NORMAN — Although it's difficult to say exactly how frequently such incidents happen, instances of unauthorized grade changing at universities are rare, a cyber security expert said.
No data exist that show the frequency of security breaches like the one University of Oklahoma officials say happened there recently, said Fred Cate, director of Indiana University's Center for Applied Cybersecurity Research. Still, Cate said he suspects grade-changing isn't a major issue at most universities.
OU student Roja Osman Hamad, 24, faces five counts of computer fraud after OU officials said he broke into the university's computer system and changed his grades.
Hamad, a former student employee in OU's information technology department, was charged in Cleveland County District Court on May 16. Hamad didn't respond to calls and emails seeking comment.
OU spokeswoman Catherine Bishop said the university hasn't prosecuted or expelled a student who changed grades since 1996, the earliest year for which information was available.
According to an affidavit, OU's IT department told OU police that Hamad used his access to the university's computer system to change six faculty members' passwords without their knowledge.
University officials told police Hamad then used the changed passwords to change his grades in the university's system and prevent faculty members from accessing the network, according to the affidavit.
An arrest warrant was issued May 16 for Hamad. He had not been arrested Thursday.
Bishop said university officials notified police as soon as they became aware of the matter. Hamad was also fired from his campus job, she said.
The university also made changes to its security system after the incident, Bishop said. She refused to give details about the changes, saying disclosing information could compromise the university's security system.
At any institution, employees are the most frequent source of security breaches, Cate said. Like Hamad, most employees have access to the institution's record-keeping system that most people wouldn't have.
Cate cited the case of National Security Agency whistle-blower Edward Snowden, who has admitted to leaking classified information to the Guardian and The Washington Post earlier this month. Snowden only had access to that information because he was an NSA employee.