University Hacker Sent to Prison
A student who hacked into a British university’s computer network and made thousands of dollars by selling the answers to exams has been sentenced to prison.
Hayder Aljayyash, who is 29 and was born in Iraq, was welcomed into the UK as an asylum seeker. Between November 2017 and May 2019, Aljayyash illegally accessed the computer system of the University of South Wales where he had been studying for a master’s degree in embedded system design.
Cardiff Crown Court heard that Aljayyash had used “very sophisticated” cyber-criminal techniques to hide his digital intrusion for 18 months.
Suspicions that a data breach had occurred at the university were aroused when mathematics lecturer Liam Harris discovered a number of students had answered exam questions with identical answers. Five of the students even gave answers that contained the same typing mistakes included in the original working papers.
To ascertain the extent of the data breach, the university processed approximately 140 million login records. Their investigation led them to an IP address linked to a residence in Treforest where Aljayyash was living with 30-year-old housemate and fellow student Noureldien Ektarki.
Libyan national Ektarki pleaded guilty to helping Aljayyash sell the unlawfully obtained exam answers to students.
Aljayyash was arrested by police on May 30, 2019. Prosecuting barrister Jim Davis said that a search of Aljayyash’s USB sticks and laptop revealed “numerous files which matched those downloaded as part of the university breach.”
It was determined that Aljayyash had acquired the login details of university staff using a key logging device, and had used them to access the network almost 700 times.
Aljayyash downloaded 216 files from the university, including exam papers, marking, reports, and coursework. By selling copies of the illegally obtained documents, Aljayyash made approximately $27K.
Investigating the incident, finding the culprit, and implementing new cybersecurity measures cost the university around $138K.
Aljayyash pleaded guilty to two counts of committing an act to impair reliability of data in a computer and three counts of obtaining articles by unauthorized access to computers. He was sentenced to 20 months in prison.
Ektarki was given a nine-month suspended sentence and ordered to complete 200 hours of unpaid work after pleading guilty to money laundering and transferring criminal property.
Source: Infosecurity Magazine