Oxford Uni blocks Google Docs, points finger at Google over phishing fail

Oxford Uni blocks Google Docs, points finger at Google over phishing fail

Summary: Google might not be evil, but its inaction makes phishing evil easier, says university's tech team.

SHARE:
12
Oxford
Oxford University suspended Google Docs for two and a half hours on Monday.

After being bombarded by phishing attacks, Oxford University decided to block Google Docs for 2.5 hours on Monday, and has said Google should share some the blame for the outage.

According to Robin Stevens from Oxford University's network security team, the university took the decision after seeing a wave of phishing attacks aimed at getting logins and passwords for university systems, including email accounts, to send out spam. In order to get access to the accounts, the phishers used forms in Google Docs to get unsuspecting users to give up their details.

While the university had been reporting the forms to Google when they saw them, students were still falling victim to the phishing attacks — leaving it no option but to block Docs outright.

"Almost all the recent attacks have used Google Docs URLs, and in some cases the phishing emails have been sent from an already-compromised university account to large numbers of other Oxford users. Seeing multiple such incidents the other afternoon tipped things over the edge. We considered these to be exceptional circumstances and felt that the impact on legitimate university business by temporarily suspending access to Google Docs was outweighed by the risks to university business by not taking such action," Stevens wrote in a lengthy explanation on the OxCERT blog.

"It is fair to say that the impact on legitimate business was greater than anticipated, in part owing to the tight integration of Google Docs into other Google services," he added.

"While this wouldn't be effective for users on other networks, in the middle of the working day a substantial proportion of users would be on our network and actively reading email. A temporary block would get users' attention and, we hoped, serve to moderate the 'chain reaction'" of compromised accounts being used to compromise further accounts.

Despite what appears to be have been a severe impact on the business, Stevens warned it cannot rule out future blocks, albeit with a higher threshold. Oxford University is also looking at other technical measures that have less impact on legitimate network usage and is reviewing its emergency communications procedures.

OxCERT also puts some of the blame for the disruption on Google's "persistent failures to put a halt to criminal abuse of their systems in a timely manner".

"Google may not themselves be being evil, but their inaction is making it easier for others to conduct evil activities using Google-provided services," Stevens wrote.  

"If OxCERT are alerted to criminal abuse of a university website, we would certainly aim to have it taken down within two working hours, if not substantially quicker. Even out of official hours there is a good chance of action being taken. We have to ask why Google, with the far greater resources available to them, cannot respond better," he added.

ZDNet has asked Google for comment on the matter, and will update the story if we receive any. 

Topics: Security, Google, Google Apps

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • Oxford University got Scroogled

    Glad to see they knew how to defend themselves. It's a wake-up call for the others fooled into Google services.
    LBiege
  • Google

    don't care as long as they get to snoop and advertise
    Xenon8
  • Use SkyDrive and MS Office Web Apps

    I'm surprised to hear that intelligent young British students were even using Google Docs. Perhaps it was a middle-aged non-teaching member of staff.

    Those in the know are aware of SkyDrive and MS Office Web Apps, and once you've tried the real thing you'll never go back to Google Docs.
    Tim Acheson
    • Terribly Ignorant

      What you say makes no sense. This was a phishing attack, which is purely social in nature. It's just one person tricking another person by convincing them of something that isn't true. If they used MS Office Web Apps, the same thing would have happened. They would have blocked Microsoft's services for a couple of hours. Then, they would have complained about Microsoft.
      BIGELLOW
  • Google is evil

    "persistent failures to put a halt to criminal abuse of their systems in a timely manner".

    "Google may not themselves be being evil, but their inaction is making it easier for others to conduct evil activities using Google-provided services,"

    - The above statement is a MILLION PERCENT true.

    Every time Google's pathatic excuse is that machines are doing this and algorithm is doing that. Look at YouTube piracy and how google benifits from advertisement money.

    Google has created so many 'free' services that many could abuse and one of the main benefactors are Google THEMSELVES.

    Google is nothing but an very cunning company with evil intentions and the excuses they come up with is nothing but lies. Politicians and European unions are giving google a free ride with their corrupt practices.

    Campaigns like 'Scroogled' is a good start to educate the public
    Owlll1net
  • Google creeps

    Eric Schmidt:

    "Google policy is to get right up to the creepy line and not cross it."

    "With your permission you give us more information about you, about your friends, and we can improve the quality of our searches. We don't need you to type at all. We know where you are. We know where you've been. We can more or less know what you're thinking about."

    I don't want my e-mail service to be run by these lot ^
    Xenon8
    • Then don't use it

      FFS, stop moaning about something you don't use. I do, I don't care what you think. You might as well meet up with 1 million % owlnet so you can work out your conspiracy theories together. While you're at it, teach him how to spell.

      The ego's of people on here really do make me laugh. In your own minds you're better than any IT professional or academic institution, you know so much more. Behave, you don't leave your basement unless your mom calls you to wash up for dinner. Pathetic.
      Little Old Man
    • creeps

      I wonder if Eric likes Jeepers Creepers song...
      "Jeepers Creepers, where'd ya get those peepers?
      Jeepers Creepers, where'd ya get those eyes?"
      Mr.SV
  • Google docs?

    Lol... When will people learn?
    IamTiger
  • This is stupid...

    Here are three alternatives that phishers could use just as easily:

    http://www.surveymonkey.com/
    http://polldaddy.com/
    http://kwiksurveys.com/

    Not to mention that they could easily create their own phishing website that does the same thing. Google Forms is a platform.
    Ajedi32
    • Re: This is Stupid

      Those sites you listed take down phishing forms within minutes of them being reported. On the other hand, Google does not. Here are 106 phishing forms that i have reported abuse to Google. Most of them have taken well over 2-3 days to be taken down. I've set up honeypots and posted Nigerian IP's that the intruders are using, an Google still doesn't take down the forms:

      http://productforums.google.com/forum/#!searchin/docs/tacitusvir

      i report these malicious forms to other sites and most take them down within the hour.

      Google really needs to revamp their response process.
      tacitusvir
  • nice article...

    Very insightful article. Btw if you are looking for fast and reliable replication and synchronization between cloud services like dropbox, google drive check out cloudHQ by clicking on the link http://cloudHQ.net
    Thaid1986