Oxford blocks Google Docs

Google needs to do more to fight cyber-crime, says university after spate of phishing attacks

Oxford University has revealed it suspended use of Google Docs on 14 February following a sustained influx of phishing attacks on the network.

The attacks, designed to acquire login details for university systems in order to send spam emails, used fake forms in Google Docs in an attempt to dupe university staff and students into handing over email addresses and passwords.

Given the variety of student laptops and visitors' machines plugging into a university's network, it can be difficult or impractical for network managers to block access and filter encrypted traffic, such as that used in Google Docs. This makes them vulnerable to such phishing attacks.

Writing on the Oxford University Computing Services blog, Robin Stevens, a member of the institution's network security team, said the repeated attacks meant Google Docs needed to be suspended for two and a half hours.

"Almost all the recent attacks have used Google Docs URLs, and in some cases the phishing emails have been sent from an already-compromised university account to large numbers of other Oxford users. Seeing multiple such incidents the other afternoon tipped things over the edge," said Stevens.

"We considered these to be exceptional circumstances and felt that the impact on legitimate university business by temporarily suspending access to Google Docs was outweighed by the risks to university business by not taking such action."

Stevens said a temporary block would get users' attention and, it was hoped, serve to moderate the "chain reaction".

Because of how Google Docs is tied into other Google services, users' activities were disrupted for an afternoon, but Stevens said the action was necessary in order to protect the network, adding that such action cannot be ruled out in future.

He laid some of the blame on Google, insisting that the web giant needs to be more proactive when its services are being used for criminal activities.

"Google's persistent failures to put a halt to criminal abuse of their systems in a timely manner is having severe consequences for us, and for many other institutions," wrote Stevens. "If OxCERT is alerted to criminal abuse of a university website, we would certainly aim to have it taken down within two working hours, if not substantially quicker. Even out of official hours there is a good chance of action being taken. We have to ask why Google, with the far greater resources available to it, cannot respond better.

"Google may not itself be being evil, but its inaction is making it easier for others to conduct evil activities using Google-provided services," he concluded.

Last month, cloud hosting company Firehost warned of a huge rise in cross-site scripting attacks, including phishing, with attacks increasing by an estimated 160 per cent in the final quarter of 2012.