The views expressed in Shorenstein Center Discussion Papers are those of the author(s) and do not necessarily reflect those of Harvard Kennedy School or of Harvard University.
Discussion Papers have not undergone formal review and approval. Such papers are included in this series to elicit feedback and to encourage debate on important issues and challenges in media, politics and public policy. These papers are published under the Center’s Open Access Policy. Papers may be downloaded and shared for personal use.
Within days of the virtual meeting platform Zoom becoming a household name, news spread that meetings were being hijacked by uninvited guests. The practice was quickly dubbed Zoom bombing.
Zoom bombing is a novel form of raiding or bombing, a common type of coordinated online attack. In this report, we examine how Zoom bombing works, the sociotechnical systems that enabled it, and the networked terrain of the attacks. Zoom bombing illustrates that networked participatory technology is often used in malicious or mischievous ways its creators and clients did not — but should have — foreseen.
When workers across the US first began staying home in order to flatten the COVID-19 curve in early March, 2020, a huge proportion of them began using Zoom. This rapid explosion in popularity was met with pre-existing sociotechnical conditions that created the perfect environment for Zoom bombing: lax security settings in the software, inadequate training for new users who inaccurately assumed the software was more private than it was, bored teenagers home from school, social proclivities toward trolling, and easy outlets for the bombs to go viral. Therefore, Zoom bombing isn’t technically “hacking,” but rather a misuse of Zoom’s core functionality. It is a sociotechnical exploit that combines sociocultural and technical conditions to deliver a threat.
We trace Zoom bombs through their life cycle across multiple platforms and show how the phenomenon morphed from a low-stakes gag to a coordinated effort to cause real social harm by spreading noxious and hateful content to unexpecting audiences.
This paper explains what Zoom bombings is, who Zoom bombers and their targets are, where and how they coordinate, execute and share attacks, and how press attention on the phenomenon has changed the information ecosystem. We seek to shed light on these processes to offer a comprehensive and nuanced explanation of the vulnerabilities that drive Zoom bombing and to offer suggestions for how the makers of communication technologies can better anticipate these kinds of misuses to protect their users.
About the Authors:
Brian Friedberg is the Senior Researcher of the Technology and Social Change Research Project at the Shorenstein Center on Media. Blending academic research and Open Source Intelligence techniques, Brian is an investigative ethnographer, focusing on the impacts alternative media, anonymous communities, and unpopular cultures have on political communication and organization. Brian holds an MA in Cultural Production from Brandeis University.
Gabrielle Lim is a researcher of the Technology and Social Change Research Project at the Shorenstein Center, as well as a fellow with Citizen Lab at the Munk School, University of Toronto. Her research focuses primarily on information controls and security, with a focus on disinformation and media manipulation. Her previous work includes Iranian disinformation, the securitization of “fake news”, and the emergence and implications of sociotechnical security.
Dr. Joan Donovan is the Research Director of the Shorenstein Center, as well as the Director of the Technology and Social Change Research Project. Her research specializes in Critical Internet Studies, Science and Technology Studies, and the Sociology of Social Movements. Dr. Donovan’s research and expertise has been showcased in a wide array of media outlets including NPR, Washington Post, The New York Times, Rolling Stone, ABC News, NBC News, Columbia Journalism Review, The Atlantic, Nature, and more.