A former university student has been jailed for 20 months for hacking university computers and selling exam answers. Hayder Aljayyash, 29, was a master’s student at the University of South Wales at the time of the crime. Aljayyash’s crimes were committed between November 2017 and May 2019.
According to Cardiff Crown Court, Aljayyash remained undetected for a long time by using “sophisticated” cyber-criminal techniques to hide his digital intrusion for 18 months. The Iraqi native recruited his housemate and fellow student Noureldien Eltarki, 30, to find students to buy the papers.
Suspicions that a data breach had occurred at the university were aroused when Liam Harris, a mathematics lecturer, discovered a number of students answered exams questions with identical answers. Five of the students even gave answers that contained the same typing mistakes included in the original working papers.
To confirm the extent of the data breach, the university processed approximately 140 million login records. Their investigations led them to an IP address linked to a residence in Treforest where Aljayyash was living with Ektarki. Aljayyash was arrested by police on May 30, 2019. A search of Aljayyash’s USB sticks and laptop revealed “numerous files which matched those downloaded as part of the university breach.” It was also determined that Aljayyash had obtained login details of university staff using a key logging device and had used them to access the network almost 700 times.
From accessing the university network, Aljayyash downloaded 216 files from the university, including exam papers, marking, reports, and coursework. By selling copies of the illegally obtained documents, Aljayyash made approximately $27K. For the university however, it cost them roughly $138K for investigating the incident, finding the culprit, and implementing new cybersecurity measures.
Aljayyash pleaded guilty to two counts of committing an act to impair reliability of data in a computer and three counts of obtaining articles by unauthorized access to computers. Eltraki pleaded guilty to helping Aljjayyash sell the unlawfully obtained exam answers to students. He was given a nine-month suspended sentence for agreeing to sell unlawfully obtained exams and ordered to do 200 hours of unpaid work after pleading guilty to money laundering and transferring criminal property.
Contact ITMG to Develop Strategies and Protocols Designed to Help Your Company Mitigate Your Insider Risk
ITMG is an industry leader in helping organizations throughout the United States strengthen their insider risk management programs and secure sensitive data and intellectual property. Our team of bona fide experts has the real-world experience necessary to plan out and create holistic security solutions tailored to the needs and risks in your industry. Contact ITMG today to learn more about how we can help! You can also visit our Facebook, Twitter, and LinkedIn pages for more updates and insights into the world of insider risk management.