STE WILLIAMS

A former student of Purdue University in Indiana has been sentenced to 90 days in jail for his part in hacking into college computer systems and changing grades.

Roy C. Sun is one of three former Purdue students thought to have been involved in the incident, which occurred between 2008 and 2010 when they were students at the university. The incident came to light in June 2013 after initial arrests were made.

The three men are thought to have broken into staff offices and attached keyloggers to computers operated by class professors, possibly by replacing the keyboards with doctored versions.

They then harvested login information, which they used to access university computer systems and alter their grades.

Electrical engineering student Sun is thought to have adjusted grades he received between December 2008 and May 2010, changing eight “F” grades and a “D” into straight As.

He left Purdue in 2010, spending a brief time as a graduate student at Boston University. Police investigating the case found keylogging kit and lockpicks in Sun’s home.

One of the two others involved, nuclear engineering major Sujay Sharma, was arrested at the same time as Sun and pleaded guilty in December to “Conspiracy to Commit Computer Tampering”, a class D felony under Indiana law as long as no terrorism is involved.

Sharma was sentenced earlier this week to 18 months’ probation and 200 hours of community service.

His lighter sentence reflects slightly lesser crimes, with only one of his grades changed, although he may also have acted as a lookout while the others were accessing systems illegally. Sharma’s plea included giving testimony against his fellow conspirators.

The third man, Mitsutoshi Shirasaki, traveled to Japan shortly after the incident came to light and has yet to be formally arrested or tried, but is believed to have changed 24 of his grades using the stolen login information.

He is also reported to have changed one of the grades of a girlfriend, from an “A” to an “A+”.

The changes apparently came to light in January 2013 (late 2012 in some reports) when one of the professors involved complained to IT staff that his login passwords and security questions had been changed, and subsequent investigations revealed the tweaks to grades.

The entire story is very similar to a recent case in California, which also involved the use of keyloggers to change grades, although in that case the perpetrators were considerably younger and their punishment distinctly lighter, mainly consisting of exclusion from a local school district.

Sun’s 90-day jail term is accompanied by 100 hours of community service.

The fairly strong sentence handed down makes clear the seriousness of Sun’s offences, as an adult at a university rather than a minor still at school.

Both universities and schools deal with large numbers of students each year. But it seems like we’re in danger of putting too much trust in computer data to replace personal knowledge and relationships, and computer data has a tendency to find itself open to unwarranted alteration, removal and of course leakage.

Humans are also vulnerable to tricks and scams of course, but in different ways from computers, so a combination of the two, overlapping to make up for each others’ deficiencies, seems the best course.

Even if we could ensure their safety from hackers and other miscreants, relying solely on computers as our source of all wisdom and decision-making would surely be a big mistake.

Follow @VirusBtn
Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/Bn5jz0m8PoE/