Trevor J. Graves, a former student in the University of Iowa, has pleaded guilty of committing a range of fraud crimes in the university’s computer system, including manipulating his own grades along with that of several of his friends.
Graves represented the University of Iowa as a wrestler from 2013 and was last seen in action in the ring during the season 2015-2016. But he is now more known by the fraud he committed than by the bouts he won or lost.
He was arrested in October 2017 and arraigned before the court with serious charges of hacking his school’s computer and having manipulated his own grades in exams, as well as those of five more students at the university.
He was first reported by an instructor, who registered a complaint with the internal IT security official of UoI. They immediately initiated an enquiry.
The instructor had said she noticed changes in the grade she had given to Graves, and these did not have her authorization. Later, the FBI joined the investigations that finally led to his arrest and subsequent court case.
A Stealthy Operation
Trevor Graves had a free run for over 21 months without being detected.
According to a statement from the U.S. Attorney’s Office for the Southern District of Iowa, from March 2015 until December 2016, he caused a total of 90 breaches of internet security.
One of the first things he did was to steal the account details of professors in different disciplines and their user IDs and passwords.
With that, he managed to obtain test information before the exams were administered. He also changed the grades awarded by the professors in the case of tests and other assessments like homework and even quizzes.
Keylogger Used to Access Systems
The software that Graves used to commit the fraudulent acts is known as a keylogger and can be bought for just $50. He secretly installed this in the systems and it would record the information typed by the professors.
This information was sufficient for him to obtain the details the faculty used to access their systems and records.
In legal terms, what Graves committed is a crime of “transmitting a command to a protected computer.” At least three departments—engineering, business and chemistry—appear to have been the targets under Graves’ radar for perpetrating this fraud for almost two years.
The IT security department and the FBI have been able to gather sufficient evidence from the place where Graves used to stay and from the university itself to obtain an indictment from the Iowa court.
Communications with Other Students in Coded Language
From the content the FBI managed to seize from Graves, they found direct evidence linking him to the crime. There were thumb drives that had the test papers he had “intercepted” before the test was conducted.
Investigators also recovered cellphones which contained communication between Graves and the five other students involved. In these, they had possibly identified the keylogger with a coded name “pineapple.”
Some of these text messages are a clear giveaway that they were engaged in ferreting out confidential information and then going on to manipulate the grades using the respective faculty members’ account.
This evidence amounts to serious crimes under federal and state laws and could send Trevor Graves to prison for up to 10 years. The actual sentencing is slated for August 23.
It is understood that the University of Iowa had got wind that something was amiss and had warned its staff and students of a possible theft of online IDs. The university has now said that it has taken steps to make their computer systems more secure and such mishaps may not happen again.
The university has also disclosed that it has had to spend as much as $68,000 to enhance IT security measures.
The incident could lead to hundreds of other universities in the U.S. and elsewhere reviewing their own internal security systems and improving upon them.