Skip to main content

Student H4cking Grades over 90 times!


This past Thursday, a former University of Iowa student appeared in court on charges of hacking his school and professors and changing grades for himself and a few other fellow students.

The FBI arrested the suspect — Trevor Graves, age 22 — at the end of October, in Denver, his hometown. According to an FBI arrest warrant, the teenager planted hardware keyloggers on several school computers.


Student used hardware keylogger

Graves had help from other students. One would plant the keylogger, while the other would attend class and confirm a teacher had logged into his school account.

They would then retrieve the keylogger and extract the login credentials. University of Iowa did not implement two-factor authentication for its student management system, so the login credentials allowed Graves access to teachers' accounts.
This took place for a period of 21 months, between March of 2015 to November of 2016.
The scheme unfolded when a teacher noticed in mid-December 2016 that some of Graves' grades had changed without her knowledge. The professor informed the University's IT staff, who investigated and found the keyloggers. The FBI was called in to aid the investigation.

Graves changed grades over 90 times in 21 months

All in all, they found that Graves changed grades more than 90 times, for him and five classmates. They also found that he regularly stole exams and shared tests with other students.
On December 29, 2016, the FBI and University of Iowa Police executed a search warrant at Graves' home, an off-campus apartment in Iowa City.
Investigators found keyloggers, phones, and thumb drives with compromising information. The phones contained records of past conversations between graves and his co-conspirators, while the thumb drives contained copies of stolen exams. Graves referred to the keyloggers using the term "pineapple."
Graves conversations
The FBI investigated and searched other students' houses, but only charged Graves.

Similar incident happened at Kansas University

In conversations with co-conspirators, Graves told them he could not change grades too significantly. Last spring, Kansas University expelled a student for a similar scheme. The unnamed student — not charged — used a similar hardware keylogger to steal teachers' login credentials and modify grades. That student changed F grades to A grades and was caught almost immediately, a reason why Graves' scheme lasted for 21 months.
Because the damage of Graves' actions was over a $5,000 limit (investigation into the hack cost $67,500), authorities filed charges against Graves. If found guilty, he'll probably face probation and hours of community work, as most cases like these have concluded in the past.
Graves was also a member of the University's wrestling team.

Source: https://www.bleepingcomputer.com/news/security/student-arrested-for-using-keylogger-to-change-grades-over-90-times/

Comments

Post a Comment

Popular posts from this blog

‘Infraud’ Cybercrime Forum is Busted, 13 hackers arrested & 36 charged

The U.S. Justice Department announced charges on Wednesday against three dozen individuals thought to be key members of ‘ Infraud ,” a long-running cybercrime forum that federal prosecutors say cost consumers more than a half billion dollars. In conjunction with the forum takedown, 13 alleged Infraud members from the United States and six other countries were arrested. Started in October 2010, Infraud was short for “In Fraud We Trust,” and collectively the forum referred to itself as the “Ministry of Fraudulently [sic] Affairs.” As a mostly English-language fraud forum, Infraud attracted nearly 11,000 members from around the globe who sold, traded and bought everything from stolen identities and credit card accounts to ATM skimmers, botnet hosting and malicious software. “Today’s indictment and arrests mark one of the largest cyberfraud enterprise prosecutions ever undertaken by the Department of Justice,” said John P. Cronan , acting assistant attorne
2 comments
Read more

Czech Republic announced it had extradited the Russian hacker Yevgeni Nikulin (29) to the United States

Yevgeni Nikulin (29) was requested by the US for alleged cyber attacks on social networks and by the Russian authorities that charged him with frauds. According to US authorities, the man targeted LinkedIn and Formspring and hacked into the file hosting service Dropbox. The Russian criminal was arrested in Prague in October 2016 in an international joint operation with the FBI. The case in the middle of an arm wrestling between Moscow and Washington, the US Government are accusing Russia to have interfered with 2016 Presidential election  through hacking . Source: US Defense Watch.com In May, a Czech court ruled that Nikulin can be extradited to either Russia or the United States, leaving the final decision to the Justice Minister Robert Pelikan. “It is true there have been two meetings this year where the president asked me not to extradite a Russian citizen to the United States but to Russia,” the website of the weekly newspaper Respekt quoted Pelikan as sayin
2 comments
Read more

NanoCore developper busted and senteced for 33 months

  A hacker who was arrested and pleaded guilty last year—not because he hacked someone, but for creating and selling a remote access trojan that helped cyber criminals—has finally been sentenced to serve almost three years in prison. Taylor Huddleston, 26, of Hot Springs, Arkansas, pleaded guilty in July 2017 to one charge of aiding and abetting computer intrusions by building and intentionally selling a remote access trojan (RAT), called NanoCore , to hackers for $25. Huddleston was arrested in March, almost two months before the FBI raided his house in Hot Springs, Arkansas and left with his computers after 90 minutes, only to return eight weeks later with handcuffs.   This case is a rare example of the US Department of Justice (DOJ) charging someone not for actively using malware to hack victims' computers, but for developing and selling it to other cybercriminals. Huddleston admitted to the court that he created his software knowing it would be used
1 comment
Read more