Slashdot Mirror
Student Expelled After Using Hardware Keylogger to Hack School, Change Grades (bleepingcomputer.com)
Catalin Cimpanu, writing for BleepingComputer: Kansas University (KU) officials have expelled a student for installing a hardware keylogger and using the data acquired from the device to hack into the school's grading system and chang his grades. KU did not release the student's name to the public, but they said the keystroke logging device had been installed on one of the computers in its lecture halls. The student used data collected from the device to change F grades into A grades. Professors said the incident would not have been noticed if the student didn't get greedy about modifications. The hardware device the student used was a run-of-the-mill hardware keylogger that anyone can buy on Amazon or eBay for prices as low as $20. Speaking to local media, various KU professors said they hope not to see any copycats in the near future.
Pretty much yes. It's like stealing a motorcycle: if you grab a unique sports bike and ride it like all hell to the chop shop, the police are coming to get you; if you grab a Kawasaki 650, there's thousands of them out on the street, and nobody notices unless you drive like a nut.
I'm not worried about anyone stealing my Zero SR when I get it.
Support my political activism on Patreon.
I went to college in the late 1980's
I was going for a CS degree but had to take electives. One elective class I took was chemistry. To make a long story short, I was going to school in the day and had a full time job in the evening. I let the chemistry class slide as I concentrated on programming classes.
At the end of the semester 50% of the grade for the chemistry class was based off of the final exam which was to be taken on the schools computer in the computer lab, where I spent most of my weekends anyway. The test was on Commodore 64's.
The test was 200 multiple choice questions and timed for only 2 hours. I fumbled around on the first 50 question for the first hour. Knowing I would never complete the test in time, I decided to cheat. I knew the break sequence of the commodore and set about to change the basic program. Well, in commodores you could lock the execution memory from any change.
So, I found where the memory location was for the number correct and the number of the next question. I changed the memory location for number correct to 198 and the number of the next question to 200. I hung out reading my chemistry notes for the next 50 minutes and then typed in "run" and pressed enter.
A screen popped up saying that I had completed the test in 1 hour and 50 some odd minutes with 198 correct out of 200.
I passed the class with a 70.
Armatures these days....
Nathan
Or what we didn't hear about is the other student who framed him. Changing your own grade is very risky. Changing someone's grades you don't like. That's not risky at all.
It wasn't necessarily a professor's account that got compromised from the lecture hall.
If it's like most places, there's a computer at the lectern in the lecture hall that is used to drive a large display/projector screen. Those things require constant support, and a keylogger would soon pick up the login of some IT support person. And even if that support person had no access to the grading system servers, the account could be used to compromise other computers of people with higher access.
It's a classic move. Put a keylogger on a user's PC, then damage it in some way that will require a visit from desktop support who will no doubt have local admin access. In many places, once you have an account and password with local admin rights for one desktop computer, you have access to them all.
I was right there with you until this part:
Well, in commodores you could lock the execution memory from any change.
Plausibility went rapidly downhill from there.
You'd be how easy it can be to get a teacher's password.
Back when I lived in the US and was in high school, the school offered an introductory course to programming in Basic. I already knew how to program, so I spent the course primarily either writing games or espionage tools ;) One of my favourite was a program that mimicked the DOS prompt (including most common commands), waited for them to run what they thought was the logon program, wrote out the username and password to a file, reported that the password was wrong, logged out of my account and put them back in the real DOS shell - wherein they'd log in normally and everything was fine. I'd usually leave it running on a couple random classroom computers whenever I left. By the end of the year, not only did I have most student passwords, but the password of my teacher and a different one.
Did I use it to change assignments? Alter grades? Vandalize the network? No no no, of course not. Rather, my final project was an overly elaborate demo, which had many different scenes (things like me walking around shooting lightning bolts and other similar nonsense). One scene was a stereogram generator. The hidden image in the stereogram? The teacher's username and password ;)
Thankfully she found it amusing rather than disciplining me ;) I got a perfect score. Looking back at it, I could imagine a teacher with a lesser sense of humor having me suspended or even calling the police.
I'll BUILD someone to replace you. Some kind of gamma-powered monster, with a heart as black as coal!
What is going on here? He was only expelled? A college student?!
Didn't we have a middle school student charged with a felony for changing a desktop wallpaper a couple years ago?
https://yro.slashdot.org/story...
A college student pays $$$$$ for education and loses that for doing something he ought to have known better than do and was planned out ahead of time.
A highschool student gets a felony destroying many of their job prospects for their entire life for a prank.
How is this remotely fair? It's not even !@#$%^& consistent!
Minimum threshold fixed. Thanks!