Google Docs Restored at Oxford Following Brief Banishment by Security Team
Citing concerns over phishing attacks, University of Oxford's network security team recently took the unusual measure of blocking Google Docs campuswide. The team has since restored access to the service and apologized to end users for the disruption.
In a lengthy and detailed blog post this week, Oxford's Robin Stevens said the move was necessitated by fears that the Google Docs cloud service was hosting malicious content (especially forms) that might make it possible for scammers to harvest the credentials of Oxford's end users.
"Over the past few weeks there has been a marked increase in phishing activity against our users," Stevens wrote. "Now, we may be home to some of the brightest minds in the nation. Unfortunately, their expertise in their chosen academic field does not necessarily make them an expert in dealing with such mundane matters as emails purporting to be from their IT department. Some users simply see that there's some problem, some action is required, carry it out, and go back to considering important matters such as the mass of the Higgs Boson, or the importance of the March Hare to the Aztecs."
He indicated that most of the recent attacks were using Google Docs URLs, and, after several such Google-hosted phishing attempts were seen in a single afternoon last week, the University of Oxford Computer Emergency Response Team (OxCERT) made the decision to cut Google Docs off.
However, service was restored within two-and-a-half hours. Stevens wrote that the "impact on legitimate business was greater than anticipated" owing to widespread use of Google Docs among campus community members. Instead of cutting off access completely now, the security team will look into technical solutions to help minimize the risks of phishing attacks and will put additional pressure on Google to deal with those who uses its services for illegitimate purposes more quickly.
"Google's persistent failures to put a halt to criminal abuse of their systems in a timely manner is having severe consequences for us, and for many other institutions," Stevens wrote. "If OxCERT are alerted to criminal abuse of a University website, we would certainly aim to have it taken down within two working hours, if not substantially quicker. Even out of official hours there is a good chance of action being taken. We have to ask why Google, with the far greater resources available to them, cannot respond better."
In response, Google issued a statement defending its practices and emphasizing that there are simple tools available to all Google users for reporting phishing activity.
In an e-mail, a Google spokesperson told us: "Google actively works to protect our users from phishing attempts. Using Google Docs, or any of our products, for distribution or coordination of phishing is a violation of our product policies, and we will remove any forms or disable accounts discovered to be used for these purposes. Users can report phishing pages using this form or directly through Gmail."