Forgot your password?
typodupeerror
Education Your Rights Online

Hacker Exposes Evidence of Widespread Grade Tampering In India 304

Posted by timothy
from the something's-fishy dept.
Okian Warrior writes "Hackaday has a fascinating story about Indian college student Debarghya Das: 'The ISC national examination, taken by 65,000 12th graders in India, is vitally important for each student's future: a few points determines which university will accept you and which will reject you. One of [Debraghya]'s friends asked if it was possible to see ISC grades before they were posted. [Debraghya] was able to download the exam records of nearly every student that took the test. Looking at the data, he also found evidence these grades were changed on a massive scale."
This discussion has been archived. No new comments can be posted.

Hacker Exposes Evidence of Widespread Grade Tampering In India

Comments Filter:
  • Well... (Score:5, Funny)

    by Anonymous Coward on Thursday June 06, 2013 @10:11AM (#43924939)

    Sometimes you have to do the needful to get into the school you want.

    • It's being done by the tester, not the students, possibly to keep some people (in specific regions) out of the school they want.
      • It's being done by the tester, not the students, possibly to keep some people (in specific regions) out of the school they want.

        It would be interesting to see if the anomalies correspond to cutoff scores for various educational tiers; i.e. if Tier 1 schools require a minimum of say 70 do you see a spike at and after that with a corresponding empty value and or dip just below that. If the anomalies correspond to the cutoff scores for admissions then that would seem to indicate scores were adjusted to help students get in. If you see a spike just before the cutoff and a blank then it may be students were down graded as well.

      • Re:Well... (Score:4, Informative)

        by richlv (778496) on Thursday June 06, 2013 @11:22AM (#43925819)

        i believe that was a joke, aimed at the 'indian english'. just sayin' :)

  • by MickyTheIdiot (1032226) on Thursday June 06, 2013 @10:13AM (#43924963) Homepage Journal

    This would be true in the US and the UK, and India doesn't even match up to those "high" standards. He'll be in jail because someone with power will be embarrassed by this.

  • not even hacking just URL typing with fixed ID numbers

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      According to my attorney (a former IT person who went to law school), that qualifies as hacking.

      He was helping me with a child custody issue, but he had a case where a woman was accused of hacking. He said clearly she couldn't do it as she could barely use a webbrowser and she was accused of a fairly sophisticated attack. He was thinking about using me as an expert witnesss, so we got talking about the subject. He said he'd obviously argue it wasn't if he was the defense attorney, but that case law prese

    • by garcia (6573) on Thursday June 06, 2013 @10:56AM (#43925523) Homepage

      Back in late 2009 and early 2010 I was scraping jail inmate registry records for Scott and Dakota County, MN. This was simply a script which incremented the ID numbers by one several times a day and put them out into a CSV. I uploaded these to Google Docs and had Docs Widgets build simple charts based on those data for a rolling ~6 month window of inmates.

      As I started looking deeper into the data I started noticing I had ages lower than 18. Odd I thought but sure enough, Scott County was including their juvenile records in the data mixed with the adults even though it wasn't shown on their public website.

      I contacted the County and they fixed the bug (you can read about that here: http://www.lazylightning.org/scott-county-quickly-fixes-juvenile-jail-roster-issue [lazylightning.org]) but I was still surprised at the relative lack of security for juvenile records:

      Within mere minutes of my e-mail they were on the phone with me and informed me they closed the hole. After mentioning that the only way someone may have been able to retrieve a juvenile record is if they âoeguessedâ the booking number, I replied that the booking numbers are sequential and thus âoeguessingâ is as simple as incrementing by 1. After our short discussion they asked me to let them know immediately if I noticed anything else with their data and the call was ended.

      It's surprising how lax security is anywhere and to the poster elsewhere in this thread that said this is what you get when you outsource to India, this particular web stuff was not performed with outsourced talent so that comment was nothing short of asinine.

      • by mspohr (589790)

        You're lucky that they responded appropriately by calling you and fixing the problem.
        The usual response is to accuse you of being a terrorist/hacker/anarchist/etc. and try to put you in jail.

