Unis warned over online ‘cheating hacks’
The higher education regulator has warned universities of a new threat from commercial online cheating services, after the University of Western Australia discovered it had publicised a fake essay contest probably aimed at selling entries to other students.
The Tertiary Education Quality and Standards Agency said it also had evidence that cheating services had planted malicious code in ‘edu.au’ domain websites, which redirected students to illegal cheating services.
TEQSA chief executive Alistair Maclean said websites of universities and other higher education providers appeared to have been compromised. “Cyber security breaches on the ‘edu.au’ domain present a risk to student interests and the reputation of Australia’s higher education sector,” he said.
The regulator’s response followed the discovery 179 cyber breaches of ‘edu.au’ domains on behalf of online cheating operations. TEQSA was alerted by US academics tracking the problem there, and then turned their attention to the “edu.au” domain at the request of University of NSW associate dean of education in arts, design and architecture, Cath Ellis.
The breaches appear to have affected mainly schools and training colleges, but Murdoch University was caught as well as UWA, which, while not hacked, published a link to a bogus essay competition in 2019. “We are keen to promote external opportunities to students but will now undertake a full review of existing and requested scholarships and prizes and prepare a set of guidelines and due diligence processes” a UWA spokesperson said.
Dr Ellis said “the good news” was that the researchers did not find much evidence of breaches in the publicly funded universities in Australia. “There was just a handful of cases and the universities he Dr Ellis said. “UWA was probably worst affected.”
In the case of independent higher education providers, it was “probably an indication that they need to work a little bit harder to keep the security of their websites a bit more up to date.”
TEQSA has urged institutions to get their chief information officers to search for and fix malicious code insertions and remind students and staff about the risks of becoming involved with online cheating services and the importance of academic integrity.
“Cyber security breaches on the ‘edu.au’ domain present a risk to student interests and the reputation of Australia’s higher education sector,” Mr Maclean said.
Students were advised to check all links so they were not unwittingly taken to the cheating websites and never to share work online. “This includes via social media or websites that ask for a sample of your work in return for ‘free’ support,” the regulator said.
It has also told students it will investigate illegal cheating websites and would soon be taking court action to block them.
While there were four types of malicious codes identified by the researchers: code inserted into a provider’s website that redirected student searches to a cheating service website; embedding a link to a cheating service website into a provider website; infiltration of discussion forums with comments leading to cheating services; and fake scholarship/essay contests.
“The really shocking thing here is that it’s showing these companies are actively going after students who are legitimately looking for help,” Dr Ellis said. “They’re going to education providers’ websites for help with their writing and without realising it, they’re clicking on links to services that are illegitimate and in Australia illegal.”
She estimated that between 6 and 10 per cent of students at Australian universities resorted to using cheating via “outsourcing” assessments such as essay writing, often using family members.
“It’s not that high a proportion of students, but then again, it’s quite a lot of students,” Dr Ellis said. “AI think the troubling thing is that the number is not coming down: we’re not addressing it as well as we could be doing.”