning about zoombombing, urging people not to share meeting links on social media due to reported incidents of disruptions involving pornography, threats, and hateful content.
Apart from zoombombing, Zoom faces emerging security concerns as its user base continues to expand. Recently, New York’s attorney general, Letitia James, sent a letter to Zoom requesting details of any changes made after a software developer discovered that Zoom’s Mac app could activate a user’s camera without permission. Additionally, another person found that Zoom’s Windows app unintentionally shared a “hashed” version of Windows account credentials, enabling unauthorized program execution on the owner’s computer. Zoom’s marketing chief, Janine Pelosi, confirmed that the company is actively working to address these issues.
Increasingly, zoombombing attacks are being orchestrated by coordinated groups, leading to a disorienting influx of disruptive content that is challenging to de-escalate without terminating the meeting.
Laurel Walzak, an assistant professor at Ryerson University, experienced this firsthand when she organized an informal Zoom meeting to discuss sports. Despite directing participants to a website where they could subscribe for access, she also shared the meeting link. Approximately 30 people joined the call, and shortly after it commenced, a group of five to seven users bombarded the meeting with vulgar images and offensive comments in the chat. Unsuspecting participants were shocked by unwanted music and explicit content.
Faced with this situation, Walzak considered ending or leaving the meeting. A participant suggested she use a keyboard shortcut to access the task manager on her PC and close the Zoom program. However, upon executing the shortcut, her computer screen turned green before displaying explicit images, leaving her concerned about a potential virus. She rebooted her computer and provided the participants with access information for a fresh Zoom meeting, which proceeded without issues.
John Saddington, founder and CEO of Yen.io, a San Francisco-based business software start-up, had been a paying Zoom user for years but had never experienced zoombombing until recently. Saddington, who has a significant following on YouTube, had upgraded his Zoom account to host webinars and shared the stream link on Twitter and other platforms. Contrary to his expectations, over 200 people joined the stream from YouTube, and within seconds, around 20 participants disrupted the meeting. One individual appeared wearing a ski mask with a blacklight background, while others engaged in racial slurs and played explicit videos.
Overwhelmed by the situation, Saddington found himself uncertain whether to shut down Zoom or the YouTube livestream. Feeling overwhelmed, he decided to turn off his computer entirely. Concerned messages and tweets inundated him, prompting him to apologize and express his unpreparedness to resume streaming. He needed time to decompress, and his audience understood.
Saddington admitted he was aware of zoombombing and measures to prevent it but didn’t anticipate it happening to him, even as a technologist. Despite his strong concerns for privacy and security, the incident caught him off guard.
Certain institutions have started offering advice to mitigate the risk of zoombombing, but hosts don’t always follow the recommendations.
Stony Brook University, for instance, warned its faculty members about zoombombing in an email and provided prevention guidelines, such as using the university’s Zoom system and allowing only authenticated users to join meetings.
Caitlyn Cardetti, a Stony Brook Ph.D. student and president of the school’s Graduate Women in Science and Engineering group, received the email but still wanted to include participants from a similar group at the nearby Cold Spring Harbor Laboratory in her informal call. She initiated a video call using her school account and shared the link on Twitter and other platforms.
During the call, with around a dozen participants and one woman holding her 2-year-old son, five people with male names intruded. They shouted obscenities, and one individual shared explicit content with everyone present.
Cardetti promptly ended the meeting and started a new one with screen sharing disabled, removing two participants who seemed unrelated to the group. The participants spent five minutes expressing their frustration.
Wrike