Slashdot Mirror
Hacker Exposes Evidence of Widespread Grade Tampering In India
Okian Warrior writes "Hackaday has a fascinating story about Indian college student Debarghya Das: 'The ISC national examination, taken by 65,000 12th graders in India, is vitally important for each student's future: a few points determines which university will accept you and which will reject you. One of [Debraghya]'s friends asked if it was possible to see ISC grades before they were posted. [Debraghya] was able to download the exam records of nearly every student that took the test. Looking at the data, he also found evidence these grades were changed on a massive scale."
Sometimes you have to do the needful to get into the school you want.
This would be true in the US and the UK, and India doesn't even match up to those "high" standards. He'll be in jail because someone with power will be embarrassed by this.
Why did this guy name names of his friends?? WTF is he thinking?! "Grades changed on a massive scale, maybe you can't hurt me but here are some names of my friends you can screw over."
not even hacking just URL typing with fixed ID numbers
Any chance this has to do with the horrible caste system there? Id like to see whos grades were changed. I wouldnt be surprised if they failed people of lower social standing to not let them move up.
Other countries might not actually be doing better in education. They may just be moving the bar.
Looks like his observations might have been the result of standardizing the test scores... IE if you have a test that only scores 50 max and you scale it to 100 obviously you aren't going to have many odd numbers in the results.
More for the discussion of statistics than for the really sad excuse for security on those pages..
He tried to kill me with a forklift!
this is the type of coding that you get in India stuff done on the cheap and likely to coded to spec with no thinking about how bad of a idea this is.
Have you seen the curves? They don't even approach a poisson distribution.
Or it is an artifact of the scoring system.
A lot of this can just be explained by curving scores to a pre-determined pattern, just like every other standardized test. Plotting SAT scores will get you the same hedgehog curve, since you can't get a score that's not a multiple of 10 IIRC. The IT failure here is still inexcusable.
And after that, they will come saying:
- I am an engineering graduate of a super indian university Sir, I swear that I can code your new SW in 3 minutes for $5! (while shacking their head!)
Makes you wonder why 10 months after you get some crap that is barely working!
cyrille
The test results were manipulated. There are missing scores (from 1-100) on a test taken by 150,000 students. That is not possible. They have been bumped up to passing. The graphs show jagged peaks separated by gaps rather than a curve. Unless his data is incomplete or has been manipulate, there is no reasonable explanation for the jagged charts.
If there was tampering, why is it the assumption of the education board doing the tampering? Maybe other students found this obviously easy "hack" but improved upon the method to actually modify the data.
Nothing I hear about education fraud in India surprises me since one of my Indian coworkers explained how people "buy" degrees from Indian universities.
University employees can be bribed to create the records for an entire curriculum, spanning multiple years of attendance. This record is indistinguishable from a valid one and generates a real diploma. The University will confirm education because "it's in the system".
I think he said it cost about $3000 USD or so for a Masters degree.
I think his results could be explained if the calculation of the final mark in a subject area involve some dodgy math to scale the result such that some intermediate step compresses the possible result to a discrete range of say 50 or so values which are then scaled / normalized to a 0-100 range. This expansion will result in every other final score value being impossible to obtain.
They may be scoring different parts of the exams with different weights, and then combining and scaling the results together, and I could imagine that process could produce the distribution he's seeing even without malicious intent of some sort.
This seems much more likely than some conspiracy to adjust grades which managed to produce so specific a set of results. The testing board may be playing with the overall weighting and projection of the raw scores onto a final normalized 0-100 range, but then that's what such organizations do to try to account for variations in the test questions from year to year, and I think in the US the SAT people do very similar things.
In other words, his data don't immediately indicate any per-student grade manipulation that I can see. The author is also a bit too proud of his accomplishment and indicates that he's clever, but perhaps also a bit young and naive.
G.
According to my attorney (a former IT person who went to law school), that qualifies as hacking.
He was helping me with a child custody issue, but he had a case where a woman was accused of hacking. He said clearly she couldn't do it as she could barely use a webbrowser and she was accused of a fairly sophisticated attack. He was thinking about using me as an expert witnesss, so we got talking about the subject. He said he'd obviously argue it wasn't if he was the defense attorney, but that case law present was changing GET parameters qualifies as hacking.
That truly scared me.
A few years back, when i was in high school, they had this exact flaw also, yet they had directory listings enabled... You knew a single url, and you got links to every kids grades. They fixed this and changed the way it gets the url, but i later wrote a script to bruteforce those hexadecimal based urls.
However, at the end of the year, the kids would use this system to choose which classes they took the next year. My friend and i had fun changing some kids classes around.
Back on topic, its not even authentication at any point. Its like someone leaving their shades open, and then suing you for invasion of privacy when you happened to notice that they were laundering money in their living room.
E-voting, e-grading, any system that people have motivation to cheat with will be used to cheat. This is why e-voting is a recipe for wholesale theft of the future. Combine wealthy interests which own the e-voting companies with motivation numbering in the trillions of dollars, and voting is and will be a farce. Shut it down.
"There are missing scores (from 1-100) "
Without knowing how many questions are given in each section, and how they're scored, that's not possible to say. The set of possible scores doesn't necessarily include every value from 1-100.
If there are 30 questions in a section, and it's scored on a straight percentage basis, you're going to see discrete peaks every 3.33%, and nothing in between. Gosh, just like on the graphs.
That doesn't explain the odd overall distributions, however.
"National Security is the chief cause of national insecurity." - Celine's First Law
On the other hand, even if there are a sprinkling of one mark questions, the graph would be expected to be uniform. Anyway, good job of a twelfth grader to hack javascript at this level.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
...I'll just add that if the scores are integer rounded, the data points will have an uneven x axis distribution, 0,3,7,10, etc. That will make it appear that points are missing visually, too. Just like on the graphs.
"National Security is the chief cause of national insecurity." - Celine's First Law
Convert a mark out of 60 (OK, not exactly 60, but somewhere around there), to a mark out of 100 and you get a distribution like this. The only oddity is the extended gap just below 35 - but this is also understandable. Most students with a mark of 34 will request a remark, and you will usually be able to find one extra mark. As a result, most markers will just bump 34 to 35 to get rid of that hassle.
It definitely does not represent standardization to a score of 100. It's not an even distribution of peaks. It is pushed up above the failing mark, and there is no gap from 94-100. Furthermore, all the different tests in different subjects show the same gaps. This is not reasonable at all.
