KLANG: Two years on, the the pilot initiative to teach coding and digital security as an SPM subject has been touted as a resounding success, and the government is mulling a move to make it compulsory by 2020.
The announcement shocked parents, as out of 10,000 students who took part in the pilot program, only 10 had scored an A while the rest had failed with a grade of F.
Education Minister, Dato’ Seri Java, said that this reflects the current IT market, where out of 10,000 security consultants, only 10 will ever give you good advice.
“We benchmarked against the industry, and set the grading curve accordingly, so only a 10 students getting an A was the intention!! We can’t have cases where students just memorize a textbook and then score an A, this is not History or Geography, this is an important subject” he said, while further mocking drama and English literature under his breath.
Deputy Director of Education, Perl Ramachandran further added that instead of focusing on the 9,990 students who failed, the public should instead focus on the ‘A’ students who showed exemplary work and are were ‘bright spots’ in the dark abyss which is the Malaysian education system.
One such exemplary student was 17-year old lass Siti Pintu bt. Belakang, she had managed to install a backdoor into the MOE exam system and downloaded the question paper days before the exam. A backdoor is an application that allows an attacker unfettered access to the compromised system, and Siti managed to code one from scratch specifically for this purpose.
Already Russian cyber-criminal organizations are offering her scholarships to prestigious universities, Perl further added.
Then there Godam a/l Rajakumar, who instead of stealing exam papers, simply hacked into the MOE grading system and gave himself a ‘A’.
“I found out that while the exam papers were quite well secured, the grading systems that finally printed the grades was un-guarded and running Windows XP” said Godam.
The 17-year old from Klang was so sure that he would be able to hack the grading system, that instead of answering questions for the exam, he merely wrote out the entire script for the movie war games on the answer sheet. Unbeknownst to him, the script contained answers for questions 2, 5 and 7, and he would have got a ‘C’ by accident.
So the joke’s on him, the Minister loudly proclaimed, while murmuring that Sneakers was a better hacker movie than War Games, and that Mr. Robot is only half as good as people think it is.
“And don’t get me started on CSI Cyber” he shouted, while having to be restrained by his staff.
Other notable exceptions this year were Mary Sosial Anak Jurutera and Lim Pan Ching.
Mary, who lives in the remote regions of Sarawak was unable to hack into government systems as she lacked reliable internet connectivity. However, she was undeterred and instead turned to social engineering to get the exam questions ahead of time.
By posing as a Education Director of Sarawak, she called the Education Ministry, and managed to trick them into e-mailing her a copy of the exam questions to her ‘secure’ e-mail address. Ministry staff were unaware that the supposedly secure address, was a fake one Mary has setup to look like the real ministry e-mail address.
“She told me to send the exam questions to educationMinistry@secureMalaysia.com, I saw it had the word secure, and though it had to be…..you know, secure la!” said Mohd. Kantoi, the ministry staff who was tricked by Mary.
“Being from a region that doesn’t have reliable internet connectivity, I had to use resources that were available to me” said Mary. She then quoted Einstein “There’s two things in life that are infinite, the Universe and Human Stupidity, and I’m not sure about the Universe”.
The education ministry had already alerted the Singaporean Government that even though they blocked internet access for their staff, they’d still be prone to social attacks from people like Mary, and described Mary as rather ‘cunning’.
Lim Pan Ching, on the other hand used a method called ‘phishing’ to achieve his goal. By sending e-mail messages to targeted Ministry staff, he was able to get them to download software that gave him access to the MOE servers.
The e-mail posed an innocuous bank statements, with one reading, “Free 0% interest loan for one year”. Lim had studied which Ministry staff were having difficult money problems and tailored his message for their specific situation, then by getting the staff to download specialized spying software, Lim set out to obtain the exam questions one week ahead of time.
He even went as far as ‘loaning’ Rm100 to the Ministry staff, to avoid suspicions.
Rounding up the A students were Tan Tee Poo, and Conning Singh from Ipoh. The two students from rich parents, simply bribed the invigilator at the exam hall to allow them to browse the internet while taking the exam, and manage to score A’s with ease.
Tee Poo and Conning said that “People often lose their minds when exam paper leaks, but at least we know when these things happen, how many invigilators have been bribed before without the Ministry even knowing, the world isn’t safe anymore.”
“That’s why next year to avoid students paying money to invigilators, we’ve teamed up with Uber, so that students can bribe the invigilators via the app using their parents credit cards, it will be safer and cheaper ” they added.
The pair appear to have a bright future in Silicon Valley.
Other Parents however, were shocked that these students were given A grades, while students who studied for the exam and scored through conventional means (i.e. actually studying) failed. They claimed the government rewarded cheaters while punishing honest hard-working students.
Ke eath Rosario, prominent tech blogger and part-time male underwear model, warned that this thinking was outdated.
In the modern workplace, people collaborate and access the internet for inspiration and information. An exam involves no collaboration or internet connectivity, and only serves to prepare students to take other exams.
It is an antiquated way to measure a students performance.
Those students who studied a full 2 years about digital security, coding and hacking, yet still chose to ‘just’ study, demonstrated a serious lack of imagination. On the other hand, the students who scored A’s chose to think outside the box, while still employing the skills they were thought, and demonstrated a strong understanding of the subject matter.
Who do you think deserves the A’s, he asked with a raise eyebrow ala The Rock.
When pressed on what future students would do, now that the government is patching the security flaws exposed by this years students, Rosario said that next years students would have a higher hurdle to climb, but that’s the nature of IT. We can’t expect the technology to improve every year and not the humans that use it, he added.
Rosario ended the interview with a signature poignant point.
Cyber Security experts tell organizations that the craft of keeping secrets is getting harder than ever, someday someone will infiltrate your computer systems and expose the data inside of it, just like what happened to Sony Pictures, that’s a fact.
The half-life of secrets is ever decreasing, and one day even your CEO e-mails will be made freely downloadable on hacker forums—why then do we think, that the Ministry of Education can keep exam questions a secret for nearly 6 months from the time the questions get printed to the point they’re served up to a student to answer?
Isn’t our dependence on such antiquated concepts like ‘exams’ concerning? And shouldn’t we stop placing such a high emphasis on their results, when those results can be so easily manipulated?
Rosario ended the interview abruptly, claiming he had a Calvin Klein shoot to go to.
Finally, Education Exam division chairman, Dato See Tambah Tambah, said that he was happy with the results and would work on hard on ensuring fewer hacks happen next year–but you never know!