SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1984
Tufts expelled a student for grade hacking. She claims innocence
As she sat in the airport with a one-way ticket in her hand, Tiffany Filler wondered how she would pick up the pieces of her life, with tens of thousands of dollars in student debt and nothing to show for it.
A day earlier, she was expelled from Tufts University veterinary school. As a Canadian, her visa was no longer valid and she was told by the school to leave the U.S. “as soon as possible.” That night, her plane departed the U.S. for her native Toronto, leaving any prospect of her becoming a veterinarian behind.
Filler, 24, was accused of an elaborate months-long scheme involving stealing and using university logins to break into the student records system, view answers, and alter her own and other students’ grades.
The case Tufts presented seems compelling, if not entirely believable.
There’s just one problem: In almost every instance that the school accused Filler of hacking, she was elsewhere with proof of her whereabouts or an eyewitness account and without the laptop she’s accused of using. She has alibis: fellow students who testified to her whereabouts; photos with metadata putting her miles away at the time of the alleged hacks; and a sleep tracker that showed she was asleep during others.
[...] Tufts said she stole a librarian’s password to assign a mysteriously created user account, “Scott Shaw,” with a higher level of system and network access. Filler allegedly used it to look up faculty accounts and reset passwords by swapping out the email address to one she’s accused of controlling, or in some cases obtaining passwords and bypassing the school’s two-factor authentication system by exploiting a loophole that simply didn’t require a second security check, which the school has since fixed.
Tufts accused Filler of using this extensive system access to systematically log in as “Scott Shaw” to obtain answers for tests, taking the tests under her own account, said to be traced from either her computer — based off a unique identifier, known as a MAC address — and the network she allegedly used, either the campus’s wireless network or her off-campus residence. When her grades went up, sometimes other students’ grades went down, the school said.
In other cases, she’s alleged to have broken into the accounts of several assessors in order to alter existing grades or post entirely new ones.
The bulk of the evidence came from Tufts’ IT department, which said each incident was “well supported” from log files and database records. The evidence pointed to her computer over a period of several months, the department told the committee.
[...] A month later, the committee served a unanimous vote that Filler was the hacker and recommended her expulsion.
[...] Many accounts were breached as part of this apparent elaborate scheme to alter grades, but there is no evidence Tufts hired any forensics experts to investigate.
(Score: 3, Insightful) by Anonymous Coward on Sunday March 10 2019, @03:59PM (16 children)
Hasn't any one of them ever heard of a RAT?
It sounds an awful lot like her computer was infected with LogMeIn/Teamviewer/equivalent, and the actual attacker used her computer as an anonymization layer. Perhaps with an added level of "I'll modify this person's stats, too, to further draw attention away from me." The student's hellish woes won't disappear by the trip home, she'll still be infected.
This entire department should be recreated, as far as staff is concerned.
(Score: 5, Informative) by DrkShadow on Sunday March 10 2019, @04:03PM (2 children)
From the article,
At least she won't be facing that particular problem in the immediate future.
(Score: -1, Troll) by Anonymous Coward on Sunday March 10 2019, @05:03PM (1 child)
"Fiverr"? She was facing expulsion, deportation, large student debt and possible legal repercussions ... and she went to Fiverr for help? I would have hired an attorney and had them find a forensics lab to scan the computer. Unless, of course, I was using the RAT to change my grades and for an alibi.
(Score: 5, Insightful) by sjames on Sunday March 10 2019, @06:00PM
Yes, college students are well known for having piles of money they can spend on lawyers and forensics labs.
Especially when their student visa goes POOF giving them only a few days to quit their job and leave the country.
(Score: 3, Insightful) by Anonymous Coward on Sunday March 10 2019, @04:23PM (10 children)
Or somebody just used the same MAC. It can be changed, quite easily.
(Score: 0) by Anonymous Coward on Sunday March 10 2019, @04:43PM (9 children)
Yep -- search on "MAC spoofing" -- trivially easy (which was news to me--not an IT guy).
If Tufts IT crew was competent, it seems like they could have quietly watched for logins with "her" MAC and possibly been able to trace back to the real villain.
Q for someone that knows about this stuff: What if she was logged in and the villain tried to also log in using her MAC? Would the network just disallow this? Seems like it should have tripped a warning of some kind??
(Score: 2) by isostatic on Sunday March 10 2019, @05:04PM (4 children)
> Yep -- search on "MAC spoofing" -- trivially easy (which was news to me--not an IT guy).
What do you use when you're on 'free wifi for 15 minute' hotspots?