Why should that scare you? The law is not some mechanical code, ignoring human factors like intent.
Just because a website is put together incompetently and you can access data so trivially doesn't mean you have permission to do so.
So it is a, WHO CARES !! It is not like Indians do not have a million more important problems !!
You might have a person with an IQ of 140 helping you next time you call customer support.
What does "ls -l" do? Please describe below.
That kind of thing. So, I'm not surprised if institutions are manipulating test scores. India is more about the perception of computer savvy developers than the reality of it.
No sigs in BETA. Beta SUCKS.
The Indian system of education doesn't work like that. Here's a post I made on another forum: You can theoretically attain all marks in the 0-100 range because there is no scaling up. Each paper has components that together total upto a 100. For example, there could be 10 1-mark questions, 15 2-mark questions, 4 3-mark questions, 3 4-mark questions and 6 6-mark questions. Each question can be graded to a fraction of it's worth. So you can get 1.5 on a 2-mark question, 0.5 on a 3-mark question, etc. Thus theoretically, all possible combinations of scores are possible. The absence of certain scores is evidence of tampering. SOURCE: I appeared for the CBSE exams last year. The system is similar, though not the same.
Correct me if I'm wrong, but having read through these results, I'm pretty convinced that he sees numbers that are not showing up in scores and is therefore inferring there is widespread grade tampering. That doesn't seem particularly well backed up by his own published facts.
It may have been more interesting to consider the distribution of scores instead of the irregularity of scores to determine if there was some kind of tampering. Either way, this feels like a leap that is weak at best.
The author answers your objections. First, the missing values didn't have consistent intervals (it wasn't always every 3 points). Second, the grades from 32 to 34 didn't appear in the data. That gap seems unusual. Third, there weren't gaps from 94% to 100%, so it's known to be possible to attain percentages that aren't divisible by three, for example.
There are fragments on the curve with no missing integer values. The marks for the individual questions themselves are docile - there's no reason NO ONE would get a particular score, other than tampering. The dips you see in the curves are ZEROES. As in not a single person getting such mark.
A successful API design takes a mixture of software design and pedagogy.
Same goes for certs from India. While staying there, I got plenty of industry certificates, just by paying "training fee" - in India, if you pay training, the perception is you get the certificate.
Actually it does mean you have permission to do so. It doesn't mean the owners meant to give you permission, however.
Just out of curiosity, do you favor the RIAA's position on IP, then?
So let's say that some numbers are "missing." Why would someone manipulate the exact same numbers to be missing across all of the exams? I mean, I could see bumping a 32, 33, or 34 (non-passing) up to a 35 to have pity on some poor schmuck who came really close to passing, but why would, say, someone change a 93? I mean, not just for one student, but all the way across the board? What possible motivation could someone have to say "That's got to be either a 92 or a 94, we can't have any 93s"?
I'm inclined to believe what the poster above said. They're simply rounding numbers based on the number of questions on the test to some nearby value in a way such that not necessarily every integer between 1 and 100 is represented. In other words, if there are 40 questions on the test, you'll have scores of 3 (rounded from 2.5), 5, 8 (rounded from 7.5), 10, etc. You will never have a score of 76 or 94 or 61. I strongly suspect that if he knew exactly how the test was scored, the "missing numbers" explanation would be pretty obvious.
You're making uninformed assumptions. My example was for a simple case, merely to illustrate.
Why don't you tell us exactly how many questions are in each section? What type of questions, T/F, multiple choice, etc. Any bonus questions, or bonus points available only when a question or score is achieved? Is there a time component? Is a "curve" applied above a certain percentile to differentiate between test takers? Any essay questions requiring subjective scoring?
"National Security is the chief cause of national insecurity." - Celine's First Law
Back in late 2009 and early 2010 I was scraping jail inmate registry records for Scott and Dakota County, MN. This was simply a script which incremented the ID numbers by one several times a day and put them out into a CSV. I uploaded these to Google Docs and had Docs Widgets build simple charts based on those data for a rolling ~6 month window of inmates.
As I started looking deeper into the data I started noticing I had ages lower than 18. Odd I thought but sure enough, Scott County was including their juvenile records in the data mixed with the adults even though it wasn't shown on their public website.
I contacted the County and they fixed the bug (you can read about that here: http://www.lazylightning.org/scott-county-quickly-fixes-juvenile-jail-roster-issue) but I was still surprised at the relative lack of security for juvenile records:
It's surprising how lax security is anywhere and to the poster elsewhere in this thread that said this is what you get when you outsource to India, this particular web stuff was not performed with outsourced talent so that comment was nothing short of asinine.
There are ranges where every integer is represented, other ranges where every other one is missing.
The real smoking gun is that several grades just below a passing grade appear to be promoted up to pass.
The results look to me like some sort of scaling. In fact, if you load up Gimp, take a photo and go into levels and compress the input levels, when you go back and look at the levels again the graph will look almost identical to what these marks graphs look like. It looks to me like the marks spread is being expanded and the algorithm isn't smooth.
Opening an unlocked window to a house you don't own or rent is "breaking and entering". There's a "Bait Car" show in the US where the police leave an open-door car on the street. They arrest anyone who open the door and takes anything. It's worse for those who drive the car away.
I can imagine "modifying GET parameters" is similar legally to an open car door. I am not an attorney.
the thing he seems most concerned about are that out of 200,000 or so students, there are many marks that were not received, especially in the middle sections of the grades. values like 81, 83, 85, etc. were earned by zero students while values like 80, 82, 84 were received by tons.
this seems absurdly easy to explain.
say students are graded on a 50-point scale, which is then doubled (eliminating half of all possible values), and then some kind of curve is applied, which bends some values into other-wise unattainable scores, especially at the uppermost and lowermost values, but shifts things a little in the middle too, so that things don't work out exactly that only even values are attainable or whatever. that would result in a similar-looking distribution.
his numbers DO show substantial evidence that people just below passing are being bumped up to passing grades. although again it's hard to know for sure without knowing how the exam is weighted.
i could live a little longer in this prison
Why would you expect a Poisson distribution?
... and a ticket for Paris...
Was I the only one reading the article thinking, "Finally, a developer from India that can think deeply about a problem without being told what to do, and then write software that works..."?
Peter predicted that you would "deliberately forget" creation 2000 years ago...
