Google Docs/Gmail Phishing Debacle

Note: Information for G-Suite domain Administrators located at the bottom of this write up.

Yesterdays email debacle was widespread and hit a large number of Gmail users worldwide. Many of the media outlets have touted the “dangerous attack” as “hacking” your email account and warned users not to open any Google Docs. However, this email in particular did not actually do any harm (beyond the annoyance of spamming millions of email accounts). After seeing the source code and the events that followed the incident, it is believed by many (myself included) that this was a proof of concept attack by a researcher to open Google’s eyes to a possible vulnerability. It worked, as Google moved swiftly to disable the app and put in safeguards to HELP combat similar and possibly more malicious attacks in the future. DO NOT be afraid to open Google Docs that are shared with you. DO read on for more information about how you can safeguard yourself from similar attacks in the future.

The Scam

  • What happened after you clicked open on the offending email is the problem, and it something that we have complete control over.
  • The email linked to an authorization page (see screenshot below) that asked you to give an app called Google Docs (Not the actual Google Docs, Docs should never ask you for Gmail and Contact permissions), full access privileges to your gmail account and your contacts.
  • If you clicked allow (rather than closing the page, or hitting deny), it installed an app with the ability to read your contacts and read/send email as you.
  • The app script then sent that same message to every one of your contacts and an inbox on mailinator.com (the hhhhhh@mailinator.com address). Mailinator.com is a public inbox service that had no ties to the email and worked quickly to disable the inbox.

Screen Shot 2017-05-03 at 2.16.10 PM (1).png

What can you do to protect yourself?

  • Never open ANY email Attachments from an unknown source, and be careful when opening attachments from a known source.
  • ALWAYS read and understand what permissions you are giving apps (Online, on your cellphone, on your computer, etc..). If the permissions seem overly invasive, ask questions.
  • If you get a message that says a Google Doc is being shared with you, and it seems out of place, go to drive.google.com and click on the “Shared With Me” tab. Any real shared Google Docs will be located there.
  • Go to https://myaccount.google.com/security and audit your account settings every once in a while. If you click on the “Connected apps & sites” tab, you can verify which apps have which permissions and disable any unused, over-reaching, or out of place apps.
  • Here is more information for keeping your account secure from Google- https://support.google.com/accounts/answer/46526?hl=en

Notes for G-Suite Domain Administrators:

  • It’s wouldn’t be a bad idea use GAM to delete and OAuth Tokens left behind by this incident.
  • If you want to see anyone on your domain has these OAuth tokens, you can use the following command:

gam all users show token clientid xxxxxInsertTokenIDHerexxxxx

  • If you want to see who has these tokens, and delete them, run this command in GAM

gam print users | gam csv – gam user ~primaryEmail delete token clientid xxxxxInsertTokenIDHerexxxxx

Known Token IDs to be removed.

187102321219-1cb4b2gdr0bqv5u5n35vi1hecjcp1sjg.apps.googleusercontent.com

946634442539-bpj9bmemdvoedu8d3or6c69am3mi71dh.apps.googleusercontent.com

632715883535-h36sb9m6fot4vusucprsab95naef791n.apps.googleusercontent.com

366668462857-3qkidqn8oseh9v3fhm3085kpb747bgm7.apps.googleusercontent.com

188775109388-t33r6vb45j8fgf8vpcp4q0e6qt2pe01n.apps.googleusercontent.com

1024674817942-fstip2shineo1lsego38uvsg8n2d3421.apps.googleusercontent.com

Resources:

 

May the 4th be with you (Happy Star Wars Day!),

J

Tool of Choice

tools-625620_1280

Let me preface this post with the following statement- I am a technologist, and I have always lived under the motto that any technology is better than no technology. I also strongly feel that in education, adding technology should never be the end-game, learning is. Technology is just a very efficient tool for teaching and learning when placed in the right hands with the right resources.

With that said, I have some great news! Monday night, our School Board approved our district wide 1:1 initiative starting in 2015-2016. This program will put a Chromebook in the hands of every student in grades 5-12 and move current Macbook carts down to cover grades K-4. If you would like more information on all the specifics, here is our press release on the topic. Right now, I really want to discuss why we decided to go with Chromebooks for our 1:1.

The journey to now has been an interesting one. When I started at my district 4 years ago, there were a handful of iPads, tons of 5-10 year old computers, and almost no WiFi (I won’t go into depth on the rest of our infrastructure. Just know, it wasn’t pretty). We have since fixed (most of) our infrastructure issues, including WiFi, which we will be building out to one 802.11AC access point per classroom this summer. With a limited budget, we struggled with how to both modernize our infrastructure and get modern tools in the hands of teachers and students.

In 2012, Google Apps for Education came along and saved us. Email, collaboration tools and storage were just what we where looking for. All of this for the incredibly low price of free! It was around this same time period that Chromebooks became a thing. Through a grant, we were able to purchase several carts of Chromebooks for our district that helped us fill a void of in-class technology that, until that point, we could not afford to fill. It was great! A connected device that cost a fraction of what a full function laptop cost. I remember getting some pushback from others in education for jumping on the Chromebook train.  At that time, districts were buying iPads like they were going out of style. I have no problems with iPads, we even have quite a few in our district, but I have just always felt that tablets should be a secondary device (unless it is for a specific use-case, such as special need or very young students). I vividly remember saying that Chromebooks could never work for a take home 1:1 program at the middle/high school level- They don’t have the functionality, and we have too many kids without internet access at home. Don’t get me wrong, I have always loved Chromebooks, but I have always somewhat questioned their lack of offline functionality.

In the last year, I have changed my stance on this. We started a 1:1 pilot this year in our 5th and 6th grade classrooms with Macbook Airs. Everyone was on board with this large investment, and I was excited, because I thought we were picking the best device for the problem we faced. We were giving the kids a fully functioning device, that would allow the students without WiFi access at home the same advantages as those with access. Don’t get me wrong, the pilot was a huge success. Teachers and students have done a great job with it. However, the number one complaint I received was still regarding students with no internet access at home. The teachers reminded me that many of the most powerful edtech tools that they are using in the classroom are free web-based applications, especially our Google Apps for Education Suite. Here I was trying to solve the problem of no WiFi with a device that still isn’t fully functional without WiFi.

Then it hit me. The solution isn’t the device. Instead, we need to change our approach. We need to focus on making internet access ubiquitous. Here are some of our ideas for making access a priority moving forward. If you want to add any ideas to the list, leave a comment and I will happily add it. Pair that change in thought with the fact that Chromebook offline support has been greatly improved in the last year, and Chromebooks now seem like a no-brainer for us (right now). The tool you choose is up to you, but my advice- the tool is less important than the environment it will be used in. Focus on fixing the underlying problems first.

Thank you,

J