        • Yes, extremely lucky. I wouldn't trifle with law enforcement folks like that. They seem to have a hair trigger sometimes, and not always with their guns. Especially if embarrassed publicly. I'm glad you didn't go to the media. You would likely be in the selfsame list of offenders now, if you had.

  • Caste system (Score:2, Interesting)

    by dadelbunts (1727498)
    Any chance this has to do with the horrible caste system there? Id like to see whos grades were changed. I wouldnt be surprised if they failed people of lower social standing to not let them move up.
    • Re:Caste system (Score:4, Interesting)

      by MetalliQaZ (539913) on Thursday June 06, 2013 @10:53AM (#43925437)

      There is nothing in the article that indicates caste has anything to do with it. Most of the discussion suggested that the cause may have been to "bump" almost-passing grades to passing grades (and presumably other achievement tiers as well).

    • Re:Caste system (Score:5, Interesting)

      by tlhIngan (30335) <(ten.frow) (ta) (todhsals)> on Thursday June 06, 2013 @11:47AM (#43926165)

      Any chance this has to do with the horrible caste system there? Id like to see whos grades were changed. I wouldnt be surprised if they failed people of lower social standing to not let them move up.

      Technically, in a caste system, you're not allowed to move up except in very narrow circumstances. You're not actually allowed to move at all - up or down. You can be the most brilliant person on the planet, but if you were born to an untouchable in India, well, no one would listen to you.

      More likely though, it would be done by people from higher castes because they have a certain image to maintain.

      Remember, in Asia, this all derived from the old school British system where exams basically set you on your path through life - basically the final exams at the end of high school was The Final Exam(tm). Score well, and you'd go to university. Score not-so-well, you got to a second-rate college. Score less and you're a lowly tradesperson. Score even worse and you're an unskilled labourer.

      So in general, it's an extremely high-stress period where teens would basically be locked in their rooms spending all the time studying because it really is it - no chance to take it over (well, I suppose there are certain humanitarian reasons they allow), and it basically determines your future.

      Likewise, for anything with this much pressure on it, people succumb to the human condition - suicide is common, both before and after the exame. Cheating is as well - and many elaborate cheating machines have been conjured up over the years - this isn't your own hide-a-cheat-sheet scale - this is full on tiny 2-way radios and other mechanisms. And of course, hacking of grades to improve one's score.

      Interestingly, I think in China one district is forcing all test-takers through a very sensitive metal detector and forcing them to strip - just one step below forcing test-takers to be stark naked during testing. The metal detector is extremely sensitive and basically won't allow anything metal in.

      That's how serious the test is, and how serious everyone takes it.

      For all its flaws, the modern American system is generally better and more "available" (and even the modern British education system isn't as strict). I'm not entirely sure that letting one test determine your future is entirely wise, and it's one reason why a lot of students travel abroad to study. Some do it because they scored well and got prestigious international study scholarships from their country, but others do it because they couldn't get in, and studying abroad is an option for those that do not pass.

      • by Chuckstar (799005)

        I don't think it's fair to blame the British for all of that. China has had a stringent civil service exam tradition, for instance, for 1,300 years.

  • Looks like his observations might have been the result of standardizing the test scores... IE if you have a test that only scores 50 max and you scale it to 100 obviously you aren't going to have many odd numbers in the results.
    • I agree. The distributions are most likely the result of some doubling of actual scores, combined with a small amount of manipulation.

      It's clear that there was some rounding-up done near the pass/fail line. It's also clear that there is some extra or different standard of rounding/normalization for those scoring above 90 (or 93).

      The fact that they aren't transparent about it is lame, but very Indian.

    • Not all his observations. The notable lack of scores leading up to the pass point and the sudden spike at that exact point are particularly notable.

    • I thought so too, but the problem is when you overlay the various tests for different subjects, they all show the same missing points. Standardizing different tests (in different subjects) would not produce identical gaps when overlaid unless all 150,000 students performed exactly the same for each subject – which is just not believable.
    • by Eevee (535658)

      if you have a test that only scores 50 max and you scale it to 100 obviously you aren't going to have many odd numbers in the results.

