Slashdot Mirror
Student Charged By FBI For Hacking His Grades More Than 90 times (sophos.com)
An anonymous reader shares a report: In college, you can use your time to study. Or then again, you could perhaps rely on the Hand of God. And when I say "Hand of God," what I really mean is "keylogger." Think of it like the "Nimble Fingers of God." "Hand of God" (that makes sense) and "pineapple" (???) are two of the nicknames allegedly used to refer to keyloggers used by a former University of Iowa wrestler and student who was arrested last week on federal computer-hacking charges in a high-tech cheating scheme. According to the New York Times, Trevor Graves, 22, is accused in an FBI affidavit of working with an unnamed accomplice to secretly plug keyloggers into university computers in classrooms and in labs. The FBI says keyloggers allowed Graves to record whatever his professors typed, including credentials to log into university grading and email systems. Court documents allege that Graves intercepted exams and test questions in advance and repeatedly changed grades on tests, quizzes and homework assignments. This went on for 21 months -- between March 2015 and December 2016. The scheme was discovered when a professor noticed that a number of Graves' grades had been changed without her authorization. She reported it to campus IT security officials.
>> when I say "Hand of God," what I really mean is "keylogger." Think of it like the "Nimble Fingers of God." "Hand of God" (that makes sense)
Hey, um, "Nimble Fingers" is a dangerous thing to type into a search bar. And no one has used that phrase in a SFW setting since 1978.
>> and "pineapple" (???)
Prolly this: https://www.wifipineapple.com/
Not sure what you're trying to say here. Looks like you're assuming that keypresses are broadcast to all USB devices, which is, of course, nonsese.
Your run of the mill hardware keylogger is a device that's between the computer and the keyboard. A "man in the middle" attack, only in hardware. There's no software installation, and no way for an OS to detect it.
https://en.wikipedia.org/wiki/...
They care, their scholarships usually need a minimum GPA. If they don't care it's because someone is fixing it for them, or the prof makes sure the team doesn't lose its star because he couldn't quite add a couple numbers.
Smart would have been to study, do the homework and pay attention.
Hey, let's get the exams and test questions in advance so I'll have a good score!
Fails.
Hey, let's enter the system and change my grades since I failed even when I had the exams and test questions in advance!
That guy's C.V. can be resumed in one sentence: Can't even cheat his way out by cheating. I'd never hire that guy in a million years.
#DeleteFacebook
Hired by the FBI? For what skill? Being able to connect a USB device between a USB port and a USB keyboard?
#DeleteFacebook
The summary says he "intercepted exams and test questions in advance", so I guess that guy really sucks at learning.
#DeleteFacebook
> The PC is notoriously poorly designed as if it were meant to be run disconnected from the internet and in a room hidden away from intruders.
Which, for those who don't know, is exactly the case. Prior PCs (PERSONAL computers) running DISK Operating System, there were time-sharing computers running NETWORK operating systems. Computers prior to the PC each had many users, hundreds of uses for each computer. They often used it over a network, using terminals. Security was of course important - you didn't want one authorized user to mess things up for another user.
Then technology advanced to the point that it was feasible fr a single person to have their own personal computer, with several KBs of RAM. What OS would run in just a few kilobytes of RAM, though? Just the security-related stuff was a couple KBs. But wait, a *personal* computer with only one user, running from local disk and not attached to a network didn't NEED security. So to fit the OS in 16KB, the smart thing to do was to make a minimal OS without any of that security or networking stuff. It worked great. Then the internet happened and the manufacturer of Disk Operating System shit bricks.
The amount of learning needed is fairly minimal.
You buy a keylogger for $30 or so.
You plug it in between the keyboard and the PC.
Later, you unplug it from the keyboard and the PC, and look for passwords and userIDs. (easy to spot as they're the first after several hours idle).
Now, you simply type in the username and password, or use remote access if that's an option, to access the software in the same way the teacher would enter your grades.
This is not a complex attack.
"Ferris has been absent 9 times"....."GRACE!"
Sent from my TARDIS
Why would he intercept exams and test questions if he could just change his grade directly anyway?
Give it to other students? Read TFA... For him, he doesn't study it himself anyway so he just changed his own grade.
* A student identified as A.B. in court documents urged Graves to use the keylogger to steal an upcoming test, saying “I need 100 on final just to get B- at this point.” Graves’ reply: “Or we could use the time to study?”
* A student identified as Z.B. asked Graves whether he had told a classmate “about the Hand of God on that test.” Graves’ reply: “No. The less people know the better.”
Hired by the FBI? For what skill? Being able to connect a USB device between a USB port and a USB keyboard?