"Hacked" means "retrieved from a web server in the way they were intended to be retrieved." The fact the webserver was completely unsecured is, however, worrying.
"Widespread grade tampering" means "statistical evidence that the final grades are not the raw grades, but have been adjusted according to some system as yet unidentified." The nature of the adjustment is as yet unidentified - it could be nefarious, or is much more likely to be according to policy. Pretty much every school system in existence does this.
So the headline should really read, "Student stumbles across results on unsecured website and doesn't understand the grading system." It's not really news.
Slashdot - News for Nerds, Stuff that Matters, in ISO-8859-1 Has just realised that beta makes this signature redundant
Of course there is a perfectly reasonable explanation for it: The grades are deliberately manipulated to fit some preconceived distribution. Lots of school systems do it very openly. The only surprising there here is that either the school system didn't disclose that they do it or that some idiot wrote an article without checking first. I don't know which: TL;DR.
Slashdot - News for Nerds, Stuff that Matters, in ISO-8859-1 Has just realised that beta makes this signature redundant
oh please, people have been stuffing ballot boxes since voting was invented. computer systems aren't inherently any less secure than analog ones. go live in a shack in the woods if you hate progress so much.
i could live a little longer in this prison
1. Teachers have to ensure that their class marks have a certain average and median before they submit them. There can't be too many failures either.
2. Teachers know not to give a grade of 49 if the pass is 50 since the student will argue to get that missing point. If you want to be safer, just don't give out anything in the forties.
3. If a test gives letter grades, that equates to a particular number. A = 85, A- = 83, and so on. In that case, no one gets an 84, ever.
"We are here on Earth to fart around. Don't let anybody tell you any different!" -- Kurt Vonnegut
Are you trying to mock educational standards by pretending to be someone who failed statistics?
Poisson distributions have to do with frequency of repeatable events over time. You meant Gaussian or Normal distribution.
With typoes and various bugs so prevalent in web server software all over the world, it's unreasonable to postulate malicious intent for changing URLs.
the test results does not have to be a smooth curve, poisson or otherwise
for example there are 10 questions and you get a number of points if you answer a question right, or you get none if you do not. If the number of points you get for answering each of those questions are not the same, the curve will not look smooth and there will be gaps.
the jagged lines do not indicate cheating, at most poorly designed exam questions
Cheating and corruption in *India*?! No. Fucking. Way! I expect nothing less in the rape capital of the world. P.s. my wife is indian and I have first experience with how corrupt and vile that country is. From cops, to repairmen to government officials.
This reminds me of back before 2000, when a new grad was asked to write a simple website for businesses registering for GST in Australia. He used the same technique with no authentication on the URL. It wasn't a pleasant experience to turn up at a client site and be greeted by the question "Didn't your company build this website?" and to be shown the newspaper article. As the GST was highly political the Australian Federal Police (AFP) paid a visit to the office.
Actually it does mean you have permission to do so. It doesn't mean the owners meant to give you permission, however.
No, that's not what permission means, in law or even in regular usage.
Permission means that someone consciously intended to grant you access. It does not mean that they failed to deny you access.
You need to read TFA http://deedy.quora.com/Hacking-into-the-Indian-Education-System that should give you an idea of what the person in the article talks about with tampering data. Even with 1 question asked in the test, the score range should not be this ugly or the evaluation/grading method is not up to par. TLDR summary, it is statistically impossible to miss that "many" score points between 1~100 from this size of data.
On a side note, I am not sure whether the person is going to jail... I hope there won't be "mysteriously missing or injured" person because India culture is not a western culture...
That's Poisson process, which in turn provides a parameter for a Poisson distribution. A Poisson distribution can be used in other applications.
The author fails to take some things into account however, and Im not totally convinced because of the holes in his reasoning. For example:
One of the most common critiques of my theory was this - maybe there were questions with only 3 or 4 mark intervals in all subjects making certain marks mathematically unattainable. My counterargument? All numbers from 94 to 100 are attainable and have been attained. What does this mean? It means that increments of 1 to 6 are attainable. By extension, all numbers from 0 to 100 are achievable.... If 99 and 98 were definitely achievable with deductions of 1 and 2 respectively, this means one of two cases - there is a question A worth 1 mark that made 99 occur, and a question B worth 2 maks that made 98 occur, which meant getting A and B both wrong would mean 97 could occur.
Unless, of course, there are 2 1-point questions on the test, and all the rest are 4-point questions, in which case a 99, 98, and 96 would be attainable, but 97 would not. Perhaps the majority of questions were multi-part, worth multiple points, and getting a part wrong meant getting the whole wrong.
It definately looks wierd and he may be on to something, but you cant go from "I found some data, and I dont know if its all of the data or a subset, but man does it look wierd --> everyone must be cheating". The results are indeed odd but the number of assumptions this guy made was staggering. He apparently doesnt know that much about the test, nor about the website he pulled data from, or whether he got all of the data, or why the school codes are different depending on the test, or whether there might be non-sequential student IDs.... but he sure is ready to start doing statistical analysis.
Half of the problem is that Slashdot sucks at making non-hysterical headlines.
Because some people who scored high on the math actually deserve to be there.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Thats right, you use those ad hominems.
Unless it's not grade data but raw data. Everyone is ASSUMING it's final calculated scores.
Do not look at laser with remaining good eye.
So my first reaction was like most people, wondering what caused the staccato marks spread. But then I started asking, hey, isn't this stolen data? Sure the security sucked, but what efforts did he take to correct the problem or bring it to the proper attention before he announced to the entire whole world how anyone could steal personal information on hundreds of thousands of students? With detailed instructions.
This is at best unethical. Hopefully it's illegal in his jurisdiction.
Question: Are the harder questions the ones that can be given a fractional grade? If so, think about the implications.
Opening an unlocked window to a house you don't own or rent is "breaking and entering".
opening an unlocked to a house you don't own if it is unlocked in the vast majority of places is not breaking and entering. breaking and entering usually requires bypassing some kind of security system.
If after you have opened said window it is trespassing. In many places with civil trespass laws you could jump though an unlocked window and so long as you didn't steal or try to steal anything physical you would be guilty of no crime.
There's a "Bait Car" show in the US where the police leave an open-door car on the street. They arrest anyone who open the door and takes anything. It's worse for those who drive the car away.
In this case the offence is theft. Not getting into the car
IANAL, but there are cases being prosecuted for violating Computer Fraud and Abuse Act for "exceeding authorized access".
