The Miami University police department (MUPD) today charged two former students for breaching university computer systems to electronically change grades for themselves and others.
The former students have been charged with multiple misdemeanors.
Miami’s Information Technology (IT) security department and police were alerted by a faculty member near the end of fall semester 2012 that grades she reviewed online did not match her paper copy of grades. An intensive investigation revealed that an inexpensive device called a key logger was used on classroom computers to record keystrokes made by instructors when they logged into the system to obtain faculty usernames and passwords. Those passwords were then used without authorization to access Banner and Niihka grading systems.
The police report states that one student, charged with six misdemeanors, changed his own grades in 17 classes dating back to spring 2011, and also changed more than 50 other students’ grades in an attempt to cover his tracks. Police indicate the majority of these other students were probably unaware their grades were changed. The university’s internal investigation discovered that most of these changes were minor and did not affect the final grade outcome.
The second student, charged with three misdemeanors, changed his own grade once and two other students’ grades in an attempt to cover his actions.
Exams, including midterms and finals, had been downloaded from professors’ Niihka accounts without authorization and were found on several devices belonging to both former students.
Miami Response and Actions
“Miami’s core values are based on the highest standards of integrity, and our faculty and staff work tirelessly to maintain our strong academic reputation, so we take this matter very seriously,” said Miami President David Hodge. “We are extremely disappointed in these students, whose dishonest and selfish actions have affected their friends, families, faculty and peers.”
The university considers the changing of grades an act of academic dishonesty and an abuse of computing resources. Miami disciplinary actions are separate from criminal charges and prosecution, and sanctions can include an F in each course in which grades were changed, a transcript notation of academic dishonesty, suspension and expulsion.
Miami confirmed that each of the two students accepted responsibility for his misconduct, which violated Miami University’s Code of Student Conduct and Academic Integrity Policy, and accepted dismissal for dishonesty from the university.
The university is taking several steps to prevent further occurrences of grade hacking, including a two-step email notification process to faculty when changes are made (electronic notification immediately after a grade change is made and again at a later time); a weekly email report to faculty of all grade changes that have occurred during the previous week within Niihka and Banner; thermal scanning of classroom keyboards and application of tamper-proof tape; sending faculty a final grade report at the end of term to reconcile with their records; and advising faculty on actions they can take to prevent grades from being illegally accessed.
All grades that were changed are being corrected.
“Although we haven’t seen this happen at Miami before, other universities and high schools have experienced this type of grade hacking in recent years,” said Joe Bazeley, IT security officer at Miami. “The easy access to inexpensive tracking devices requires increasing levels of vigilance for IT departments and faculty everywhere.”