Story image

Underground cybercrime industry for cheating continues to grow

As a result to increasing exam pressure, grade hacking services and fake diplomas are becoming more easily available online, according to new Kaspersky research.

In recent years, the reports of students getting involved in cybercrime in order to improve their academic standing have increased - for instance hacking into school systems to change grades, improve attendance records or disrupt test processes, or buying fake certificates and diplomas.

Kaspersky says, over the years, this has resulted in a significant underground industry that caters to offering services for the above and enables cheating. Services includes discussion fora and how-to guides and videos.

New Kaspersky research highlights this. Significantly, a single online search on June 12 instantly showed a supplier of grade hacking services and fake diplomas, with an easy-to-follow order form enabling the customer to select the subject, level of degree and issuing institution of their choice. School certificates covering a long list of subjects were also available.

The researchers also looked at some of the most widely used school information systems and found that alongside a history of reported bugs, many relied only on user names and passwords to authenticate access for students, parents and teachers, making them easy to hack using stolen or re-used credentials.

Kaspersky security evangelist David Jacoby says, “As education becomes more digital and connected, the information systems that support learning provide new opportunities for even moderately skilled hackers, and if you don’t want to do it yourself you can find a hacking service online to do it for you.”

He says, “Our research also uncovered a black market vendor who, in return for a fee, would create a certificate of your choice. For the majority of young people, working hard to prepare for and take exams, and the schools and colleges supporting them, such cheating can be very demoralising – and that’s aside from the fact that education fraud is a criminal offence.

“Teachers are not security specialists and may not naturally know or remember what to do, but fortunately there are some simple steps educational institutions, and employers looking to verify achievements can take to stay safe.”

In order to begin to mitigate this security risk for school systems and students, Kaspersky has made certain recommendations.

This includes the following:

  • If a qualification looks suspicious, check with the issuing institution as they will have the official record of who achieved what.
  • Introduce some form of two-factor authentication for information systems, especially web-based ones, and particularly for access to student records, grades and assessments. Set strong and appropriate access controls, so that it is not easy for a hacker to move laterally through the system.
  • Run security awareness training for staff, explaining how to securely implement and use passwords.
  • On campus, have two separate and secure wireless networks, one for staff and one for students, and another one for visitors if you need it.
  • Don’t be tempted to put everything online or on the web-based portal if it doesn’t need to be there.=Introduce and enforce a robust staff password policy and encourage everyone to keep their access credentials confidential at all times.
  • Use a reliable security solution for comprehensive protection from a wide range of threats.