      The thing is, you'll have no odd numbers when you double the values. It's those odd numbers that only occur up in the 90s that stand out--if they are scaling like your theory, then the scorers are screwing with the upper values. If they aren't, they're screwing with the lower values to make those jagged peaks. (And there's still the issue of the missing "just below passing"

  • by 3.5 stripes (578410) on Thursday June 06, 2013 @10:22AM (#43925059)

    More for the discussion of statistics than for the really sad excuse for security on those pages..

    • by Cow Jones (615566)

      You think so?

      FTA: Statistics says that if you take enough samples of data, regardless of the distributon, it will average out into a Normal distribution.

      News to me.

  • by Joe_Dragon (2206452) on Thursday June 06, 2013 @10:22AM (#43925069)

    this is the type of coding that you get in India stuff done on the cheap and likely to coded to spec with no thinking about how bad of a idea this is.

    • He is a twelfth grader. This is one off code without any lasting value. Writing a generalized code for this purpose would be an over design. Next thing you will be complaining people doing mental arithmetic to figure out how much that shoe on sale is going to cost are not modularizing and reusing their mental faculties. Jeez. Give that boy a break.
      • Haha. I think he's talking about the government sponsored system to distribute grades to hundreds of thousands of Indian citizens being coded with the primary security being... well obfuscation via JavaScript. Win

  • If there was tampering, why is it the assumption of the education board doing the tampering? Maybe other students found this obviously easy "hack" but improved upon the method to actually modify the data.
    • If there was tampering, why is it the assumption of the education board doing the tampering? Maybe other students found this obviously easy "hack" but improved upon the method to actually modify the data.

      Two problems with that theory.

      1) His "hack" was basically just looking at the JavaScript to learn the public URLs containing each individual's results.
      2) The number of students improving upon this (discovering and exploiting the database) to the point of manipulating data would be tens of thousands.

  • Or just buy degree (Score:5, Interesting)

    by anvilmark (259376) on Thursday June 06, 2013 @10:33AM (#43925183)

    Nothing I hear about education fraud in India surprises me since one of my Indian coworkers explained how people "buy" degrees from Indian universities.
    University employees can be bribed to create the records for an entire curriculum, spanning multiple years of attendance. This record is indistinguishable from a valid one and generates a real diploma. The University will confirm education because "it's in the system".
    I think he said it cost about $3000 USD or so for a Masters degree.

    • by kevinT (14723)

      Does that "University" have an on line program? I have a "friend" that would be very appreciative if ... "they" could get a BS degree documented. ....

  • I think his results could be explained if the calculation of the final mark in a subject area involve some dodgy math to scale the result such that some intermediate step compresses the possible result to a discrete range of say 50 or so values which are then scaled / normalized to a 0-100 range. This expansion will result in every other final score value being impossible to obtain.

    They may be scoring different parts of the exams with different weights, and then combining and scaling the results together, a

    • There are ranges where every integer is represented, other ranges where every other one is missing.

      The real smoking gun is that several grades just below a passing grade appear to be promoted up to pass.

      • by j-beda (85386)

        There are ranges where every integer is represented, other ranges where every other one is missing.

        The real smoking gun is that several grades just below a passing grade appear to be promoted up to pass.

        If you recognize that your evaluation system only has an accuracy of +/- 3% it does make some sense to bump up those below the passing grade by that much to the level of the passing grade. It also saves a whole lot of resources by not having to field requests for regrades and reevaluations from all of those students who are just barely below the cutoff.

        When your tools are imperfect (and they all are), there is no absolutely "fair" way of dividing a large group into two mutually exclusive categories. You mig

    • by PRMan (959735)
      When all the scores for 2 to 3 places immediately below the failing grade are missing, you don't see a problem?
    • by Torinir (870836)

      Actually, given the consistent spiking at specific grades on the ISC and ICSE charts, there may be some significant "grace" marking going on, and not just at the pass mark, I'm talking larger than normal shifts between valid marks (around the 70's and 90's). Both the ISC and ICSE tests are 40 questions on every subject, so there shouldn't be any marks at 96, 98 and 99 too, yet those graphs suggest that some students did get those marks.

