[nrbafna]

He writes about it himself here - http://deedy.quora.com/Hacking-into-the-Indian-Education-Sys...

Also, from his write up, it was serious lack of security on the results website.

More importantly, the focus from his write up should be less on the getting the data of the results, rather on the data itself. He goes on plot the scores vs frequency for all the courses taken up students and discovers a good case of tampering with the scores.

[zengr]

He has clearly stated on his blog:

"I spoke to the Times Of India (linked below) and I would like to clarify what's been written in the article. The article states "A 20-year-old Indian student from Cornell University hacked into the database ... " This is technically incorrect. I did no such thing. I did not illegally access any database system. All I did was access information that was available to any person who entered a number into the website could access. I simply mined the data and then analyzed it to reveal some interesting and disturbing trends""

So, he didn't hack anything.

[openforce]

Its funny how this will likely be handled by the people in authority. Some narrow minded men with no computer knowledge will sit around a table and decide what action can be taken against the 'hacker' for this 'breach', Ignoring the real issue here.

Websites made by/for government institutions in India are a joke. Most Indian websites are probably still made to work only with IE (IE6 even).

[fakeer]

Most probably those narrow minded people have a lot of other things to do like tackling insurgency and terrorism and calculating how much commissions comes from which tender and which bank they should hide that amount too, unless the ICSE board wants to pursue it further.

[lawnchair_larry]

Well in the US, doing this to get information that is even less sensitive counts as hacking and gets you sent to prison (see Andrew Auernheimer).

[bshastry]

If he stated so, it is clearly not in line with the title of his blog post [1]. Come on, the media preys on keywords like hacking, so if you don't see it coming be careful the next time is my advice to the "hacker" in question. [1] http://deedy.quora.com/Hacking-into-the-Indian-Education-Sys...

[jervisfm]

Well, don't know what laws India has with regards to Cyber-security if any at all, but I wonder how the reaction would be if that happened to a nation-wide exam/test in the US like the SAT.

Even if the data was available on the server, I think the laws here are such that one can still be persecuted for that. A recent example that comes to mind is the AT&T hack that leaked email addresses of some iPad users [1].

Fortunately, in this case, it does not appear that the original poster has anything to be concerned about.

[1] - http://www.computerworld.com/s/article/9237838/Legal_experts...

[monsterix]

Isn't it a bit strange that US did not persecute AT&T for the hole/lapse?

[pyre]

Depending how you define 'hacker,' his data mining could be considered 'hacking the data.'

[manojlds]

Not with the wrong connotation that the words hack and hacker have these days.

[thex86]

> Also, from his write up, it was serious lack of security on the results website.

How? The website has an interface to give you all the results. All you need is an email address. How is this then a lack of security? This is 'by design'.

[pyre]

Just because that's the interface doesn't mean, "Allowing the entire world access," is by design. I understand where you're coming from with the cultural angle in your other post. On the other hand, sometimes people leave things in the open with the idea, "what's the worst that can happen," or, "only authorized people will know about this, I don't need security." This doesn't signify an intention to let the world see, or a lack care about whether or not the world sees.

[thex86]

As far as my memory goes - I think I can safely say this for the past six years, everyone I know is aware that you can get the results for practically anyone, as long as you know their name and their school. So I meant that that this is not anything revolutionary or new, let alone a security flaw. It's just how it is. And this is no violation of privacy as the author claims.

When the grades are announced, they are put up in their full glory in the school. There is no privacy! That is what I meant.

I know this is not a good thing, but I doubt this trend will change anytime soon.

[fakeer]

And that is one reason very few pupils in India get depressed and commit suicide or steer towards drugs because they have scored less and/or others saw it.

And I don't complain about it. However with the recent (Sibbalusque) change in education marking system this trend may change.