Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Sunday March 10 2019, @03:41PM   Printer-friendly
from the pencil dept.

Submitted via IRC for SoyCow1984

Tufts expelled a student for grade hacking. She claims innocence

As she sat in the airport with a one-way ticket in her hand, Tiffany Filler wondered how she would pick up the pieces of her life, with tens of thousands of dollars in student debt and nothing to show for it.

A day earlier, she was expelled from Tufts University veterinary school. As a Canadian, her visa was no longer valid and she was told by the school to leave the U.S. “as soon as possible.” That night, her plane departed the U.S. for her native Toronto, leaving any prospect of her becoming a veterinarian behind.

Filler, 24, was accused of an elaborate months-long scheme involving stealing and using university logins to break into the student records system, view answers, and alter her own and other students’ grades.

The case Tufts presented seems compelling, if not entirely believable.

There’s just one problem: In almost every instance that the school accused Filler of hacking, she was elsewhere with proof of her whereabouts or an eyewitness account and without the laptop she’s accused of using. She has alibis: fellow students who testified to her whereabouts; photos with metadata putting her miles away at the time of the alleged hacks; and a sleep tracker that showed she was asleep during others.

[...] Tufts said she stole a librarian’s password to assign a mysteriously created user account, “Scott Shaw,” with a higher level of system and network access. Filler allegedly used it to look up faculty accounts and reset passwords by swapping out the email address to one she’s accused of controlling, or in some cases obtaining passwords and bypassing the school’s two-factor authentication system by exploiting a loophole that simply didn’t require a second security check, which the school has since fixed.

Tufts accused Filler of using this extensive system access to systematically log in as “Scott Shaw” to obtain answers for tests, taking the tests under her own account, said to be traced from either her computer — based off a unique identifier, known as a MAC address — and the network she allegedly used, either the campus’s wireless network or her off-campus residence. When her grades went up, sometimes other students’ grades went down, the school said.

In other cases, she’s alleged to have broken into the accounts of several assessors in order to alter existing grades or post entirely new ones.

The bulk of the evidence came from Tufts’ IT department, which said each incident was “well supported” from log files and database records. The evidence pointed to her computer over a period of several months, the department told the committee.

[...] A month later, the committee served a unanimous vote that Filler was the hacker and recommended her expulsion.

[...] Many accounts were breached as part of this apparent elaborate scheme to alter grades, but there is no evidence Tufts hired any forensics experts to investigate.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by Anonymous Coward on Sunday March 10 2019, @04:23PM (10 children)

    by Anonymous Coward on Sunday March 10 2019, @04:23PM (#812325)

    Or somebody just used the same MAC. It can be changed, quite easily.

    Starting Score:    0  points
    Moderation   +3  
       Insightful=2, Informative=1, Total=3
    Extra 'Insightful' Modifier   0  

    Total Score:   3  
  • (Score: 0) by Anonymous Coward on Sunday March 10 2019, @04:43PM (9 children)

    by Anonymous Coward on Sunday March 10 2019, @04:43PM (#812330)

    Yep -- search on "MAC spoofing" -- trivially easy (which was news to me--not an IT guy).

    If Tufts IT crew was competent, it seems like they could have quietly watched for logins with "her" MAC and possibly been able to trace back to the real villain.

    Q for someone that knows about this stuff: What if she was logged in and the villain tried to also log in using her MAC? Would the network just disallow this? Seems like it should have tripped a warning of some kind??

    • (Score: 2) by isostatic on Sunday March 10 2019, @05:04PM (4 children)

      by isostatic (365) on Sunday March 10 2019, @05:04PM (#812337) Journal

      > Yep -- search on "MAC spoofing" -- trivially easy (which was news to me--not an IT guy).

      What do you use when you're on 'free wifi for 15 minute' hotspots?

      • (Score: 0) by Anonymous Coward on Sunday March 10 2019, @06:36PM

        by Anonymous Coward on Sunday March 10 2019, @06:36PM (#812371)

        > What do you use when you're on 'free wifi for 15 minute' hotspots?