In the eyes of the prosecutors, "exceeding authorized access" = "unauthorized access" = "hacking".
New Economic Perspectives
You're lucky that they responded appropriately by calling you and fixing the problem.
The usual response is to accuse you of being a terrorist/hacker/anarchist/etc. and try to put you in jail.
I don't read your sig. Why are you reading mine?
Unlike here in the US, a student's career can break based on one final exam in a year. There is no aggregation of marks from small tests, discussions, assignments, etc. like in a college here. If a student has a flu, he is forced to attend and scribble something on a paper. Examiners become human and think that it would cause injustice if someone has to fail with marks of 32,33,34. They therefore bump it up. Also, there are certain marks which can immediately trigger a revaluation; too many revaluations could put the examiner at risk. Overall, they just want to say if a person made it out of school and if they were top grade, medium, bottom or did not make it out of school at all. At that, they do their jobs justly. Even if a student scores top marks, he will anyway have to settle for a job less than the top, given the nepotism in the job market there.
Their culture consist entirely of fraud and deceit, I haven't seen a good one except those running 7-11s. Most of those I see in graduate school cheat their way through it. Same with H1-Bs. They are unwilling to learn new stuff, just to show up, get the cheque, and hope some white girl will have sex and marry them, and get a green card that way. Their skin color tells you there are no difference between them and the ni66ers There is an old saying, "Kiss my ass I'm Indian, my ass smells like curry!"
"Kiss my ass I'm Indian, my ass smells like curry!"
This makes my day!
For those who dont read TFA ... why is there an expectation that the results should have been secured ? The results are posted on dead tree on all school notice boards. You could go around each of those school, and gathered the same data. ...I dont given an eff
1. Kid figures out query params and post fileds in http
2. Kid mines data from a public web server to get publicly available information.
3. Kid "analyzes" data statiscally, finds a pattern to grading
4. Kid dubs it tampering. (Tampering would be if the evaluators grading were to be replaced with something else. )
5. Tech dumb media latches onto the story, makes a celebrity out of a kid scraping data off a website.
6. Education agency is pissed off for really no fault of theirs. I mean
Where is the effing breach Potential Consequences:
Agency lodges police complaint based on media reports (India has overbroad cyber crime laws, people have been arrested for making anti gov remarks on facebook)
Kid gets arrested when he land in India in the summer vacation
Kid asked to surrender passport till the court decides on the case
Case drags for years
Kid screwed
Slashdot : news from half assed unverified sources, stuff that
"There are missing scores (from 1-100) "
Without knowing how many questions are given in each section, and how they're scored, that's not possible to say. The set of possible scores doesn't necessarily include every value from 1-100.
If there are 30 questions in a section, and it's scored on a straight percentage basis, you're going to see discrete peaks every 3.33%, and nothing in between. Gosh, just like on the graphs.
That doesn't explain the odd overall distributions, however.
94-100 or so were attainable. there's an entire paragraph devoted to how it can't be that the questions had such a scoring system which made certain numbers unattainable.
scores leading to the cut off point at bottom end were not attainable. the tampering is that everyone under a certain score by certain amount were upgraded to the passing grade.
now there wouldn't be a problem if the passing grade was supposed to be -4 of what it is. the baffling thing is that it seems that EVERY FUCKING AUDITOR in the system was doing this! so one way it's not fair but on the other hand, meh. (it's actually unfair to the people who got just the passing grade on their own)
world was created 5 seconds before this post as it is.
I'm randomly opening comments, just to put you in the know, the entire paper is subjective. We barely have any truly objective questions in this grade 10/12 board examinations.
I don't understand the fuss about it at all, it's just silly.
Why don't you just read the fucking article instead of trying to come up with your own wackjob explanation? He quite clearly explains it:
One of the most common critiques of my theory was this - maybe there were questions with only 3 or 4 mark intervals in all subjects making certain marks mathematically unattainable. My counterargument? All numbers from 94 to 100 are attainable and have been attained. What does this mean? It means that increments of 1 to 6 are attainable. By extension, all numbers from 0 to 100 are achievable.
Let me give you an example. If 99 and 98 were definitely achievable with deductions of 1 and 2 respectively, this means one of two cases - there is a question A worth 1 mark that made 99 occur, and a question B worth 2 maks that made 98 occur, which meant getting A and B both wrong would mean 97 could occur. Case 2 - Question A was worth 1 mark, and question B was worth 1 mark too. The 99 got A wrong, and the 98 got A and B wrong. By this logic, if 97 were not possible, it would mean that there is no other question of 1 mark in the examination or that nobody got a 2 point question wrong and question A or B.
Basically, because 99, 98 and 97 were all attained, then any increment of 1, 2 or 3 points should be possible. The fact that nobody got 80% in any subject in the entire country points to widespread tampering.
Help I am stuck in a signature factory!
Such a test would resemble dumb Facebook games:
Achievement unlocked: clicked mouse.
Achievement unlocked: typed your name.
BONUS Achievement unlocked: +5 points. Buy more with your credit card!
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
Yes, extremely lucky. I wouldn't trifle with law enforcement folks like that. They seem to have a hair trigger sometimes, and not always with their guns. Especially if embarrassed publicly. I'm glad you didn't go to the media. You would likely be in the selfsame list of offenders now, if you had.
All the exam papers are hand corrected and manually totaled. During the grading process, the graders tend to give marks which total to an even number. For example, say the total up until the previous question is 23. Then if the next question is for 6 marks, the grader might assign 5 marks for that answer to get the total so far to 28. Mental arithmetic of even numbers is easier and this saves the grader from going over two passes to obtain the total at the end. All of these several hundred thousand papers are manually graded between the end of exams in April and the declaration of results in June.
The graders only work with a roll number and school number so they have no information about the identity of the student when grading. This has nothing to do with the caste system as some people here are suggesting. The identity of the student is matched with the roll number *after* the papers are graded.
The examples in parent post are wrong.
"Breaking and entering" requires physical trespass. There is no trespass involved when using the GET method, which is part of a standard and open protocol, to request a web page, which in this case is unencrypted and easily read by anyone who asks for it.
The "bait car" analogy fails miserably. There is no property theft involved in what was described by TFA since nobody was deprived of use of anything. In the general case, "intellectual property" is not physical property and courts need to recognize the differences.
