CybersecurityHacking prof’s computer to change a grade is easier than studying
Academic institutions are easy targets since many do not invest in sophisticated IT personnel or employ the latest cybersecurity programs. Some students have noticed this, and more and more universities are facing a new hacking problem: students hacking their professors’ computers in order to improve their grades. “It became so much easier to change my grades than going to class and working real hard,” a Purdie University student told an Indiana court.
Colleges and universities are typically open communities where “it wouldn’t be uncommon to walk into an academic setting at a university and see a professor’s door wide open while he went to get some coffee,” says to Rodney Petersen, former head of the cybersecurity program at Educause, a nonprofit alliance of schools and technology companies.
Today, academic institutions must adopt tougher security measures to prevent student hackers from accessing faculty computer systems in order to change grades or obtain exam documents.
News.com reports that Roy Sun, a former student at Purdue University, changed his grades from Fs to As by stealing professors’ passwords, then hacking into the university’s computer system. “It became so much easier to change my grades than going to class and working real hard,” Sun said in an Indiana courtroom two weeks ago, where he was sentenced to three months in jail. Sun and his accused accomplice, Mitsutoshi Shirasaki, gained access to professors’ computers by picking locks on office doors, then installing keystroke loggers on professors’ keyboards. According to court documents, both students aroused suspicion by changing professors’ passwords, tied with a failure to mask Shirasaki’s computer IP address. Authorities later traced the hacking back to Shirasaki’s apartment where they found a keystroke logger and a lock-picking set.
In almost every case of student hacking, the students stole professors’ passwords using a keystroke logger; the devices are widely available online, and are “notoriously hard to detect unless physically spotted,” says John Hawes, a technical consultant at the computer security publication Virus Bulletin.
Academic institutions are easy targets since many do not invest in sophisticated IT personnel or employ the latest cybersecurity programs. Many university IT departments are already occupied with protecting system networks from foreign hackers who try to steal intellectual property developed by faculty members.
Experts note that academic institutions can take simple steps to protect their computer systems from student hackers, such as requiring faculty to log in only on computers which are off-limits to students, and requiring frequent mandatory password changes. Students should be taught the penalties for hacking, Petersen said. “Some students might see this as minor issue, but it is a crime. We need to bring more attention to the fact there are serious consequences associated with this.”