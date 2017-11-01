Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
Security Technology

Student Charged By FBI For Hacking His Grades More Than 90 times (sophos.com) 73

Posted by msmash from the stranger-things dept.
An anonymous reader shares a report: In college, you can use your time to study. Or then again, you could perhaps rely on the Hand of God. And when I say "Hand of God," what I really mean is "keylogger." Think of it like the "Nimble Fingers of God." "Hand of God" (that makes sense) and "pineapple" (???) are two of the nicknames allegedly used to refer to keyloggers used by a former University of Iowa wrestler and student who was arrested last week on federal computer-hacking charges in a high-tech cheating scheme. According to the New York Times, Trevor Graves, 22, is accused in an FBI affidavit of working with an unnamed accomplice to secretly plug keyloggers into university computers in classrooms and in labs. The FBI says keyloggers allowed Graves to record whatever his professors typed, including credentials to log into university grading and email systems. Court documents allege that Graves intercepted exams and test questions in advance and repeatedly changed grades on tests, quizzes and homework assignments. This went on for 21 months -- between March 2015 and December 2016. The scheme was discovered when a professor noticed that a number of Graves' grades had been changed without her authorization. She reported it to campus IT security officials.

Student Charged By FBI For Hacking His Grades More Than 90 times More | Reply

Student Charged By FBI For Hacking His Grades More Than 90 times

Comments Filter:

  • At least he cares about grades. Most student athletes dont.

    • They care, their scholarships usually need a minimum GPA. If they don't care it's because someone is fixing it for them, or the prof makes sure the team doesn't lose its star because he couldn't quite add a couple numbers.

      • He would have been far better off spending the time and energy to study and improve himself not only to do better in academia but concordantly in business. In the amount of time he spent hacking, he could have aced everything. Instead, he fails miserably, demonstrates his moral fibre, and shows that he will excel at nothing but politics.

        Sad.
        • The amount of learning needed is fairly minimal.
          You buy a keylogger for $30 or so.
          You plug it in between the keyboard and the PC.
          Later, you unplug it from the keyboard and the PC, and look for passwords and userIDs. (easy to spot as they're the first after several hours idle).
          Now, you simply type in the username and password, or use remote access if that's an option, to access the software in the same way the teacher would enter your grades.
          This is not a complex attack.

    • What is this? War Games?

  • He should change his major to "Hacking"; problem solved!

  • What moron wrote this? (Score:3)

    by xxxJonBoyxxx ( 565205 ) on Wednesday November 01, 2017 @02:08PM (#55470743)
    >> when I say "Hand of God," what I really mean is "keylogger." Think of it like the "Nimble Fingers of God." "Hand of God" (that makes sense)

    Hey, um, "Nimble Fingers" is a dangerous thing to type into a search bar. And no one has used that phrase in a SFW setting since 1978.

    >> and "pineapple" (???)

    Prolly this: https://www.wifipineapple.com/

  • Seems like smart would have been to either obtain the quiz questions OR to change your grades only once every semester. Attacking both sides of the system makes way too much noise.

    --
    "What's up doc?!" - B. Bunny

    • Smart would have been to subtly modify other peoples's grades just a tad before totals are tallied. Too much noise to identify the signal.

      • Re:I wouldn't hire him (Score:5, Insightful)

        by Austerity Empowers ( 669817 ) on Wednesday November 01, 2017 @02:19PM (#55470823)

        Smart would have been to study, do the homework and pay attention.

        • The summary says he "intercepted exams and test questions in advance", so I guess that guy really sucks at learning.

        • That assumes the goal was to learn the material, not simply to pass the class. We're operating in the scope of how to cheat effectively.

          Besides, I've got a computer security background; discussing how to effectively penetrate a system without getting caught is in my scope of professional interest. (Imagine that: someone who's actually looked inside a computer trying to get a Congressional seat.)

      • No, that would have guaranteed the teacher would have known something was up. As soon as a good student noticed a grade change the audit would have been on.

        Smart would have been to study the test questions he downloaded and not share with class/team mates.

        Even smarter would have been to actually attempt to get an education while in college. It's not like there's a great future for greco-roman wrestlers.

  • Why is USB device plug can read keyboard input without installation or authorization from the computer? Is plugin a mouse or keyboard really have the feedback of each key pressed? I know they need to know when caplock is on but what about all normal keys?".