If anyone needs a physical analog of what this fellow has done, it is like this:
Imagine that for reasons unknown, the New York City Board of Education recorded the student ids and test scores as graffiti on all the park benches in Central Park. Where any passer-by could read them. Each student was directed to the bench where their data was recorded (in indelible magic marker), and the BoE patted itself on the back for having found a way to make use of all those benches. Then this guy comes along and develops an efficient way to go from bench to bench to bench... Data on the Internet, accessible without any protection to anyone who had or could construct the URL, is as freely available as any graffiti written on a park bench.
Questions should begin with why the India agency responsible for handling this data put up these web pages without involving anyone who had a year or more of training in information management techniques. They certainly had persons on staff who would have avoided making the JavaScript so readily accessible, and there should have been some kind of password scheme so that only the student would be able to access his own scores. Why were their in house experts not involved? It is as if those who were delegated to build the web site did not want to involve anyone who knew enough about data management that they would become suspicious about it being manipulated.
I think there is more than enough evidence here that something is very corrupt in the India education system. Even if the data obtained had not been so obviously altered, the grossly amateur handling of highly personal information stinks to high heaven.
Will
Raw data - unscaled, unaltered by any postprocessing - is more likely to have no holes than some sort of screwy post-processed score set.
Contribute to civilization: ari.aynrand.org/donate
People from over there are inherently fucking stupid. And they like to gang rape women. They have a lot of problems.
Source: Working with outsourced laborers in India and the daily news.
Actually it does mean you have permission to do so. It doesn't mean the owners meant to give you permission, however.
That's why you need to be a lawyer to understand this. It's possible that for a given State or Federal law that the owner's intent is what's important, not their implementation. And the intent of the defendant is also a factor.
So, if the owner intended the site to be secure, and the defendant intended to break that security, the actual security might be irrelevant.
IANAL, YMMV, talk to a lawyer in your own state for specifics.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
Kinda like yours, except that you likely know even less about the test than he does.
Half of the problem is that Slashdot sucks at making non-hysterical headlines.
The other half is that statistics is about forcing data to match your goals not extracting results from the data...
ick.
i could live a little longer in this prison
It is well known - if you are on verge of passing the grader will give you couple of marks to pass you. This doesn't mean "tampering" - "oh it is corruption" - "lower castes got discriminated" - "what ever other BS!" ... roll numbers ensure no one knows the caste, color, creeed, gender etc.!
The kiddie scripter didn't understand the grading systems and barely understands statistics!
If this had happened in the usa i would assume some juniior intern from india had set up the system. However as it is from India i would think they use their best and brightest for everything (as opposed to exporting them).
"Kiss me, I'm Irish" is also considered racist too.
My conclusion was that they rounded the grades to certain points. I'm not sure where he got the inference of malice or tampering, other than bumping failing grades up, which isn't exactly malicious (though probably unfair).
Never attribute to malice that which can be explained by stupidity... or policy.
Also, I give this guy a couple of days, a week max, before he's in jail for quite a while.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
What do you mean by integer rounded? His graphs are of score on the x and # of that score on the y. Both his axes are integer values. Do you mean it's possible the test had fractional scores and he (or the scorers) rounded them in the analysis? Otherwise I don't understand your point.
I guess he strikes where he hurts you the most hahahaha
Time to ban political correctness and bring back logical reasoning.
For example there are 6 questions on a test, each would be worth 16.66%, but the total grade must be integer rounded to something like 67%. Some integers will not be available and some maybe arbitrarily rounded up or down.
computer voting IS inherently less secure than paper voting. Paper can have watermarks, fingerprints, ink chemical analysis- it is usually possible to tell a fake ballot from a real one. An electronic ballot, you just can't tell. 2- it takes a lot of people to stuff thousands of ballot boxes with paper, and the more people who know what you're doing the more chance someone will talk. It only takes 1 programmer or cracker and your e-voting system is compromised. 3- paper ballots don't change who you voted for when you put them in the ballot box. If you load your exploit code into ram on the voting computer then a single power cycle and it's gone. 4- you can see how paper voting works, and all the voters can understand the process. With e-voting the majority of the voters have no choice but to trust you. The reason democracy is more stable than other governments is because the people trust the system not to cheat them. They can get bad things changed without a revolution. If you take away that trust then the people will revolt, and e-voting isn't provably trustworthy.
You keep using that word. I do not think it means what you think it means.
Please provide scientific/mathematical proof of your statement.
5. I want a recount. With paper, that is possible.
Poisson distributions are found over non-time intervals as well.
.: Semper Absurda
If this had happened in the usa
Something very similar to this did happen in the USA, from some time in the 1980s until around 1995. It involved a government forestry agency, and the database they had to track logging, replanting, spraying, road building, and other commercial forest management activities.
I became involved about 1993 when I was hired by an eco-activist group who had used FOIA to obtain a digital copy of a detail report of the entire forestry database for the region. My task was to develop one-off perl scripts to extract the data from the report format and build a Paradox database that could be queried to see if the forestry records indicated any violations of the laws to protect spotted owl habitat. This was straightforward work: as I recall the hardest part was staying awake when doing the validation cross-checking. (I also dislike reconciling my checking account with the bank statement.)
But what I discovered was that the forestry database was full of crap. You cannot harvest a 20 year old stand of timber from a parcel that had been clear cut just three years earlier; you cannot harvest anything from a parcel before the access road to it is completed. A big portion of the database lacked self-consistency. Years later, I learned that the consultant that the forestry agency had hired to develop and maintain the database had been convicted of fraud, and that there had been a shake-up in the management of that agency. (Since the database records were crap, the eco-activists chose not use it in their spotted owl fight. Instead a new, and appropriate, attack on the managerial competency of the forestry agency was launched, I believe by persuading one of the State Representatives to demand an investigation.)
I do not think that computer fraud on this scale is likely to happen in the USA now, because I think every manager of any kind of any large government database is well aware that he needs to cover his ass by having his stuff validated by Information Management. However the news indicates this kind of fraud is happening in some small towns, and some of the smaller departments of cities-- places where there is still no easy access to information management professionals, where decisions involving database management have to be made by persons without a background in the subject.
Will
He's at Cornell University, that doesn't discount the possibility of jail time but it does pretty much eliminate the rendition aspect (he didn't piss of the US government afterall).
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
No, the writer of the article is a 20 year old Cornell university student. Said so, right in the article. Heck is even says in the summary he's an Indian college student. Also, whoosh, the guy you replied to was talking about the coding of the website that was scraped, not the coding the writer of the article did.
