Oxford University Blocks Google Docs As Phishing Attacks Escalates

February 20, 2013 0



London — In a surprising turn of events, besieged with an epidemic of phishing attacks on its academic networks, Oxford University took drastic measures: It decided to temporarily block access to Google Docs for 2.5 hours on Monday, after a dramatic increase in phishing attacks trying to harvest academic email credentials using bogus forms hosted on the service and has said Google should share some of the blame for the outage.



Google itself might not be evil, but its inaction makes phishing evil easier, says university’s tech team. Blamed ‘persistent failures’ by Google to stop abuse, but removed block after two hours.

Image Credit: (ZDNet)… Oxford University suspended Google Docs for two and a half hours on Monday.

Early this week the University’s IT team said it dealt with loads of account compromises in the span of a few days, almost all using Google Docs to host fake helpdesk alerts.

And, on the contrary unable to get Google to remove the pages quickly enough, and with spammers hijacking legitimate University domain accounts to send spam, the IT department decided to pull the plug for several hours while it considered what technical counter-measures it might deploy.

As a matter of fact, Robin Stevens from Oxford University’s network security team said, the university took the decision after it witnessed a wave of phishing attacks designed to obtaining logins and passwords for university systems, including email accounts, to send out spam. “We considered these to be exceptional circumstances,” said Stevens, in a blog post.

“Now we may be home to some of the brightest minds in the nation. Unfortunately, their expertise in their chosen academic field does not necessarily make them an expert in dealing with such mundane matters as emails purporting to be from their IT department,” he wrote.

However, in order to get access to the accounts, the phishers used forms in Google Docs (see above image) to get unsuspecting users to give up their details. While the university had constantly been reporting the forms to Google when they saw them, students were still falling victim to the phishing attacks — leaving it no option but to block Docs outright.

Stevens explained that Oxford’s problem stemmed from phishers creating form pages using Google Docs. “Almost all the recent attacks have used Google Docs URLs, and in some cases the phishing emails have been sent from an already-compromised university account to large numbers of other Oxford users. Witnessing multiple such incidents the other afternoon tipped things over the edge. We considered these to be exceptional circumstances and felt that the impact on legitimate university business by temporarily suspending access to Google Docs was outweighed by the risks to university business by not taking such action,” Stevens wrote in a lengthy explanation on the OxCERT blog.

But, eventually after evaluating the disruption caused by the blockage, the university removed it after about two and a half hours, he said.

“It certainly gets rid of that particular problem pretty effectively, but it is something of a sledgehammer to crack a nut,” Graham Cluley, a senior technology consultant with cyber security software maker Sophos said via email.

On the contrary, “It is fair to say that the impact on legitimate business was greater than anticipated, in part owing to the tight integration of Google Docs into other Google services,” he added.

Besides, OxCERT also puts some of the blame for the disruption on Google’s “persistent failures to put a halt to criminal abuse of their systems in a timely manner”.

Admittedly, “Google may not themselves be being evil, but their inaction is making it easier for others to conduct evil activities using Google-provided services,” Stevens wrote.