SMU tightens its computer security after hacking case

Common PCs used by faculty won't copy to, or run programs from, external devices

SMU is beefing up the security of its IT systems, after a postgraduate student hacked into school accounts to delete exam scripts. PHOTO: SMU
Kotsaga, from Russia, was jailed for two months after pleading guilty to two charges under the Computer Misuse and Cybersecurity Act.
Kotsaga, from Russia, was jailed for two months after pleading guilty to two charges under the Computer Misuse and Cybersecurity Act.

The Singapore Management University (SMU) said it is beefing up the security of its IT systems, after a postgraduate student hacked into his professors' school accounts to delete exam scripts.

SMU said yesterday that it has tightened access to personal computers (PCs) in common rooms used by its faculty members.

Users will no longer be able to copy any files from its PCs to external devices, such as USB flash drives. Self-running files on attached external devices will also not be allowed on its PCs from now on.

This came after 32-year-old Georgy Kotsaga from Russia was jailed for two months on Tuesday after pleading guilty to two charges under the Computer Misuse and Cybersecurity Act.

He had admitted to deleting his and 18 classmates' test scripts for the final exam of a Law of Property module on Nov 24 last year, in the hopes that it would give him a chance to retake the exam.

Kotsaga, who was on the Juris Doctor (JD) programme, feared that his 3.09 grade point average would be below 3.0 after the exam.

He used a USB hardware keylogger to get the user IDs and passwords of two professors who taught modules that he was weak in. The keylogger, which records every keystroke made by a computer user, was plugged into common desktop computers in the professors' classrooms.

His former classmates in the second year of the three-year JD postgraduate programme, which leads to a law degree, expressed disbelief and shock after learning of the case.

SMU was unable to inform students about the case earlier as it was under police investigation.

The exam scripts, however, were recovered as the SMU system was backed up in real time.

Mr Christopher Ng, 41, whose script was deleted, said Kotsaga behaved "normally" and participated in class like other students. But they lost contact after the exam.

Kotsaga was suspended from the programme last December and withdrew in January.

Every semester, there are about 50 courses at SMU with online exams, some of which were introduced as early as 2004.

SMU provost Lily Kong said these were introduced in response to positive feedback from students and teachers.

She said: "Online exams help to overcome the challenge of illegible writing and therefore make marking more efficient and productive.

"Students... find it more effective to type rather than write their answers, as it leaves them more time to analyse the questions and form their responses."

Online exams are uncommon at other universities here.

The National University of Singapore said it is piloting e-exams, with about 10 per cent of courses to have online tests this semester; Nanyang Technological University said it has about 200 online quizzes per semester, but major exams are not conducted online.

The Singapore University of Technology and Design said it has conducted only one online exam over the past year - in multiple-choice format. Singapore Institute of Technology and SIM University said their exams are not conducted online.

Law Professor Tang Hang Wu, whose account was accessed, said: "Georgy presents and speaks well. He was very anxious about his grades. I hope he can pick himself up and move on with life after his jail sentence."

Join ST's WhatsApp Channel and get the latest news and must-reads.

A version of this article appeared in the print edition of The Straits Times on February 19, 2016, with the headline SMU tightens its computer security after hacking case. Subscribe