India culture is not a western culture
Kid lives in Ithaca, NY.
By the way, it's an absurd (and easily falsified) contention that there are no political prisoners or retributive law enforcement actions in Western countries.
.: Semper Absurda
hacking in the eyes of the law but not show much in a tech way.
It is very clear that Debragh is not looking at 'raw' test scores. It is clear that some scaling has bene applied. the raw test scores might have been integers between 0 and 60. Each of these scores is 'mapped' to a new scale that goes up to 100. The mapping is not linear.It may be that a 60 maps to a 100, a 59 maps to a 99, a 58 maps to a 98, and a 57 maps to a 96. That would produce the gaps. the raw test scores would not produce a bell curve either. If it a a multiple choice test, the low end will be skewed by random guessing. It is also possible that differnet school district encourage different groups of students to take certain tests. Very often, raw scores are mapped to a bell curve, raw test scores sledom look anythnig like a bell curve. Think about that. If you are takng the ACT, the differencve between a 36 and a 35 might be missing a single question. However, the difference between a 21 and a 20 might be missing 2 or 3 questiosn.
Uless you can some that they scaling was applied unfairly, that some student's tests scores were adjusteed up and other were not, there is really no indication that there was any wrong doing.
It should scare you because Terms of Service violations are now Federal crimes. According to the government's reasoning, you could be prosecuted for using a fake name on Google+.
Screen Scraping Is Not A Crime!
.: Semper Absurda
I think if you ask most people in India what is the biggest thing holding them back as a nation, they will answer, "corruption." Bribes and kick-backs are expected for everyday transactions, and many things like diplomas are simply for sale. I've talked to some very bright, educated, hard working young Indians who are really angry about the situation because they end up competing with lazy rich kids who's parents just bought them their diplomas. It removes the incentive to work hard in school.
And that's why "the law" ought to get educated about how computers actually work.
.: Semper Absurda
Not necessarily. The questions do not all have 1 point for correct answer. The exam is not multiple choice, it is written. It is difficult for anybody to write answers to a 100 questions in an exam (It is 2 -2.5 hours http://www.cisce.org/notice_doc/55Time-Table-ICSE-2013-Examination.pdf) . So there is mostly only about 20 questions in the exam. This means that there are only a limited number of possible scores you can get in the exam. It is a bit like summing up tennis scores - you will only get multiples of 5 for totals because the scores are all 0,15,30 and 40.
If you are still not convinced, generate random integers from 1-20 in excel.Multiply them by 5 and plot it. You will notice that you have a distribution from 0 - 100, but it is very jagged.
Then there is the fact that the same examiner reads the entire paper, rather than this being split up question-wise. By the time an examiner gets to the end of a paper, the examiner is biased towards thinking the student is good or bad ( Dan Ariely explains it is detail http://danariely.com/tag/the-honest-truth-about-dishonesty/) , so it biases all his scoring for later questions. They are also likely to round up some scores which are border line passes.
http://slashdot.org/submission/1062723/Cheap-mobile-data-plan?art_pos=2
All numbers from 94 to 100 are attainable and have been attained.
These scores are what universities use for admissions. Universities care far more about the difference between the top 1%, 2%, and 3% than the difference between the 78%,79%, and 80%.
The distribution has obviously been normalized from a different scale...the aliasing artifacts are a dead giveaway, but it also appears that they increased the sampling resolution for the top 5%. This is perfectly acceptable, and is not evidence of tampering.
Correct; typical example could come from counting, then plotting, discrete data. Number of children in a family, doors on a car...
Note that whilst you might expect a normal distribution, with events (exam results) distributed evenly but randomly about the mean, the fact the the guy found something that certainly looks non-normal, (he did not do normality tests, but having looked at his results, I don't think he needed to), does not itself prove that the results were altered.
Imagine a 'perfect' exam, where the expected (average) result for the student population was 50 out of 100, or 50%
Now imagine an (equally unlikely) 'perfect' candidate population.
If you plotted the exam results, you could expect the population to be centered on a mean result of 50, with half the scores higher, half lower.
If you had a (really getting unlikely now) 'perfect' education system, there would be a low standard deviation in your data, let's say 2%
If the results could be modelled with the Gauss curve, then 99.73% of your distribution would be at +/- 3 sigma (standard deviations) from the mean.
So lowest expected score of 50-2*3=46, with highest of 56.
Of course, candidate abilities could be much more varied than this, so sigma could be anything...5%, 10%
Anyway, getting to the point, if the mean of a what you *might* be expecting to be a Gauss / Normal curve is shifted sufficiently towards a 'hard' limit, (in our example, you cannot score less than 0%, or more than 100%, so both are 'hard' limits, or 'boundaries'), then the data (example results) do tend naturally to 'pile up' against the limit. (Think of a snow plough pushing snow aganist a wall - it's go nowhere to go, except up).
Thus you get a non-normal distribution, (typically better modelled with a lognormal or Weibull curve, not Poisson).
But WHAT can cause the mean to shift? For this example:
- Either the exam is "too easy", or
- The students are all very good (yeah, same thing,really), or
- The marking system is biased.
I'll leave you to draw your own conclusions on that one, but I've personally found that in India, (as in other places, including the USA), a little cash can go a long way...
But that was not the most compelling evidence of bias; that would be the very strange 'missing' data points, (especially close to critical scores such as the 35 pass. /endoldstatsbore
Unless it's not grade data but raw data. Everyone is ASSUMING it's final calculated scores.
From the description of how the data were obtained, you can see that it is the data from which the Exam Results web page delivers the final calculated scores.
The Internet is designed to be open by default. It's not like a house because most people wouldn't want you walking into their house without their explicit permission. Websites are different, and if you make it trivially easy to access a certain web page that you didn't want people to access, that's your problem.
Does anyone else notice that odd numbers seem to be the ones skipped to create that jagged graph? Perhaps below a certain threshold (95 by appearances) they simply round up to the nearest even number for some reason? I'd be interested to see those charts re-rendered for even numbers only.
The notes about how skewed some of the bell curves are actually raises more questions about the test than the grading to me. A perfectly even bell curve seems like it would only appear if the test was full of equally difficult questions worth the same number of points. If instead there are a large number of easy, valuable questions and a small number of very difficult low-value questions I'd expect to see a charts like these: ones that rise towards that "easy" point total, and then drop off sharply at the range earned for those last few very hard questions.
