Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Exposes Evidence of Widespread Grade Tampering In India

Posted by timothy on from the something's-fishy dept.

Okian Warrior writes "Hackaday has a fascinating story about Indian college student Debarghya Das: 'The ISC national examination, taken by 65,000 12th graders in India, is vitally important for each student's future: a few points determines which university will accept you and which will reject you. One of [Debraghya]'s friends asked if it was possible to see ISC grades before they were posted. [Debraghya] was able to download the exam records of nearly every student that took the test. Looking at the data, he also found evidence these grades were changed on a massive scale."

2 of 304 comments (clear)

  1. Or just buy degree by anvilmark · · Score: 5, Interesting

    Nothing I hear about education fraud in India surprises me since one of my Indian coworkers explained how people "buy" degrees from Indian universities.
    University employees can be bribed to create the records for an entire curriculum, spanning multiple years of attendance. This record is indistinguishable from a valid one and generates a real diploma. The University will confirm education because "it's in the system".
    I think he said it cost about $3000 USD or so for a Masters degree.

  2. Re:not even hacking just URL typing with fixed ID by garcia · · Score: 5, Interesting

    Back in late 2009 and early 2010 I was scraping jail inmate registry records for Scott and Dakota County, MN. This was simply a script which incremented the ID numbers by one several times a day and put them out into a CSV. I uploaded these to Google Docs and had Docs Widgets build simple charts based on those data for a rolling ~6 month window of inmates.

    As I started looking deeper into the data I started noticing I had ages lower than 18. Odd I thought but sure enough, Scott County was including their juvenile records in the data mixed with the adults even though it wasn't shown on their public website.

    I contacted the County and they fixed the bug (you can read about that here: http://www.lazylightning.org/scott-county-quickly-fixes-juvenile-jail-roster-issue) but I was still surprised at the relative lack of security for juvenile records:

    Within mere minutes of my e-mail they were on the phone with me and informed me they closed the hole. After mentioning that the only way someone may have been able to retrieve a juvenile record is if they âoeguessedâ the booking number, I replied that the booking numbers are sequential and thus âoeguessingâ is as simple as incrementing by 1. After our short discussion they asked me to let them know immediately if I noticed anything else with their data and the call was ended.

    It's surprising how lax security is anywhere and to the poster elsewhere in this thread that said this is what you get when you outsource to India, this particular web stuff was not performed with outsourced talent so that comment was nothing short of asinine.