A former student at the University of Iowa has been arrested in his hometown of Denver after using hardware keyloggers throughout university computers to infiltrate the grading data.
22-year-old Trevor Graves has been apprehended by the FBI for hacking school systems to change his grades, as well as the grades of fellow students for a minor fee. Appearing in court last Thursday, Graves used credentials farmed from hardware keyloggers to log-in to the University’s core systems where he tweaked his grades to much higher ones. Graves was able to carry out his campaign for nearly two years before a university lecturer realized that his grades had changed. An investigation by the school’s IT staff led to the discovery of keyloggers before calling the FBI.
Investigators determined that Graves had help from other students in pulling off the hack. One student will typically install a keylogger on a computer while another would check if the teacher was using the compromised computer, presumably to timestamp it. The students were able to steal multiple teachers’ login credentials in order to change their grades using the teacher’s credentials. According to the investigation, the students managed to repeatedly compromise university computers for a total of 21 months between March 2015 and November 2016.
Their effort was made easier with the fact that the university had not implemented a mutli-factor authentication system, allowing the students to gain access to computers by using the stolen credentials.
The FBI searched Graves’ home to find a number of keystroke-loggers, USB sticks and phones with incriminating evidence. Graves had changed over 90 grades in total and stole exam papers to regularly share them with students. As such, only Graves has been charged.
He is charged with intentionally accessing a computer without authorization to obtain information, and knowingly transmitting a computer program to cause damage, according to the New York Times. Both charges carry a maximum sentence of 10 years in prison.
