An emerging cyber security threat to the education sector is coming from essay mills, says Jisc, which owns and runs the UK’s research and education IT network, Janet. Essay mills, otherwise known as contract cheating sites, are looking to dupe students and cash in by hacking into university websites and placing content for their own ends that appears to be legitimate and aligns with university services.
Typically, attackers write on student-facing pages, with hyperlinks to their own websites, or hijack links to legitimate services with redirects to contract cheating sites. North American and Australian universities have already seen such things; similar tactics could well be employed in the UK, warns the UK’s digital body for tertiary education, Jisc, with the higher education Quality Assurance Agency, QAA. They have issued advice to HEIs (higher education institutions).
Different from ransomware, which aims for mass disruption as leverage for extortion, essay mill attackers try to remain undetected and operate without the knowledge of the universities concerned, but much of the prevention advice is the same.
Jisc’s director of security, Henry Hughes, said: “Cyber attacks are a growing problem for colleges and universities and, as is probably the case with illegal essay mill activity, is often driven by organised crime. There are steps that can be taken to minimise risk, including using cyber security services that can block known malicious content, help mitigate phishing attempts and other forms of attacks against UK education and research.
“Jisc is working with universities, colleges, sector bodies, and regulators to help co-ordinate a policy-based approach to blocking a wide range of cyber security threats.”
And QAA’s head of policy and communications, Gareth Crossman, said: “Essay mills present a threat to the world-class reputation of UK higher education. These companies are unscrupulous and their exploitation of students risks their academic and future careers, while opening them up to blackmail and cyber crime. Their only motivation is money, so we need action from governments and online platforms to make operation as difficult as possible. This is why QAA is also campaigning for legislation to criminalise essay mills.
“We urge universities to follow the technical advice available from Jisc and to raise awareness among staff and students of the new tactics employed by essay mills. Users need to know what to look out for and how to report any suspicions.”
Jisc is running a security conference from November 9 to 11. Visit https://www.jisc.ac.uk/security-conference. There speakers will include Lindy Cameron, CEO of the UK official National Cyber Security Centre (NCSC).
