A university of Chinhoyi Student has allegedly been arrested after hacking into the University’s results portal and altering grades for himself and other students.
For altering the results of 7 other students, it’s claimed he received varying amounts of US$ payments and then proceeded to use a technique called SQL Map which is an SQL injection technique to hack into the institution’s database.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
SQL Map – which was allegedly used in this case- is actually an open-source penetration testing tool that automates the process of detecting and exploiting flaws to take over database servers.
The presence of such a flaw also means other students could have been silently exploiting it for years without being caught and if it isn’t patched ASAP then other students will exploit the flaw and if they don’t get greedy and offer to alter results of other students at a cost, they’ll walk away scot-free.
Should he have been arrested?
One of the main talking points that has become contentious since this story broke is that this student shouldn’t have been arrested. A number of people believe he should have helped the school’s security team to patch the flaw.
Personally, I think that’s a naive approach. If someone commits a crime why should they be rewarded generously for that? If someone broke into your house whilst bypassing the alarm system, would you recommend the alarm company hire him/her to patch out the flaws?
Whilst that isn’t the best analogy in the world, I think it’s fair to assume you would want that person to be arrested and then disclose how they committed the crime to the police. That way a criminal has been removed from society and you have found your way to patching your security systems. What’s your opinion on this issue? Should he have been arrested?