Website Hijacking by Contract Cheating Companies

For a while now I’ve been working on projects related to preventing and addressing violations of academic integrity such as plagiarism and contract cheating. Contract cheating is a complex form of cheating, but it basically boils down to someone else doing the work on behalf of a student. The term “contract cheating” was coined more than a decade ago, in 2006, by Clarke and Lancaster in the U.K.

There are companies whose entire business model is focused on helping students cheat. They can go by different names depending on the services they offer. They have been called “essay mills”, “paper mills” or “homework completion services”. The companies make their money in different ways. They might charge by the page or charge a flat fee for an entire assignment.

To the surprise of many teachers and educational administrators, contract cheating is big business. Studies have found that this industry is likely worth a minimum of $100 Million USD in the United States (Owings and Nelson, 2014). Studies in the UK and New Zealand also estimate the contract cheating industry to be worth millions in those countries, too (Draper & Newton, 2017; Yorke, 2017).

These companies lure in students with offers of “help” and promises of making their lives easier. Their rhetoric is that of persuasion and manipulation. They try to trick students into believing that there is nothing wrong with paying a company to do academic work on their behalf when nothing could be further from the truth. The language contract cheating companies use in their advertising seems benevolent, but the primary focus is for them to make money, not to help students. These companies are driven by profit first and foremost. They have sophisticated marketing methods that can be both aggressive, insidious, and sometimes, even illegal.

I had heard anecdotally that contract cheating companies sometimes hijack other websites, putting their own ads on the site. Presumably, it is cheaper for them to hire a hacker to get into a less secure site than to pay to have their ads posted legitimately online. Last week, I accidentally found one such website. The website seemed to belong to a small, well-meaning community organization in the United States.

I have redacted the information to avoid the possibility of legal action, but here is a screen shot showing what it looked like:

Contract cheating website hack

Figure 1: Screen shot of redacted webpage compromised by a contract cheating company.

Upon analyzing the situation more deeply, it looked like the hijackers had gone into the organization’s web site and created several sub-pages. The original pages of the organization such as the home page and sub-pages created by the legitimate website owner were completely intact and untouched. It looked to me as if the hijackers had gone into the background of the site and created additional, publicly available sub-pages where they then posted ads for a contract cheating company, complete with links that re-directed to the contract cheating company’s website. Upon inspecting the website further, I found that the metadata of the page had been populated hidden keywords such as “essay writing”, “plagiarism-free” and “thesis assistance”. This means that students searching for those terms might be led to the advertisement on the newly-created sub-pages, which they would then click on to be re-directed to the contract cheating website. If that was the case, then this an unsuspecting community organization might not have found the newly-created sub-pages for some time.

Small non-profits and community organizations often lack awareness and resources about how companies like this can compromise their websites. In an excellent article on nonprofit cybersecurity, Sheela Nimishakavi (2018) notes “all nonprofits need to implement appropriate security measures”. Julie Campbell (2018) offers some excellent tips on how nonprofits can fight cyber-attacks. Here are a couple of Campbell’s recommendations:

  1. Upgrade your computers and software.
  2. Train and inform employees and volunteers.
  3. Focus on passwords.

A website owner, whether they are an individual or an organization, may be completely unaware when a contract cheating company compromises their site. If you see an ad for a contract cheating company, look at the website address. If it looks like it might belong to a person or an organization who is not at all affiliated with exploiting students, contact the website owner to let them know. In this case, I found the contact information for the website owner and e-mailed them to let them know their site had been compromised.

References

Campbell, J. (2018). 8 ways nonprofits can fight cyber attacks. The Balance. Retrieved from https://www.thebalance.com/better-nonprofit-cyber-security-2502537

Clarke, R., & Lancaster, T. (2006, June). Eliminating the successor to plagiarism: Identifying the usage of contract cheating sites. Paper presented at the Second International Plagiarism Conference, Gateshead, United Kingdom.

Draper, M. J., & Newton, P. M. (2017). A legal approach to tackling contract cheating? International Journal for Educational Integrity, 13(1), 1-16. doi:10.1007/s40979-017-0022-5

Nimishakavi, S. (2018). It’s 2018: Do you know where your nonprofit’s cybersecurity is? Nonprofit Quarterly. Retrieved from https://nonprofitquarterly.org/2018/01/26/2018-know-nonprofits-cybersecurity/

Owings, S., & Nelson, J. (2014). The essay industry. Mountain Plains Journal of Business and Economics, 15, 1-21. Retrieved from http://www.mountainplains.org/articles/2014/General%20Research/Mountain_Plains_Journal_of_Business_and_Economics_Volume_15_2014_1-21_General_Research_Owings.pdf

Yorke, H. (2017, January 13). More than 20,000 university students buying essays and dissertations as Lords call for ban on ‘contract cheating.’ The Telegraph. Retrieved from https://www.telegraph.co.uk/education/2017/01/13/20000-university-students-buying-essays-dissertations-lords/

Note: This blog post is a reprint of a full report that is archived in the University of Calgary digital repository. Here is the citation for the original:

Eaton, S.E. (2018). Website Hijacking by Contract Cheating Companies. Calgary: University of Calgary. Retrieved from http://hdl.handle.net/1880/106494

______________________________________________________

Share or Tweet this: Website Hijacking by Contract Cheating Companies https://wp.me/pNAh3-2i6

This blog has had over 1.8 million views thanks to readers like you. If you enjoyed this post, please “like” it or share it on social media. Thanks!

Sarah Elaine Eaton is a faculty member in the Werklund School of Education, University of Calgary, Canada.

Opinions are my own and do not represent those of the Werklund School of Education or the University of Calgary.

Advertisements

Comments are closed.

%d bloggers like this: