Thiruvananthapuram: As the Kerala University is busy fighting to douse the row over an embarrassing mark scam, it has emerged that laxity on the part of the staff led to the breaching of the computer database by miscreants to bestow more marks on weak candidates of a few courses so that they could clear the exams.
Employees of the Examination Section, where from the hacking of the inhouse computer database likely occurred, claimed irregularities could have happened as computer experts were not put in charge of the IT cell.
As many as 70 user IDs and passwords were used to manipulate marklists. They belonged to retired and transferred employees as well as those terminated from service. These login credentials were active as recent as Monday until these were blocked as the scam came to light.
Officials said that the passwords of even temporary staff, who worked at the University's Examination Section prior to 2016, were not destroyed. And that these could have been used to commit the fraud.
Also, multiple employees were using the same user ID, undermining the confidential nature of the exam duties. Several people had even used the login credentials of those who had been working as data entry operators prior to 2016. No action was taken to destroy this or give new credentials.
The scam
It is alleged hundreds of students were given additional moderation marks in 16 examinations that were held between June 2016 and January 2019. It has also been found that the moderation mark decided by the Pass Board was not awarded to some students.
The computer centre of the Exam Department was handling the tasks connected with moderation.
The mastermind behind the scam and the number of students who benefitted from the fraud are yet to be identified. A count of all those who got the illegal moderation is being taken.
As reported earlier Dr V P Mahadevan Pillai, Vice-Chancellor (VC), has ordered to cancel the marklist of all those who were illegally awarded additional moderation marks after the computer database was broken into by unidentified people.
Blame it on lax IT cell
A special IT cell was formed at the University on March 17, 2017 on the recommendations of a former Examination Controller. This was necessitated as the computer centre director had been reduced to a parallel exam section head.
The cell is responsible for tasks including that of giving out passwords. As per the norms, the passwords given to the staff should be changed when they are transferred. It is the IT cell's responsibility to give new password to the new official. As the old passwords were not destroyed, anyone could hack into the computers. It is also alleged that none of the officials informed the authorities about this.
Internal probe begins, but…
The three-member panel, led by pro-vice-chancellor, that was set up by the University Syndicate has begun an investigation into the mark fraud.
It is for this panel to find out which all passwords were misused to give additional moderation marks, the extent of the fraud, those who are responsible, how many people benefitted from the fraud and so on.
By checking the servers, it is easy to trace which all IDs were used and when were they used. However, an enquiry at the official level cannot reveal who used the IDs. Only six computers were given for the 36 employees of the 'S' section that looked after exam works. So, the employees took turns to use the computers.
The panel comprises a syndicate member, a senate member and a retired professor of the Cochin University of Science and Technology (CUSAT). But none of them are cyberexperts, it was pointed out, and that they were CPM sympathisers.
Governor summons VC
A memorandum has been submitted to the Kerala Governor, seeking to assign the probe to a committee that included cyberexperts, who were not part of the University. After former syndicate member Jyothikumar Chamakala and R S Shashikumar complained, the details of the fraud were unravelled.
Governor Arif Mohammad Khan had summoned Kerala University VC Dr V P Mahadevan Pillai to the Raj Bhavan and sought an explanation on Monday in his capacity as the Chancellor. The meeting went on for 15 minutes. However, no decision was taken on handing over the case to the Crime Branch.
Scene at MG University
The Kottayam-based Mahatma Gandhi (MG) University too has several login credentials used by multiple people. These have been now discreetly destroyed as per the controller's instructions. Even the temporary employees were given user ID and passwords. Though most of them left their jobs, their login credentials were still active. The same situation prevailed in the case of those who were transferred. However, what remains to be known is whether the fraud akin to the one at the Kerala University took place at the MG University as well.