For being a sociopath, and willing to do whatever it takes to win, without annoyances like conscience or dignity to get in the way.
Hired by the FBI? For what skill? Being able to connect a USB device between a USB port and a USB keyboard?
For being a sociopath, and willing to do whatever it takes to win, without annoyances like conscience or dignity to get in the way.
I'd say he could get a job on Wall Street, but you actually need skills and/or education for that. Perhaps he can run for President - the bar for that is apparently quite low now.
It must have been something you assimilated. . . .
No, that would have guaranteed the teacher would have known something was up. As soon as a good student noticed a grade change the audit would have been on.
Smart would have been to study the test questions he downloaded and not share with class/team mates.
Even smarter would have been to actually attempt to get an education while in college. It's not like there's a great future for greco-roman wrestlers.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Silly mistakes are silly. Kid had access to the test banks and answers. He could have easily memorized the correct answers.
Even if he failed the test, he could have corrupted everyone else's grades to obscure the fact that he was doing it.
If you're going to commit any sort of computer forgery, make sure you spread the love far and wide so even unrelated students in completely different classes have their grades changed. There would be absolutely no way they would be able to find him in this instance.
Only the stupid get caught.
It's not like the classes jocks take are difficult either.
Bet he was a communications major.
The article did state that grades were changed in business, engineering and chemistry classes. There may have been grades changed in Earth Science 101: "Rocks for Jocks" too. It sounds like he was selling his services to other students, which is just asking to get caught.
Changing grades on the computer is just stupid, IMHO, since it's not like the instructors don't keep paper records. Had he stuck to copying exams and answer keys then he might have gotten away with it, at least long enough to graduate. Or at least add enough doubt as to who did what when that no one would call the FBI on him. But then people that resort to cheating on exams aren't typically that bright.
What I have to ponder is why the FBI was involved. This was a state facility, not a federal one. Doesn't every state have their own investigation service? As a state university they'll have their own police force, with a direct line to said state investigation office. What federal law was broken? Not that this seems to matter any more, I remember an assault case that made national news. The FBI got involved for some reason. When asked why the FBI was there the answer floored me, the scissors used to cut the victim's hair came from out of state so this was an investigation of "interstate commerce" as defined in the US Constitution. If that's the bar that has to be hurdled then everything is a federal case. Some kid steals a candy bar and the FBI is there because he was wearing shoes made in China.
I am armed because I am free. I am free because I am armed.
I remember talking to my dad about one of his card playing buddies. I think it was about me overhearing them talking about him going to college. I asked what was his major, Dad said the guy just went to school to play baseball.
A lot of these student athletes don't think much about what they are going to do after college. They'll study just about anything so they can say they went to college. They go to school so that they can play sports and hope some professional team picks them up, or just to live the high school jock life for 2 or 4 years longer.
If they graduate then at least they can check that box on a job application saying they went to college, even if what they will be doing is answering phones and telling people that call to reboot their modem. Which will be especially odd if they end up working at an ice cream parlor.
I am armed because I am free. I am free because I am armed.
Some kid steals a candy bar and the FBI is there because he was wearing shoes made in China.
That should require Interpol
There is a saying in the Army - never give an Order that will not be obeyed. It just breaks down the respect for Authority which is needed for soldiers to take an order which will mean risking their life but will probably save lives during battles.
A similar principle should apply to laws - dont pass laws that will not be obeyed. The 21 yr drinking age is a stupid law. If someone is old enough to fuck, go to war, get married and be executed for a capital crime they very well should be old enough to drink.
Once you pass laws that are stupid people feel no guilt breaking them and breaking other laws like forgery laws to get around the stupid law.
**Life is too short to be serious**
"...no way for an OS to detect it."
It's not easy, but it can be done. The USB keyloggers present themselves over the USB bus as a keyboard, but not necessarily YOUR keyboard. They will have the same USB vendor/device ID across all of the devices. So look for that ID in place of your normal keyboard. Boom, detected in software. ;)
And Boom, doesn't go the dynamite. Take a look at some of the Hak5 products, like the Bash Bunny or USB Rubber Ducky. They allow the owner of the device to specify whatever VID/PID combination they want; they actually recommend you change it from their defaults so that scanning for their default VID/PID won't get you caught.
Besides, you can't simply block alternate keyboard IDs anyway, at least not in America. The Americans With Disabilities Act will quickly be invoked by someone who needs an alternative input device in order to do their job. Perhaps they're in a wheelchair and need a wireless keyboard or mouse. Blocking random USB HID devices turns out to be a real problem for them.
John