Also as many people have said: I'm not surprised to see a "grace" gap just below the failure mark; it seems like the kind of thing most colleges would do to avoid debates about grades and ensure they don't fail someone based on a single unlucky error or math mistake. The way they're doing it, anyone who fails fails by a LOT, making debate unlikely.
In India Less than full credit can be given. A 2 point question might only receive .5 credit. There are many scores possible. Also, each subject has a different format for the number of points. Some have more 2 point answers for example.
1. Why were the top scores normal? (possibly not altered?)
Because these people stand out.
In such a competitive system of exams the highest scorers are publicly praised.
"- Who got the best scores in our school?"
"- She was the best in our city."
Local tv station will have an interview with the best scorers in the county/municipality.
National tv stations will make a reportage with the best students, in the whole country.
So...
You can not have a student that would normally score 75, having scored 94.
Then everyone in his school would go..."Are you kidding me?"
People would see that there is foul play there...
2 Security breaking
There was no security breaking, because there was no security.
You put stuff on the internet so as to make them public... not hide them.
If he broke the law, then everyone who uses wget is also braking the law.
Then Google, Yahoo and everyone who uses a web crawler would be braking the law.
Here is an exam http://www.respaper.com/icse/410/4402-pdf.html .It is a combination of questions with 3 points and questions with 4.
Also there is no half points in the exam, if you look at the chart attached to the slashdot article, no one got a half point.
http://slashdot.org/submission/1062723/Cheap-mobile-data-plan?art_pos=2
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Look at MERS and the mortgage industry in the US. It was illegal in most States and it was still used, despite it's inaccuracy.
Marks Questions
1 A trivial problem.
2 2 Easy problems A1-A2.
12 6 Easy problems B1-B6.
18 6 Easy problems C1-C6.
18 6 Tough problems D1-D6.
42 7 Tough problems E1-E7.
7 The toughest. problem.
Now this doesn't even make sense. Why in the world should the law change on this point?
You want every security bug or configuration error to grant the legal right to access data?
his numbers DO show substantial evidence that people just below passing are being bumped up to passing grades. although again it's hard to know for sure without knowing how the exam is weighted.
Testing is just like any other form of measurement. There are inherent uncertainties in every measurement scheme so you need to account for them.
I don't think many folks understand the CBSE marking scheme (I sure don't), but as I understand the basics, on some test sections (like math) there are a certain number of "1" point questions, a certain number of "4" point questions and a certain number of "6" point questions. People that score near the top of the range might miss a random smattering of "1" point questions, but for the "6" point questions, you apparently have a "choice" of answering a few different questions (presumably you would pick the one that you have the most confidence in) so you probably get them or not. The disparate points/question and the fact that you get to pick some questions might be able to explain the gaps in certain scores (to get a lower score, you likely need to miss some "6" point questions providing more quantization than missing a "1" point question). It seems to me quite likely that certain scores are highly unlikely or even unatainable.
OR, perhaps the during test reporting, the powers that be decide to give everyone the benefit of the doubt by rounding them up so that nobody misses an arbitrary cut-off by just 1 or 2 points... In the USA, you might even call this type of measure a defensive manuver (to avoid the inevitable numerous lawsuits from angry parents)...
Hard to say w/o knowing more details about the the specifics (for those interested you can find out yourself about the strange scoring system here on the CBSE website http://cbse.gov.in/welcome.htm)
It's the scores that were being posted for students. He only found the way to leak everybody's scores because he was trying to get a friend's scores early, but was unable to do so. The data he got is the data that became available when the final scores were posted.
There's no place I could be, since I've found Serenity...
Possibilities:
- There is a national cheating conspiracy ...or....
- The test score is not based on assigning a value to each question and adding up those values.
For example, the test could simply be scored as such:
All answers correct: Score 100
Miss one question: Score 99
Miss two questions: 98
Three questions: 97
Four: 96
Five: 94
Six: 92
etc etc
Miss 20 questions: 35
Miss 21 questions: 31
etc etc.
The author makes the ASSUMPTION that the score of the test must be the sum of the value of the questions answered correctly. There is no basis for that assumption. The fact that certain values are not present, and the values 34, 33 and 32 are not present, are likely by design (i.e. don't make people feel like they just missed passing.)
All the author has shown is that India is apparently doing a very poor job teaching critical thinking skills (as evidenced by the author's inability to exercise critical thinking skills.)
paintball
there's an entire paragraph devoted to how it can't be that the questions had such a scoring system which made certain numbers unattainable.
And that entire paragraph is wrong.
Example: Any scoring system where the final test score earned is NOT the sum of point values for each question.
paintball
Did you notice that the exam you linked has a 110 points worth of questions?
Obviously the test score earned is not merely the sum of the value of the questions answered correctly.
paintball
[] his observations might have been the result of standardizing the test scores... IE if you have a test that only scores 50 max and you scale it to 100 obviously you aren't going to have many odd numbers in the results.
He points out that in some of the tests all scores of 94-100 inclusive were obtained, so it's not a case of leaving out odds or a regularly-spaced set of numbers based on a simple scaling up/down.
If you have a maximum score of 53 you might chose a mapping function like this:
(rawscore 48) ? (rawscore * 2) : (rawscore + 47). That gives you a non-linear mapping with the slope cut in half for a small interval on the right side. The "can get steps of one and two" on the top mean nothing about what you can get below the knee when the mapping is non-linear.
Similar mappings can end up with both ends smooth and only the middle spiky.
Why do that? So you only get ONE discontinuity in the data, near the top, rather than one point of roundoff noising up the spacing and comparisons between students all through it.
A skewed distribution is hardly surprising, especially when the bulk of the measurements are near one end of a finite numbering system. Further, the non-linear mapping above would make the downslope on the right hand side shallower by a 2:1 ratio, exactly what you see. A distribution skewed toward the high end also argues for using a mapping like the one above - to spread out the pile of high-scoring students and make differences in score less divergent from differences in percentile rank.
The deficits just below passing scores and the spikes at them, however, are just bogus. The only "mapping" that can reasonably explain them is the "courtesy points" shoveling of just-failing students into just-passing. However, this can be explained as mercy being built into the mapping. (It can also be explained as protecting just-passing students from being unfairly pushed into the just-failing region due to a center-spreading, hump-flattening, non-linear mapping applied as a convenience for admissions officers.) The total absence of scores just below the fail point says it's not favoritism or individual corruption, but a systematic benefit given to all just-failing students.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
"Now this doesn't even make sense."
