2 min read

"Foolish" university hacker jailed after selling exam papers to fellow students

Graham CLULEY

September 13, 2021

"Foolish" university hacker jailed after selling exam papers to fellow students

A former student at the University of South Wales has been sentenced to 20 months in prison, after hacking into the institution's computer systems and selling the answers to exam papers for thousands of pounds.

As BBC News reports, 29-year-old Hayder Ali Jasim (sometimes known as Hayder Aljayyash), was studying for a master's degree in embedded system design at the University of South Wales when he succeeded in gaining unauthorised access to examination papers, coursework, marking and reports.

During lectures in the university's engineering and computer science faculty, Jasim deployed keyloggers that secretly recorded keypresses, and stored them in a file.  In this way, he was able to steal the passwords of university staff.

Between November 2018 and May 2019, Jasim was said to have used the stolen credentials to log in more than 700 times, downloading 216 files.

Jasim monetised the stolen information by working working alongside his fellow student and housemate accomplice, 30-year-old Noureldien Eltarki, who sold copies of the exam papers and answer sheets to students for thousands of pounds.

The hack was only discovered when mathematics lecturer Liam Harris noticed that a number of students had made spelling errors in their answers which matched mistakes the lecturer had made himself on his official answer sheet.

A subsequent investigation into the suspected cheating revealed that login accounts belonging to 17 members of staff had been compromised, and an IP address was linked to a property not far from the university's campus.

Police arrested Jasim on May 30 2019, and computing equipment and £17,000 worth of cash were seized at the property.  A significant amount of stolen university data was subsequently found on the computers found at the address which Jasim shared with Eltarki.

In an interview with the police, Eltarki confessed that he had sold exam scripts to students for as much as £6,500 - with most of the proceeds going to Jasim.

The court was told that the university's investigation into its data breach, and the subsequent new security measures it had introduced, had cost it over £100,000.

That's clearly a lot of money for any educational organisation to find itself having to spend unexpectedly - but I think it's incorrect to link that entirely to the hack.  After all, the university should have had better security systems in place regardless of whether it had suffered a security breach or not.   In short, the university would have clearly needed to invest more seriously in its IT security and harden its defences sooner or later.

Jasim's defence team said that he had "acted foolishly" but said that he accepted responsibility for what he had done:

"He is thoroughly ashamed of himself for his behaving as he did and he realises his behaviour was extremely selfish and wrong."

Judge David Wynn Morgan sentenced Jasim to 20 months in prison for the hack.

Eltarki pleaded guilty to money laundering and transferring criminal property, and was given a nine months prison sentence suspended for 24 months, He was also ordered to carry out 200 hours unpaid work and a six-day rehabilitation activity.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Google Prepares to Reset App Permissions on Billions of Devices Google Prepares to Reset App Permissions on Billions of Devices
Silviu STAHIE

September 20, 2021

1 min read
Sideloading Android Apps - Bane or Blessing for Android Users Sideloading Android Apps - Bane or Blessing for Android Users
Silviu STAHIE

September 20, 2021

2 min read
FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches
Silviu STAHIE

September 17, 2021

1 min read