Mumbai/New Delhi: Millions of students vying for coveted colleges and courses makes India’s vast education sector a prime target for cybercrime, experts said, at a time authorities have pointed to leaked question papers appearing in the so-called dark net. Besides, data of innumerable students may also be vulnerable to unauthorized access and misuse.
Amid widespread student protests over the past two weeks, the government has raced to withdraw grace marks in the pre-medical entrance exam for MBBS and related courses, cancelled an exam for junior research fellowships at universities, and postponed another exam to admit students to post-graduate medical courses.
“So far, the use of digital technologies in assessments has been limited,” said Akhilesh Tuteja, global head for cybersecurity at KPMG. “Only the management and storage of assessment papers is digital, but technology is moving at a faster pace and security needs to catch up.” He sad bigger risks may emerge when more aspects of education become digital. “Cybercrimes mimic physical crimes. The attacks are now on question papers, databases, etc., but in the future, we may see cyberattacks leading to unauthorized score card changes and deepfakes,” he cautioned.
Full marks and criticism
The national entrance exams faced criticism after an astonishing 67 students secured full marks in the latest National Eligibility-cum-Entrance Test (Undergraduate) or NEET, which ranks students for medical, dental, nursing and related courses. The controversy heightened with the surfacing of grace marks and the arrest of several individuals believed to have sold leaked question papers for millions. The Central Bureau of Investigation (CBI) is now investigating the matter.
“Cyber threat in the education sector is one of the most lucrative forms of making money…where people can pay millions to access database that will impact anyone from age 3 years to 30 years (school going to entrance tests),” said Prasanna Kumar, head of financial services & professional group for India at Aon, a consultancy firm. “The databases are available with institutions and it can be breached to share misleading advertisements, send targeted information and to more serious cybercrime with information available,” Kumar said.
Cybersecurity experts said hackers may break in at the time the papers are set, when they are sent for printing, dispatched to distribution and when they reach the exam centre. They may then demand money in exchange for not releasing the papers and create disruption.
Dark net’s lure
Dhiraj Gupta, chief technology officer of mFilterIt, a fraud detection and prevention firm, said while security breaches are more common at banks and banks and financial institutions, the hacking of an IT system is the same for an examination too. “The standard phishing, honeypot techniques are used and groups reach out to students in the dark net with the details that they have. After the question paper leak stories, more students may flock to the dark net to access more information going ahead.”
On 20 June, education minister Dharmendra Pradhan said a CBI inquiry was ordered after his officials found that the leaked question papers from the dark net matched the originals made by the National Testing Agency. The ministry was alerted about the leaked question paper by the Indian Cybercrime Coordination Centre under the home ministry. Leaked question papers surface on messaging channels like Telegram, and their encrypted nature makes it challenging to track without a high-level probe, the minister had said. Dark net is a series of encrypted networks used to store information and communicate.
According to legal experts, the newly enacted Public Examinations (Prevention of Unfair Means) Act, 2024, aimed at curbing paper leaks and exam malpractices, lacks provisions to effectively address compromises over the dark net or encrypted messaging apps.
“While we acknowledge the Act’s positive efforts in criminalizing tampering with computer systems, networks, and sources, as well as creating fake websites for cheating and monetary gain, the Act falls short in comprehensively addressing the ever-evolving landscape of cyber fraud in exams,” said Rishi Sehgal, advocate-on-record, Supreme Court. “Such laws need to be more adaptable to effectively counter the increasingly sophisticated unfair means and tactics employed by cheaters in the ever-evolving digital age”.