Zoom Bombing

Uit De Vliegende Brigade
Naar navigatie springen Naar zoeken springen

This article has been moved to here

It's 2025 and Zoom Bombers are back. Fortunately, Zoom nowadays comes with some excellent tools to counter Zoom Bombers - But only if you know how to use them.

Introduction

Let's start with some context:

Context

  • TechHost: Let's call the person in the meeting, who is in charge of addressing Zoom Bombings, TechHost
  • Zoom Role: A TechHost need to have the Zoom Host or Co-host role
  • Computer: Best to be host on a computer rather than on a mobile phone: The user interface on mobile devices are smaller and more limited. It can be done on mobile device, but it's harder
  • Multiple TechHosts? It might be usefull to have multiple TechHosts, but only if they know and agree on the protocol to follow - Otherwise, this would rather create more chaos
  • Practice: You need to practice with responding to Zoom Bombings until you can do so automatically.

You don't stand a change...

One way to look at Zoom Bombings, is that they are highly asymmetrical interactions between you, my dear TechHost, and what I assume, are some teenagers with a queer idea of fun. Why they are so asymmetrical:

  • The initative is with them: The Zoom Bombers have the initiative. You can only react. Stuff will happen when they are ready for it - not when you are ready for it
  • They are more experienced: How many Zoom Bombings have you experienced? As of Feb. 2025, I only 1.5 (one real one, and one minor). I suspect that the average Zoom Bomber, has more experience in Zoom Bombing in just one afternoon
  • You get stressed: Changes are, thay you get really stressed when a Zoom Bombing occures. At least, that's what happened to me. I somehow did expect that (so I practiced a lot), but I still scored only maybe 60% due to stress.

...unless

So, the odds are very much stacked against you. How to overcome this?

  • KISS - Keep It Simple, Stupid: Your solution(s) have to be really, really simple. It's perfecty fine if they are blunt, overkill, or whatever. As long as they are simple
  • Practice, practice, practice: Keep practicing until you can do it automatically
  • Collaborate: Responding to a Zoom Bombing, isn't a matter of flipping a magic switch or firing a silver bullet - Check with others, practice together and exchange ideas.

Continuously adapting security measures

Maybe an interesting way to look at Zoom Bombings and the environment around it: It's like continuously tightening and loosening security measures.

Examples:

  • I was TechHost at a meeting on Feb. 4, 2025. Due to a Zoom Bombing the previous day, the Waiting Room was enabled. Everything was fine, until three persons entered that I wasn't sure I would know. They all three had just normal names, but no camera. So I disabled unmute yourself. A bit later, two of those turned out to be legitimate visitors, so I could enable mute yourself again (I didn't, just to experience how it was to use this setting)
  • When an actual Zoom Bombing happens, and you press the Suspect participant activities link, security goes to 100%, but the meeting can actually continue: Folks can still raise their hand and TechHosts can still click Invite to unmute.

This means, that as TechHost, you should continuously assess the situation and take appropriate measures. This would imply, that TechHosts should be authorised to use security measures as they see fit in the here-and-now.

Default security options?

Since 2021, Zoom imposes the use of a password or a waiting room as a basic security measure. More measures are possible, some of which are more intrustive than others. They are accessible through the Host or Security menu.

Options

An impression of the available security options:

Option Intrusive? Notes
Enable waiting room X
  • Requires the TechHost to admit participants from the waiting room to the meeting
  • Not so intrusive, provided somehow is taking care of this
Hide profile pictures X Maybe only relevant after a Bombing happened, not before?
Share screen -- Do you need this anyway? If not → Disable in the Zoom account
Chat XX Quite annoying if participants cannot chat with each other
Rename themselves -- Might be a good default setting
Unmute themselves XX Definately intrusive - not so suited as a default setting
Start video XX Definately intrusive - not so suited as a default setting
Share docs, etc. -- Do you need these additional settings anyway?

Recommendations

From obvious to less obvious:

  1. Disable unneeded functions, directly in the Zoom Account
  2. Waiting room - Enable
  3. Unmute themselves - Disable
  4. Start video - Disable
  5. Chat - Disable chatting to everyone.

During Zoom meetings

What to do as TechHost during meetings, when everything is calm:

  • Monitor participants: Have an eye on the folks entering the meeting and be alert to any strangers. They might not be easy to spot, as they likely have normal names, just like legitimate participants - When not sure about this, enable the waiting room so you have better control over who is entering. E.q, by asking them questions to figure out if they are legitimite visitors
  • Be alert to mayhem: Be alert to any developing mayhem - It's not always so clear what is happening, and a Zoom Bombing doesn't always start with a bang.
  • Adapt security measures along the way: Continuesly ask yourself if the risk of Zoom Bombings increased or decreased. Are there more folks whom you might not know? Etc.

When a Zoom Bombing happens

Steps to succesfully respond to a Zoom Bombing:

  • 1. Suspend participant activities
  • 2. Make an announcement
  • 3. Remove Zoom Bombers
  • 4. Resume meeting with all security measures still in place.

Suspend participant activities

The most important action when a Zoom Bombing occurs: Click 

Host tools » Suspect participant activities

This will apply all security measures at once. Everything becomes quiet and static, making it much easier to calmly solve the problem.

Example of the Host tools menu when everything is going fine. Note where the checkmarks are, and where they are not
Suspent all participant activities? → Click Suspend
A variant of the same dialog window: Uncheck Report to Zoom and click Suspend
If you didn't uncheck Report to Zoom at the previous window, you will now get this dialog windows - Utterly useless when you're in the middle of a Zoom Bombing and changes are, that the Bombers are gone already → Click Don't report
Example of the Host tools menu after activating Suspend participant activities. This screenshot is from another Zoom account, and settings offer differ from one account to another

Lock meeting

Maybe the Lock meeting function needs some more details:

  • It prevents any new participants from entering the waiting room or the meeting
  • It doesn't prevent participants from leaving the meeting - Changes are, that Zoom Bombers leave the meeting, as soon as it is locked.