(Score: 0) by Anonymous Coward on Sunday March 10 2019, @06:36PM
> What do you use when you're on 'free wifi for 15 minute' hotspots?
I don't do that -- work from home and don't travel often (but now that I know I can MAC spoof, maybe I will start?)
(Score: 0) by Anonymous Coward on Sunday March 10 2019, @06:58PM
I tether to my phone and use a VPN on the laptop (Private Internet Access). If tethering isn't an option then you should at least consider a VPN.
(Score: 1, Interesting) by Anonymous Coward on Sunday March 10 2019, @08:53PM (1 child)
All iphone >=6 use MAC address randomization [appleinsider.com] for years now that change it automatically for you to protect your privacy.
(Score: 2) by Freeman on Monday March 11 2019, @04:15PM
That's actually, a very nice feature. Much better than the mandatory finger print sensors that seem to be forced on you, if you want a new phone.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 5, Informative) by NotSanguine on Sunday March 10 2019, @05:05PM (3 children)
As a long time consultant, I'll provide the "standard" answer: It depends.
MAC addresses are specific to the data link layer [wikipedia.org] of the OSI model [wikipedia.org].
Why this matters is because the MAC address is only relevant on a single network (assuming there is no bridging [wikipedia.org] configured). As such, as long as the spoofed MAC address is not present on the same LAN [cisco.com], there isn't any opportunity for address collisions [serverfault.com].
What's more, most managed [techtarget.com] ethernet switches maintain MAC address and port tables which can identify the physical switch port from where a particular MAC address originates. Given that Tufts is a large organization, they use managed switches for a variety of purposes.
As such, if a particular MAC address is being used, the switch logs should be able to identify the physical port to which such a device is connected. In a wireless context, this would give you the physical port to which the wireless access point is connected. In a wired context, this would give you the specific port to which the device with that MAC address is connected.
Either way, the location of device(s) using a particular MAC address (spoofed or not) can be pretty easily determined.
TFA doesn't really provide any details other than that the IT staff identified a particular MAC address. As such, it's impossible to determine, with the information provided, whether or not MAC spoofing was involved.
That said, given that location information would be fairly easy to obtain, if the expelled student is telling the truth, then her device was likely compromised and used to perform the hacks alleged.
It is certainly possible that someone using MAC spoofing via wifi could use the same access point (or physical switch port) as the expelled student, as long as they did so when her device wasn't connected to that network.
Given that the student claims to have proof that she wasn't where she needed to be to have performed the hacks of the university databases, and that can be documented, the question then becomes whether or not her device was accessed remotely (either by her or someone else).
Regardless, without additional information it's impossible to say what the facts may be -- and so I repeat myself: it depends.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Sunday March 10 2019, @06:41PM
> ... and so I repeat myself: it depends.
Thanks, a very helpful answer. Maybe you should have one of these shirts?
https://topatoco.com/collections/oglaf/products/og-upright [topatoco.com]
(Score: 2, Insightful) by Anonymous Coward on Monday March 11 2019, @07:22AM (1 child)
if she had the device with her when she was not around to do the hacks, that'd point to MAC spoofing, and that someone knew she was not around.
(Score: 2) by PiMuNu on Monday March 11 2019, @11:48AM
The device could have been connected to wifi and still be on her person (e.g. if university wifi network extends to university leisure facilities, which is quite common).
(Score: 1, Insightful) by Anonymous Coward on Sunday March 10 2019, @04:56PM
Reminds me of the days I was at University (in Canada). It was back in the days of Napster. And some people run Napster on a computer in school because it was windows machine. Of course, I used that same machine too once or twice. I logged in remotely to my UNIX account. Magically, the greatly competent IT department then "found my name" when some rights holder complained someone was using Napster. "Their logs" showed me using that workstation to login to UNIX system and "my name" came up.
So, that's the extend of University IT department knowledge. That IT dept. was also so incompetent that they've installed Linux to test with bind (name server) and and left stuff wide open and then it got hacked, so they said that Linux is shit and that only Sun SPARC workstations are any good or Windows NT. That was about 2002.
Also, if this is real cheater, then any "great haxer" would just change their MAC address .. especially someone that has alibis and sleep tracking as a "cover story" ... so not sure WTF is the matter with them. I wonder if the MAC address is still roaming now, changing grades when she is expelled from school. Cloning a MAC is very easy especially since these university networks generally are open anyway.
If I was that student and I would know I was innocent, I would lawyer the fuck up and sue them.
(Score: 5, Funny) by driverless on Monday March 11 2019, @03:27AM
But she was using a Mac, it's impossible for those to get malware, so it can't have been a RAT.