India’s education sector, with millions of students competing for limited spots in coveted colleges and courses, is facing a growing threat from cybercrime. Experts warn that the sector’s vast digital footprint makes it a prime target for hackers, particularly with the increasing reliance on online assessments and the emergence of leaked question papers on the dark net.
The situation has become particularly alarming in recent weeks, with widespread student protests over alleged irregularities in entrance exams. These protests have led to the government’s hasty withdrawal of grace marks, cancellation of exams, and postponement of others. This underscores the vulnerability of the education system to cyber threats.
Akhilesh Tuteja, global head of cybersecurity at KPMG, highlights the growing dependence on digital technologies in assessments. While currently limited to managing and storing exam papers, Tuteja cautions that a complete shift towards online assessments will exacerbate cybersecurity risks. He warns of potential attacks targeting student databases, leading to unauthorized score card changes and even the creation of deepfakes.
Prasanna Kumar, head of financial services & professional group for India at Aon, further emphasizes the lucrative nature of cybercrime in the education sector. Hackers can exploit the vast databases held by institutions to target students with misleading advertisements, send targeted information, and engage in more serious cybercrime.
Cybersecurity experts identify various points of vulnerability in the exam process, from the creation and printing of question papers to their distribution and arrival at exam centers. Hackers can exploit these vulnerabilities to demand ransom for not releasing the papers or to create disruptions.
Dhiraj Gupta, chief technology officer of mFilterIt, a fraud detection and prevention firm, highlights the similarities between cyberattacks on banks and those on educational institutions. Standard phishing and honeypot techniques are often used to target students and lure them into the dark net, where stolen exam details are often traded.
In June, India’s education minister, Dharmendra Pradhan, announced a CBI inquiry after officials discovered leaked question papers on the dark net that matched those created by the National Testing Agency. The leaked papers, found on messaging channels like Telegram, highlight the difficulty of tracking encrypted content without high-level investigations.
Despite the growing concern over cybercrime in education, experts argue that the newly enacted Public Examinations (Prevention of Unfair Means) Act, 2024, falls short in addressing the evolving landscape of cyber fraud. The Act, while criminalizing tampering with computer systems and creating fake websites, lacks provisions to effectively deal with breaches on the dark net or encrypted messaging apps.
Rishi Sehgal, advocate-on-record, Supreme Court, emphasizes the need for more adaptable laws to combat the increasingly sophisticated cyberattacks targeting exams. He highlights the need for a comprehensive approach that considers the evolving nature of cybercrime in the digital age.
