HACKING HIGH institution EXAMS as well as FOILING THEM WITH stats

A few weeks ago, [Debarghya Das] had two good friends eagerly awaiting the results of their High institution exit exams, the ISC national examination, taken by 65,000 12th graders in India. This examination is vitally important for every student’s future; a few points determines which university will accept you as well as which will reject you. one of [Debraghya]’s good friends was a bit anxious about his grade as well as asked if it was possible to hack into the board of education’s servers to see the grades before they were posted. [Debraghya] did just that, as well as was able to download the examination records of almost every trainee that took the test.. Looking even better at the data, he likewise discovered evidence these grades were altered in some way.

Getting the grades off the CISCE board of education’s servers was extremely simple; each institution has a separate code, as well as each trainee is provided an private number. With the easiest javascript magic, [Debraghya] found that private grades might be accessed by pointing a script to /[4 digit institution ID]/[3 digit trainee ID] on the CISCE server. There was absolutely no security here, an impressive oversight indeed.

After composing a little script as well as running it on a few machines, [Debraghya] had the examination results, names, as well as national IDs of 65,000 students. Taking a better look at the data, he plotted all the scores as well as came up with a extremely strange-looking graph (seen above). It appeared like a hedgehog, when almost any type of test with a population this big should be a constant curve.

[Debraghya] is persuaded he’s found evidence of grade tampering. almost a third of all possible scores aren’t represented in the data, however scores from 94 to 100 are accounted for, making the hedgehog shape of the graph statistically impossible. Of program [Debraghya] only has the raw scores, as well as doesn’t understand precisely exactly how the tests were scored or exactly how they were manipulated. He does understand the scores were altered, though, either with normalizing the raw scores or something complete stranger as well as more sinister.

While scraping data off an unencrypted server isn’t much of a hack, in spite of what the news will tell you, we’re awfully impressed with [Debraghya]’s analysis of the data as well as his capability to strike the whistle as well as put this data out in the open. Without any type of info on how these scores were changed, it doesn’t truly modification anything, as well as we’ll welcome any type of conjecture in the comments.