Yes, it does. When you in real world put a door in a mall, with a big "WELCOME" sign at the top, then you can't argue you didn't allow in some explicit person unless you explicitly tell him he's not welcome.
Well, that's exactly what a website is in Internet world: you just can't say that I'm not allowed to enter http://www.example.com/data?tell=me&your=secrets post-facto, because it's a very valid entry point to an explicitly public place.
Law-makers should understand this. Well, law-makers do in fact know this. And they don't give a damn.
"It's possible that for a given State or Federal law that the owner's intent is what's important, not their implementation. And the intent of the defendant is also a factor."
You told it. It's a factor. Due diligence is a factor too. Failing to protect something that it's easily writable in any browser pointing to an already known for both sides to be a public place shouldn't have to be consider due diligence in any sensible legal system.
See it's not really like that though.
All security can be broken; A door can be bashed in, or even left unlocked by accident. In both the cases the crime of entering an area for which you are not authorised is the same. Except that if you bash in the door they'll probably get you for criminal damage too.
The idea that as soon as you're talking about the internet, anything you can do should be legal, is a bit strange. If faced with a login screen, behind which javascript implements completely inadequate security, do you think it should be any more legal to break that security just because it was weak? Stealing money that's sitting poking out of someone's bag while they're not looking is still stealing, even though the 'security' was all but non-existent.
Actually the usual response is to put you in jail, then accuse you of being a terrorist/hacker/anarchist/etc.
...recorded the student ids and test scores as graffiti on all the park benches in Central Park.
I thought of a better analogy:
You send the board a letter with a request to get grades, the agency server sends back a letter containing grades. He just sent letters on behalf of every graduating student in India, and the agency sent replies, completely voluntarily and without bothering to check his identity.
I think if this can be explained in a court, modifying URL will no longer be treated as any sort of illegal criminal act.
"The idea that as soon as you're talking about the internet, anything you can do should be legal, is a bit strange."
Did I say that "anything I can do [on Internet] should be legal"? No, did I?
"If faced with a login screen, behind which javascript implements completely inadequate security..."
For a starter, since you talk about trespassing, that javascript code is in *my* premises, downloaded to *my* PC and sent to *my* browser, and then, only *after* I politely asked to the server to send me what it sees fit.
Now again, if I politely salute a server with http://www.example.com/data?tell=me&your=secrets why should I be responsible for what the server, not me, decided to send back to me? Do you really consider burglary if I politely ask you to give me a grand and then you give me a grand?
And finally, what do you think that funny "www" in the begining means? It means "World Wide [Web]". So you put something reachable by the world at wide, explicitly meant to be reached by the world at wide and still you think no level of due diligence should be requested before throwing criminal charges to other people?
"Stealing money that's sitting poking out of someone's bag while they're not looking is still stealing"
I see you don't understand... there's no way I can unadvertidly poke something out of a web server: I need to *request* the server, and the server then answer my request the way it sees fit.
Corruption in India, who would have thunk!
http://cpi.transparency.org/cpi2012/results/#myAnchor1
To bad even the /. summary calls him a hacker..
Hivemind harvest in progress..
Indians are morally corrupt by birth (Caste system) for the past 3000 years.
Google "Companies ruined or almost ruined by forward caste"
Google "90% of corrupt money is with forward caste people".
Casteism
As I have no mod points to give, I'll just say THANK YOU for the fascinating post!
I'm not.
All too often I get candidates who just don't know anything despite having the qualifications - at least on paper - yet can't answer the basic questions. It's got to the point where I just ban certain (types of) schools from even reaching the interview stage.
Founder & COO, Hayai India (hayai.in) / USA (hayaibroadband.com)
In my 12th (that's high school final exam for US folks) ISC exam there was so much cheating in exam halls, some people had gotten mini-xeroxed books, i myself shamelessly copied the entire biology and chemistry paper from the dude sitting towards my left (2 feet away), during the last 15 minutes of paper collection the copying goes mass and EVERYONE starts comparing and correcting and filling the missing answers by asking all those around who can answer. This is what happens at a "good" school. I can't even imagine what happens in the rural hinterlands of Bihar where students stick the question paper on their desk with a knife. Yes Indians are very corrupt. From childhood itself we build up a tolerance for corruption. I hate it, but maybe it will change. Even in Counterstrike servers there is always a hacker/waller in every public server. Yesterday i was thinking what if there was a Global Political Party of below 40 anarchists, maybe called the Anonymous Party. They'd have Blackwater security top-grade military guard and secure funding through global crowfunding on Kickstarter. They would remain anonymous all the way till the day they get elected and have to go sit in the official chair. They make sweeping changes whereever they come in power. More countries wake up to this alternative, everyone wants to somehow change the government in their country be it India, or USA or China or whichever country. This Global Political Party, known in every country, can do that. You gotta beat them at their own game of votes.
(1) Considering that for most students this is an important selection test, for which many students prepare single mindedly for at least an year,I wasn't surprised when the marks fall into a bi-modal pattern. I mean where people are programmed to study the same subjects in these mass teaching shops, you would expect this type of pattern.
This bears out the experience I had with a school in South India about 14 years back (when my son was a 12th grader and I helped his school analyses the results). Most marks were in the 90% bracket and a few in the 50% bracket (just pass). The 90% people are mostly well settled engineers, bankers, chartered accountants etc.
(2) Secondly, ICSE ties up with most major newspapers and news sites to publish/link to a published copy of the web pages. CISCSE doesn't give direct access to their database and Mr. Debarghya Das (the hacker) has apparently looked at one such web site. This was in the electronic news in India yesterday.So while CICSE may claim that nothing really was hacked, they have been casual and careless in allowing easy access to everyone's marks.
PS: I am from India.
OK
"Judge, I merely clicked into the address bar to enter a search term like I always do, but this time it changed just one 'Query String' parameter value to the term I type in, and presto. Sorry Judge I didn't realize it was possible to hack websites while performing a web search, next time I shall turn on safe searching,"
Just because the questions are assigned those values doesn't mean that the final result is the sum of the points. For example, somewhere here someone linked to a test where the total possible points was 110. So it's pretty obvious that final test score is NOT just the sum of the points earned on the questions, since no one gets a score higher than 100.
paintball