Professors have always had to contend with cheating in college, but thanks to the growing use of technology in the classroom, students are finding new, inventive methods—they’re recording and playing back what faculty members type.
The practice, known as keylogging, made headlines last month when a student at the University of Iowa was arrested for installing keyloggers onto professors’ computers, stealing their login credentials, then changing his grades. Perhaps most concerning was that the student allegedly boosted his grades 90 times over the course of 21 months before he was finally caught.
But this isn’t a one-off security incident. Numerous keylogging incidents have occurred over the years, some resulting in expulsion. In Singapore, they take it even more seriously: a student at the Singapore Management University ended up serving 16 weeks of jail time after cheating in college, falling foul of charges under the country’s cybersecurity act.
Keylogging can be software- or hardware-based. While anti-malware programs can usually detect keyloggers loaded onto a computer, physical keylogging often goes unnoticed—you have to specifically look for it. And a keylogging dongle is cheap, easy to buy and easy for hackers to set up; you can literally plug one into a computer’s USB port. A simple device like this can log passwords and usernames, giving a cheater the ability to boost grades and see exams, not to mention access bank accounts and other personal assets.
While looking for signs of tampering or suspicious activity is always a good idea, it’s not foolproof—and not all professors are security experts.
First, your IT department should regularly inspect physical assets, and train university staff to recognize keylogging devices and other suspicious devices.
Secondly, passwords. Campus security policies should require that passwords be changed on a regular basis. But with keyloggers around, this isn’t enough—multi factor authentication should be used for any critical systems, such as course management and student records systems.
In addition to providing your password, you’re given a unique (and temporary) verification code—via a mobile phone or key fob—before logging in. There’s typically some resistance to multifactor authentication since it requires extra work during the login process, but it’s highly effective against keylogging.
Tightening physical access to computers in classrooms is another step. PCs can also be set up so files can’t be copied onto external devices (some security systems temporarily disable USB ports unless authenticated). And student files should never be saved on a public computer—try secure cloud-based storage, such as Google Drive.
This all adds up to a bit of extra work, but it goes a long way to preventing this new method of cheating in college, and ensuring the integrity of students’ grades—and the university’s reputation.