A former student has been jailed for 20 months for hacking university computers and selling exam answers for thousands of pounds.
Hayder Aljayyash, 29, was studying for a master’s degree in embedded system design at the University of South Wales when he broke into its systems.
Aljayyash’s crimes were committed between November 2017 and May 2019.
Cardiff Crown Court heard Aljayyash, from Iraq, remained undetected by using “sophisticated” techniques.
It was told he recruited housemate and fellow student Noureldien Eltarki, 30, to find students to buy the papers.
Eltarki, from Libya, was given a nine-month suspended sentence for agreeing to sell unlawfully obtained exams and ordered to do 200 hours of unpaid work.
Both men pleaded guilty to their charges at a previous hearing.
The system breach was discovered by maths lecturer, Liam Harris, while marking an exam in May 2019.
Jim Davis, prosecuting, said it became obvious to Mr Harris a number of students had answered questions by copying his own marking scheme and solutions.
Five students had even copied typing mistakes from Mr Harris’s original working papers.
A team was then set up within the university to investigate and determine the size of the data breach.
Cardiff Crown Court heard the university established a “war room” to process 140 million log records, which identified an IP address – linked to a house in Brook Street, Treforest, where Aljayyash and Eltarki were both living – from which the systems were accessed.
Both men studied at the university’s engineering and computer sciences faculty.
Police were informed of what had happened and arrested Aljayyash at home on 30 May 2019.
Mr Davis told the court police seized computer equipment belonging to Aljayyash, including USB sticks and a laptop which contained “numerous files which matched those downloaded as part of the university breach”.
The court heard the defendant used staff log-in details to access the network almost 700 times.
Mr Davis said Aljayyash used “a sophisticated key logging device to acquire details of staff usernames and passwords”.
Hacking ‘cost university £100,000’
The court heard Aljayyash made about £20,000, including £6,500 from one second-year student.
Eltarki was paid £300 or £400 each time by Aljayyash for finding students to buy the stolen papers.
The court heard the investigation and new security measures cost the university more than £100,000.
Sentencing Aljayyash, Judge Wynn Morgan told the defendant had “obvious talent and skill,” and what he did was “planned and consistent”.
He called the scheme “very sophisticated” and said it had “damaged the reputation of the institution”.
He told Aljayyash that his motive was “financial greed”.
The court heard Aljayyash accepted responsibility for what he did and was “ashamed” of his actions.
The court was told he has moved to Doncaster, where he was volunteering at a charity shop fixing laptops and helping other asylum seekers to use technology.
The court heard he was “intent on helping people use the internet for good”.
Susan Ferrier, who defended Eltarki, told the court her client realised he had made as “stupid a decision as he could have”.
Judge Wynn Morgan told Eltarki the “scheme was evidently not your idea but you attempted making money on the side which is self-evidently wrong”.
After the case, South Wales Police’s Det Con Marc Troake said: “Through collaborative and intensive investigation involving South Wales Police and IT teams at the University of South Wales, we were able to trace these individuals who believed they could cheat the system.
“I hope that this sentence serves as a warning to those thinking about attempting to overcome security protocols for financial gain.”