Why not just remove the bombers?

When a Zoom Bombing happens, it may be appealing to "just remove the Bomber(s)".

However, this might not be realistic:

  • The meeting has just turned into chaos and you now need to do the precision job of removing the right person
  • Changes are, you can't easily tell who the culprit is/are
  • The Bomber(s) might be changing their names frequently and they may disable and enable their microphone constantly, meaning that their names are jumping up and down along the participant list - Good luck with removing such a person
  • Along the way there is quite a risk that you might remove the wrong person.

Why not use only some of these settings?

Clicking Suspend participant activities is a sledgehammer solution and surely will disrupt the meeting. Maybe use only some of the items from the Host Tools menu, and leave the rest?

A sledgehammer solution is probably exactly what is needed when Zoom Bombers rear their head:

  • The element of surprise is at their side
  • They are likely more experienced with Zoom Bombings than any TechHost
  • They are likely more prepared for the Zoom Bombing than any TechHost
  • When a meeting descends into chaos, it might the difficult to think calmly what settings to use and which not.

Personally, I woulnd't like to experiment with using only selected items - I would go for the sledgehammer solution.

Make an announcement

Changes are, that at least some of the meeting participants didn't understand what just happened. Maybe make a short announcement to inform the meeting participants in a calm and non-alarming way.

E.g.:

  • Enable your microphone
  • "This is your TechHost. Sorry for this interruption. We are doing some housekeeping, and the meeting will continue in about 1 or 2 minutes."

Remove Bombers

After freezing the meeting and a short announcement, the idea whould be, that you now remove the Zoom Bombers. However:

  • They may already be gone - Lock meeting doesn't prevent them from leaving
  • Take your time to carefully check the participant list for any unfamiliar names
  • Assume that they are still there - And adapt security to that (see next step).
Host Tools » Remove participant...

Continue with all security measures still in place

Zoom Bombers have the nasty habit of immediately attacking again, after being expelled. From their point of view, that makes sense: Changes are, that TechHosts are still confused and anxious and they might react less appropriately. There isn't a button or link to reverse all settings at once, because you probably want to keep some security measures in place.

Actually, you can continue with the meeting without changeing any setting - I'm quite sure I will use this approach, next time I experience a Zoom Bombing:

  • Participants can still raise their hand
  • When you click on their name, you can ask them to unmute. This works only once: When a participant unmutes and mutes again, he/she cannot again unmute themselves - Perfect!
  • There is no such setting for video: Either nobody can enable their video, or everybody can → Leave it as it is.
Everything is locked, but you can continue with the meeting: Participants can still raise their hand, and the TechHost can ask participants individually to unmute

Enable some participant activities - Still very safe & easy way

The previous section discussed the safest way to continue with the meeting. Here we take this a tiny bit further:

  • Disable Lock meeting
  • Now folks can enter the meeting room - Which makes stuff at once a whole lot more difficult, as you now need to figure out who is a legitimate visitor, and who isn't.
Host settings with unchecked Lock meeting - Again: The actual settings depends on your Zoom subscription and the settings in your Zoom Account

Enable participant activities - The nuanced & complicated way

Host tools: Settings to resume the meeting - Actual settings might depend on your specific Zoom account

Ah, you like living dangerously, or you really, really know what you are doing: Good luck! Here are some of the options a bit more in detail:

Keep waiting room enabled

  • Keep the waiting room enabled, and only allow folks in, when you are really sure who they are. They might copy the names of other participants
  • Not sure? Difficulties thinking calmly? Then don't admit anyone.

Don't allow participants to unmute themselves

  • Don't allow participants to unmute themselves. This is an easy measure that isn't too intrusive
  • Be aware that this setting is for all participants at once: Either nobody can unmute themselves, or everybody can. If you choose nobody, you can still ask undividuals to unmute themselves - Which is just perfect

Don't allow participants to start video themselves

Again, easy but not intrusive.

Don't allow participants to text to everybody

Again, easy but not intrusive.

Keep hiding profile pictures

Again, easy but not intrusive.

Don't allow participants to rename themselves

From a mobile device

It's probably best to be host on a computer, rather than from a mobile phone or tablet, as these devices have limited interfaces. However, the functionality is available:

  • Again, you have to have the Zoom Co-host or Host role
  • Click near the bottom of the Zoom interface, to show the host menu
  • Click Host tools » Suspent participant activities » Suspent and report
  • Disable your own audio and make an announcement
  • Remove Zoom Bombers
  • Reverse the Suspent participant activitie settings one-by-one.

Practice, practice, practice

To be able to adequately respond to a Zoom Bombing, you need to practice until this becomes an automatic reaction.

A suggested practice protocol:

  • 1. Enable Suspent participant activities
  • 2. Make announcement. E.g.: "Sorry for the interruption. We are doing some quick housekeeping before we continue with the meeting"
  • 3. Remove Bombers (can't do this while practicing)
  • 4. Continue the meeting with most security measures still in place.

When you're TechHost on a regular basis (e.g., once per week), maybe come 15 minutes earlier to the meeting for some weeks in a row to practice, until it goes automatically.

It's probably best not to practice too closely in time to the opening moment of the meeting, as folks can't join the meeting when Lock meeting is enabled.

See also

Overgenomen van "https://wiki.devliegendebrigade.nl/index.php?title=Zoom_Bombing&oldid=39070"