    • Re: (Score:1)

      by Anonymous Coward

      Not sure what you're trying to say here. Looks like you're assuming that keypresses are broadcast to all USB devices, which is, of course, nonsese.

      Your run of the mill hardware keylogger is a device that's between the computer and the keyboard. A "man in the middle" attack, only in hardware. There's no software installation, and no way for an OS to detect it.

      https://en.wikipedia.org/wiki/... [wikipedia.org]

      • Re: (Score:2)

        by pegr ( 46683 )

        "...no way for an OS to detect it."

        It's not easy, but it can be done. The USB keyloggers present themselves over the USB bus as a keyboard, but not necessarily YOUR keyboard. They will have the same USB vendor/device ID across all of the devices. So look for that ID in place of your normal keyboard. Boom, detected in software. ;)

        • The USB keyloggers present themselves over the USB bus as a keyboard, but not necessarily YOUR keyboard.

          A keylogger need not present itself as anything over the USB bus. It can simply monitor the data lines that pass through it, allowing your keyboard to talk to the system. How do you detect that?

          Second, what OS has the 'feature' of locking itself to one specific vendor and device id for its input devices? That 'feature' would be disabled the very first time the keyboard needed to be replaced in a hurry, like "I just showed up to deliver a lecture and the keyboard on the display computer is broken. I'll use

          • It's coming. Lookup 'Rubber ducky'. Essentially a reprogrammed flash storage device that presents itself as a keyboard and runs scripts (typically attack scripts).

            Many places have computers set to call IT if anybody plugs in a USB storage device. Soon it will also call for a keyboard.

    • Why is USB device plug can read keyboard input without installation or authorization from the computer?

      News for nerd: many, if not most, modern keyboards are USB. Plugging a device into the computer and then the keyboard into the device means it looks like a keyboard to the system and there is still only one on the system.

      Is plugin a mouse or keyboard really have the feedback of each key pressed?

      Yes, a keyboard knows what keys have been pressed. That's kinda the whole purpose of a keyboard.

  • Use TFA. Here it is 2017. I'm running low on sympathy for those who get hacked because they didn't use TFA.
    • Most school record keeping is done on systems similar to those still used in finance: ageing mainframes running the same COBOL they have for the past 40+ years. Attempts at modernizing this are money-pits that don't work any better. Emulating the old hardware is the most cost-efficient solution.

  • Is he that bad? (Score:3)

    by DontBeAMoran ( 4843879 ) on Wednesday November 01, 2017 @02:26PM (#55470895)

    Court documents allege that Graves intercepted exams and test questions in advance and repeatedly changed grades on tests, quizzes and homework assignments.

    Hey, let's get the exams and test questions in advance so I'll have a good score!

    Fails.

    Hey, let's enter the system and change my grades since I failed even when I had the exams and test questions in advance!

    That guy's C.V. can be resumed in one sentence: Can't even cheat his way out by cheating. I'd never hire that guy in a million years.

    • Re: (Score:2)

      by jandrese ( 485 )
      And he got caught because he was incredibly stupid about how he did the cheating. He didn't even try to hide what he was doing, just log in and change that 20 to a 100 like the professor won't notice. This guy is a real piece of work.
  • "Ferris has been absent 9 times"....."GRACE!"

  • on the football / basketball team then no need to hack to your grades as the school will find away to make you pass.

  • in the 80's just needed to know where they wrote down the password

    https://www.youtube.com/watch?... [youtube.com]
    https://www.youtube.com/watch?... [youtube.com]

  • I noticed a kid (old enough to drive) sneaking out of CiCi's with a plate (a restaurant plate) of pizza.

    Nimble fingers indeed!

    Hey, I brought pizza into the thread....

  • The university told the FBI that the cheating scheme cost the school $68,000 to investigate the breach and to beef up its IT security.

    Maybe they should have thought about IT security from the start.

    I've been to college and I see how "security" is done. The computers the instructors use are just put on a desk or table in the front of the room. To keep it from walking away there will be a flimsy cable attaching the parts to the desk or wall. Even basic security, like setting BIOS passwords, will not be done. This can allow spying on the computer with software keyloggers and such, or simply vandalizing it so it's unbootable. The install

  • This seems like simple criminal trespass, fraud and larceny. The local or state PD can handle this.

Slashdot Top Deals

The truth of a proposition has nothing to do with its credibility. And vice versa.

Close