  • The major revelation is there are certain totals nobody got. I mean, no one got 78 marks or 67 marks out of 100 in a subject. By itself it is not evidence of tampering. If all the questions had only even number of marks, then nobody would get odd number of marks in total. From what I recall from my high school final papers, there were a few one mark questions, some five marks and some 10 mark questions. But that was decades ago. Now with the rise in objective questions etc, it is possible the entire paper w
  • Education in India (Score:5, Informative)

    by cfulton (543949) on Thursday June 06, 2013 @10:49AM (#43925383)
    I lived in India for a year. What I can tell you of the eduction system there is that it is not the juggernaut of higher ed that we are told it is in America. I had one person working for me as a developer who had a degree in Computer Science. We were getting ready to set up some servers with our application server software. He was very excited since he had taken several courses in UNIX but had never actually been on one. They had done all the course work with pen and paper:

    What does "ls -l" do? Please describe below.

    That kind of thing. So, I'm not surprised if institutions are manipulating test scores. India is more about the perception of computer savvy developers than the reality of it.

  • the thing he seems most concerned about are that out of 200,000 or so students, there are many marks that were not received, especially in the middle sections of the grades. values like 81, 83, 85, etc. were earned by zero students while values like 80, 82, 84 were received by tons.

    this seems absurdly easy to explain.

    say students are graded on a 50-point scale, which is then doubled (eliminating half of all possible values), and then some kind of curve is applied, which bends some values into other-wise una

  • Finally... (Score:2, Informative)

    by PRMan (959735)
    Was I the only one reading the article thinking, "Finally, a developer from India that can think deeply about a problem without being told what to do, and then write software that works..."?
  • "Hacked" means "retrieved from a web server in the way they were intended to be retrieved." The fact the webserver was completely unsecured is, however, worrying.

    "Widespread grade tampering" means "statistical evidence that the final grades are not the raw grades, but have been adjusted according to some system as yet unidentified." The nature of the adjustment is as yet unidentified - it could be nefarious, or is much more likely to be according to policy. Pretty much every school system in existence do

    • by JoshuaZ (1134087) on Thursday June 06, 2013 @11:45AM (#43926135) Homepage
      You should read the original http://deedy.quora.com/Hacking-into-the-Indian-Education-System [quora.com]. The missing scores are in extremely suspicious positions. For example, there are no scores of 32,33 and 34, and the minimum pass grade if 35. That looks pretty close to a bump to get people to pass. This doesn't look like someone not understanding the grading system. It looks like manipulation. Frankly, speaking as someone who does a fair bit of grading, yes one can get weird distributions from legitimate adjustments, but they don't look like this.
      • by DeathToBill (601486) on Thursday June 06, 2013 @12:12PM (#43926481) Journal

        I've read the original. Whether your policy can produce that sort of distribution depends entirely on what the policy is, no?

        As an example of a system that produces exactly this sort of pattern, at my university the pass grade was 50%. Anyone who scored at least 45% but less than 50% in the exam could apply to sit a supplementary exam a few weeks later. The supplementary exam score would then be your final score, but the maximum mark available in the supplementary exam is 50%. If this results in you scoring 50% then the subject is recorded as a "conceded pass". You can only take one conceded pass in a year and many degree programs also limit how many conceded passes you can count towards your degree.

        It's a system that lets you have another go if you had a bad day in an exam and, yes, in many subjects it produces this pattern of no-one receiving 45, 46, 47, 48 or 49 and a big lump of people receiving 50.

