Skip to main content

Student H4cking Grades over 90 times!

This past Thursday, a former University of Iowa student appeared in court on charges of hacking his school and professors and changing grades for himself and a few other fellow students.

The FBI arrested the suspect — Trevor Graves, age 22 — at the end of October, in Denver, his hometown. According to an FBI arrest warrant, the teenager planted hardware keyloggers on several school computers.

Student used hardware keylogger

Graves had help from other students. One would plant the keylogger, while the other would attend class and confirm a teacher had logged into his school account.

They would then retrieve the keylogger and extract the login credentials. University of Iowa did not implement two-factor authentication for its student management system, so the login credentials allowed Graves access to teachers' accounts.
This took place for a period of 21 months, between March of 2015 to November of 2016.
The scheme unfolded when a teacher noticed in mid-December 2016 that some of Graves' grades had changed without her knowledge. The professor informed the University's IT staff, who investigated and found the keyloggers. The FBI was called in to aid the investigation.

Graves changed grades over 90 times in 21 months

All in all, they found that Graves changed grades more than 90 times, for him and five classmates. They also found that he regularly stole exams and shared tests with other students.
On December 29, 2016, the FBI and University of Iowa Police executed a search warrant at Graves' home, an off-campus apartment in Iowa City.
Investigators found keyloggers, phones, and thumb drives with compromising information. The phones contained records of past conversations between graves and his co-conspirators, while the thumb drives contained copies of stolen exams. Graves referred to the keyloggers using the term "pineapple."
Graves conversations
The FBI investigated and searched other students' houses, but only charged Graves.

Similar incident happened at Kansas University

In conversations with co-conspirators, Graves told them he could not change grades too significantly. Last spring, Kansas University expelled a student for a similar scheme. The unnamed student — not charged — used a similar hardware keylogger to steal teachers' login credentials and modify grades. That student changed F grades to A grades and was caught almost immediately, a reason why Graves' scheme lasted for 21 months.
Because the damage of Graves' actions was over a $5,000 limit (investigation into the hack cost $67,500), authorities filed charges against Graves. If found guilty, he'll probably face probation and hours of community work, as most cases like these have concluded in the past.
Graves was also a member of the University's wrestling team.



Popular posts from this blog

Javascript Miner: Hacker's Wet Dream

Experiencing lags on your computer? You're probably running a miner that consumes 100% of your CPU. Coin Hive (a JavaScript based miner) is becoming rapidly popular among Malware developers.

Coinhive, as a tool, is a JavaScript library that website owners can load on their site. When users access the site, the Coinhive JavaScript code library executes and mines for Monero, but using the user's CPU resources.

Very smart idea as it was meat to be a replacer for publicities. Coinhive launched on September 14, and its authors advertise it as an alternative to classic advertising. Coinhive claims that webmasters can remove ads from their sites, and load the Coinhive library and mine for Monero using a small portion of the user's CPU while the user is navigating the site. Site owners can make money and support their business, but without peppering their visitors with annoying ads.

The idea got some traction, and two days after it launched The Pirate Bay ran it as a tes…

NiceHash: security breach leads to 60 million lost - Iceman is behind?

A dark day for crypto currency miners, NiceHash has been hacked. Closely to 60$ millions (4,736.42 BTC) have been stolen while the bitcoin is crossing the 14k$ mark for the first time.

The hacker's bitcoin address cleary shows the steal of  4,736.42 BTC in a window of 48 hours:

NiceHash users are furious by the time of reaction of the team. It took about 24 hours to realise that big amounts have been stolen.

I've contacted a member of Iceman and knowing this security breach for some reason he explained that NiceHash actually owned their users bitcoin wallets in order to save transactions fees and collect unclaimed BTC. This issue leads to a massive security breach which allow access to all NiceHash wallets. He claimed that by reverse engineering of their miner client, Iceman group was able to access their API. Is Iceman really behind this attack?

ICEMAN: Banks holes like in Cheese

Operation "Emmenthal" is the nickname for a grand-scale phishing campaign targeting bank clients. The goal of the campaign is to receive fraudulent payments by taking actions (e.g. money transfers) on behalf of the legitimate end user.

By phishing the victims with a mobile application which mimics the bank’s genuine application, the hackers steals the two-factor-authentication tokens used during the login (both user/passwords and SMS verification code) and then issuing money transfers by SMS Services offered by the bank, together with sending these sensitive credentials to the hackers infrastructure.

The ICEMAN group, which first came to knowing after contacting me to claim responsibility for the Banrisul Bank attack in Brazil, now claim they have committed many of the reported "Emmental" attacks as well. The hacker’s intentions and motives are shown at first in this exclusive interview.

What was your goal of the attack?

We need more bank accounts to sell. The b…