UPDATED Around 90 Australian public schools will be without email for up to a week after students responded to mistaken use of a mailing list with horrible content, which in turn sparked a Reply-All storm that asked for the circulation of email nasties to stop.
The affected schools are in the Australian Capital Territory, a region of Australia that houses the nation’s capital city of Canberra.
The incident started last Friday, when the local Education Directorate said student inboxes started to fill with “spam emails containing inappropriate material.”
Local media has reported that the emails included links to smut, photos of genitalia and images of deceased children.
The Directorate quickly came to the conclusion that “students gained access to system email distribution lists and inappropriately used these to send emails to their peers.”
The ensuing Reply-All storm, much of it comprised of mails asking someone to stop the flow of horrible material, was only stopped when the Directorate pulled the plug on Gmail and Google Classroom.
Today the Directorate issued an update that confirms “The incident occurred when a student attempted to share their work with their classmates, accidentally using a global distribution list code. Other students ‘replied all’ and a small number of students shared inappropriate content, including pornographic imagery.”
The mess was only possible because some students used their personal devices to share the smut, which the Directorate swears would not have been possible to access from within the schools it operates.
“Over the weekend we have worked to remove access to global distribution lists and rigorously test our systems to ensure students cannot again access the lists,” the update stated. “An external consultant is providing independent oversight to ensure the ongoing safety of our Google platform.”
But this will all take time: Google Classroom and Google Drive are due back online on Tuesday, with students told they’ll enjoy “access to their email accounts by the end of this week.”
And there's a new case study on restricting access to mailing lists, content-filtering and how to manage personal devices that access cloud services. ®
UPDATE: The Directorate restored email services on August 25th, but only after deleting all emails sent after 10:00 AM on Friday 14 August. The organisation has made implemented security upgrades including "limiting access to global groups, limiting the number of recipients a student can email, as well as updated internal filters."