        • by JoshuaZ (1134087)

          There's nothing like that in the system in question though in anything discussed publicly as far as I can tell. although your basic point is a sound one. Note that if you had a very large system, like say your university system but done in a hundred schools then you'd expect to see still a few people in the 45-49 range. But you are correct, there could be some issue like that, but if so, no one has identified it yet. But you are correct that this sort of thing can happen, and your point makes me update in

    • by malakai (136531)

      From his article:

      I wanted to impress someone who looks up to me and on the other, I thought "break into the ICSE? This isn't Hollywood - you can't just hack into everything, kiddo"

      And then an addendum in response to an article:

      The article states "A 20-year-old Indian student from Cornell University hacked into the database ... " This is technically incorrect. I did no such thing. I did not illegally access any database system. All I did was access information that was available to any person who entered a n

    • by argStyopa (232550) on Thursday June 06, 2013 @12:18PM (#43926555) Journal

      The criticism seems rather pedantic. I'm the last one to defend the barely-reading, never-correcting, link-to-blog-post-instead-of-actual-article, duplicate-posting slasheditors, but the fact is:
      1) the server has a place where you put in a code and, i'd guess, a passcode. He looked at the code, determined the data was being drawn by a simple java query to an unsecured text file. Did he get the data the way it was intended? CERTAINLY not. Did he essentially 'break in' through what was relatively tissue-thin (derived from obscurity only, really) security? Yes, I'd say he did. So yes, in MOST people's definitions, he 'hacked' their shitty website.
      2) WTF are you talking about? Every school system in existence ADJUSTS grades on standardized tests? Proof? The guy discovered that something like of the passing scores (everything > 35), like 40% of the possible scores NEVER showed up. Ie, nobody *ever* got a score of 82, 84, 91, or 93, while 94-100 was regularly distributed. Mathematical anomaly? Maybe. But that seems unlikely with a massive test, and multiple added scores that this is possible.

      I think what he discovered was a ridiculously insecure web service, and a list of grade scores that have suspiciously regular omissions.

      So "hacked" and "possible grade tampering" seems pretty spot on.

      • No.

        1, there was no passcode. He retrieved the data in exactly the way it was intended, just on a much larger scale than was intended.

        2, "Every school system" is perhaps an exaggeration, but many education systems do deliberately manipulate scores to fit a distribution. It's justified in various ways. For instance, suppose that in one particular year the physics exam was unusually difficult. That would disadvantage everyone who took physics compared to everyone else. So you might choose to redistribute

  • by prattle (898688) on Thursday June 06, 2013 @11:20AM (#43925809)
    If the author is surprised (by the grades, not the security), it is because he has never been a teacher.

    1. Teachers have to ensure that their class marks have a certain average and median before they submit them. There can't be too many failures either.

    2. Teachers know not to give a grade of 49 if the pass is 50 since the student will argue to get that missing point. If you want to be safer, just don't give out anything in the forties.

    3. If a test gives letter grades, that equates to a particular number. A = 85, A- = 83, and so on. In that case, no one gets an 84, ever.

  • by X86BSD (689041)
    Cheating and corruption in *India*?! No. Fucking. Way! I expect nothing less in the rape capital of the world. P.s. my wife is indian and I have first experience with how corrupt and vile that country is. From cops, to repairmen to government officials.
  • For those who dont read TFA
    1. Kid figures out query params and post fileds in http
    2. Kid mines data from a public web server to get publicly available information.
    3. Kid "analyzes" data statiscally, finds a pattern to grading
    4. Kid dubs it tampering. (Tampering would be if the evaluators grading were to be replaced with something else. )
    5. Tech dumb media latches onto the story, makes a celebrity out of a kid scraping data off a website.
    6. Education agency is pissed off for really no fault of
    • "Kid gets arrested when he land in India in the summer vacation"

      Doesn't even need to. Indian Police Service refers the case to Interpol, where it will contact the US Department of Justice to issue a federal arrest warrant and extradition request on him for "hacking across state lines"

  • My conclusion was that they rounded the grades to certain points. I'm not sure where he got the inference of malice or tampering, other than bumping failing grades up, which isn't exactly malicious (though probably unfair).

    Never attribute to malice that which can be explained by stupidity... or policy.

    Also, I give this guy a couple of days, a week max, before he's in jail for quite a while.

The meta-Turing test counts a thing as intelligent if it seeks to devise and apply Turing tests to objects of its own creation. -- Lew Mammel, Jr.

Working...