Student arrested for changing grades through keylogger
American student charged after using keystroke-logging malware to up his grades
A former student at the University of Iowa has been apprehended for using keylogging malware to break into University systems and to change his grades - as well as the grades of fellow students for a small fee.
The FBI arrested Trevor Graves, aged 22, in October for hacking school systems to alter his grades to much higher ones.
He appeared in court last Thursday and was arrested in his hometown of Denver. He had distributed hardware keyloggers throughout University computers and used the credential he gleaned from them in order to log-in to the University's core systems.
According to the investigators, Graves didn't act on his own - he also received help from other students. One student would install a keylogger and another would check that the teacher was using a particular University computer.
As a result, they were then able to steal the teacher's login credentials and use his system privileges to change their grades. This process took place for a total of 21 months, from March 2015 to November 2016.
The University hadn't implemented a two-factor authentication system, enabling the student to break-in using just the compromised user names and passwords.
The campaign was only uncovered in December 2016, when a lecturer realised that Grave's grades had changed.
She reported her findings to IT staff and, when they investigated, they found the keyloggers and called in the FBI.
On 29 December 29th, the FBI searched Graves' home. They found a plethora of keystroke-loggers, USB sticks and phones, all with incriminating evidence.
In total, they found that Graves changed more than 90 grades. he also stole exam papers and regularly shared them with students. However, only Graves has been charged.
If found guilty, he is likely to be given a community-service sentence. It is not the first time that such a scheme has been uncovered. However, when a student was found to have done something similar at Kansa University, the student was only expelled.
Image above taken from image library