Home / / Grade hacking services and fake diplomas easily available online during exam season

Grade hacking services and fake diplomas easily available online during exam season

Kaspersky researchers have found cybercriminals are offering grade-hacking services and fake qualifications which are easy to find online

Grade hacking services and fake diplomas easily available online during exam season

Cybercriminals are taking advantage of summer exam pressures by offering black market grade-hacking services and fake qualifications online, and ensuring these opportunities are easy to find with a quick internet search, Kaspersky researchers have found.

Reports of young people breaking into school systems to change grades, improve attendance records or disrupt test processes are not new, and nor is the availability of fake certificates and diplomas. Over the years, a thriving underground industry has grown up to facilitate cheating when it comes to academic achievements. This includes discussion fora and how-to guides and videos. Kaspersky researchers decided to take a closer look at such education fraud.

A single online search on June 12 immediately revealed a supplier of grade hacking services and fake diplomas, with an easy-to-follow order form enabling the customer to select the subject, level of degree and issuing institution of their choice. School certificates covering a long list of subjects were also available.

The researchers also looked at some of the most widely used school information systems and found that alongside a history of reported bugs, many relied only on user names and passwords to authenticate access for students, parents and teachers - making them worryingly easy to hack using stolen or re-used credentials.

"As education becomes more digital and connected, the information systems that support learning provide new opportunities for even moderately skilled hackers, and if you don't want to do it yourself you can find a hacking service online to do it for you. Our research also uncovered a black market vendor who, in return for a fee, would create a certificate of your choice. For the majority of young people, working hard to prepare for and take exams, and the schools and colleges supporting them, such cheating can be very demoralizing - and that's aside from the fact that education fraud is a criminal offence. Teachers are not security specialists and may not naturally know or remember what to do, but fortunately there are some simple steps educational institutions, and employers looking to verify achievements can take to stay safe," said David Jacoby, security evangelist at Kaspersky.

Kaspersky recommends the following measures to safeguard systems and young people against education fraud:

If a qualification looks suspicious, check with the issuing institution as they will have the official record of who achieved what.

Introduce some form of two-factor authentication for information systems, especially web-based ones, and particularly for access to student records, grades and assessments. Set strong and appropriate access controls, so that it is not easy for a hacker to move laterally through the system.

Run security awareness training for staff, explaining how to securely implement and use passwords.

On campus, have two separate and secure wireless networks, one for staff and one for students, and another one for visitors if you need it.

Don't be tempted to put everything online or on the web-based portal if it doesn't need to be there.

Introduce and enforce a robust staff password policy and encourage everyone to keep their access credentials confidential at all times.

Use a reliable security solution for comprehensive protection from a wide range of threats.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.