        I don't do that -- work from home and don't travel often (but now that I know I can MAC spoof, maybe I will start?)

      • (Score: 0) by Anonymous Coward on Sunday March 10 2019, @06:58PM

        by Anonymous Coward on Sunday March 10 2019, @06:58PM (#812378)

        I tether to my phone and use a VPN on the laptop (Private Internet Access). If tethering isn't an option then you should at least consider a VPN.

      • (Score: 1, Interesting) by Anonymous Coward on Sunday March 10 2019, @08:53PM (1 child)

        by Anonymous Coward on Sunday March 10 2019, @08:53PM (#812409)

        All iphone >=6 use MAC address randomization [appleinsider.com] for years now that change it automatically for you to protect your privacy.

        • (Score: 2) by Freeman on Monday March 11 2019, @04:15PM

          by Freeman (732) on Monday March 11 2019, @04:15PM (#812745) Journal

          That's actually, a very nice feature. Much better than the mandatory finger print sensors that seem to be forced on you, if you want a new phone.

          --
          Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
    • (Score: 5, Informative) by NotSanguine on Sunday March 10 2019, @05:05PM (3 children)

      Q for someone that knows about this stuff: What if she was logged in and the villain tried to also log in using her MAC? Would the network just disallow this? Seems like it should have tripped a warning of some kind??

      As a long time consultant, I'll provide the "standard" answer: It depends.

      MAC addresses are specific to the data link layer [wikipedia.org] of the OSI model [wikipedia.org].

      Why this matters is because the MAC address is only relevant on a single network (assuming there is no bridging [wikipedia.org] configured). As such, as long as the spoofed MAC address is not present on the same LAN [cisco.com], there isn't any opportunity for address collisions [serverfault.com].

      What's more, most managed [techtarget.com] ethernet switches maintain MAC address and port tables which can identify the physical switch port from where a particular MAC address originates. Given that Tufts is a large organization, they use managed switches for a variety of purposes.

      As such, if a particular MAC address is being used, the switch logs should be able to identify the physical port to which such a device is connected. In a wireless context, this would give you the physical port to which the wireless access point is connected. In a wired context, this would give you the specific port to which the device with that MAC address is connected.

      Either way, the location of device(s) using a particular MAC address (spoofed or not) can be pretty easily determined.

      TFA doesn't really provide any details other than that the IT staff identified a particular MAC address. As such, it's impossible to determine, with the information provided, whether or not MAC spoofing was involved.

      That said, given that location information would be fairly easy to obtain, if the expelled student is telling the truth, then her device was likely compromised and used to perform the hacks alleged.

      It is certainly possible that someone using MAC spoofing via wifi could use the same access point (or physical switch port) as the expelled student, as long as they did so when her device wasn't connected to that network.

      Given that the student claims to have proof that she wasn't where she needed to be to have performed the hacks of the university databases, and that can be documented, the question then becomes whether or not her device was accessed remotely (either by her or someone else).

      Regardless, without additional information it's impossible to say what the facts may be -- and so I repeat myself: it depends.

      --
      No, no, you're not thinking; you're just being logical. --Niels Bohr
      • (Score: 0) by Anonymous Coward on Sunday March 10 2019, @06:41PM

        by Anonymous Coward on Sunday March 10 2019, @06:41PM (#812373)

        > ... and so I repeat myself: it depends.

        Thanks, a very helpful answer. Maybe you should have one of these shirts?
            https://topatoco.com/collections/oglaf/products/og-upright [topatoco.com]

      • (Score: 2, Insightful) by Anonymous Coward on Monday March 11 2019, @07:22AM (1 child)

        by Anonymous Coward on Monday March 11 2019, @07:22AM (#812592)

        if she had the device with her when she was not around to do the hacks, that'd point to MAC spoofing, and that someone knew she was not around.

        • (Score: 2) by PiMuNu on Monday March 11 2019, @11:48AM

          by PiMuNu (3823) on Monday March 11 2019, @11:48AM (#812628)

          The device could have been connected to wifi and still be on her person (e.g. if university wifi network extends to university leisure facilities, which is quite common).