Makerere varsity marks hackers identified

Makerere University Vice Chancellor Ddumba Sentamu leads a procession during a past graduation ceremony. FILE PHOTO

KAMPALA- It has emerged that the examination marks racket at Makerere University also involves external people who have access to the university IT server and have been taking the advantage to alter students’ scores in exchange for money.

This followed yesterday’s story in Saturday Monitor which indicated that some university staff with access to the Senate’s website and server were selling marks to failed or underperforming students through Facebook link and mobile money network in order to make them pass or attain higher grades.

One of the students identified as Sultan Ed Eddy on his Facebook account was linked to one Jack Mathew who promised to award the student better marks upon payment.

Subsequently, Eddy became an agent, mobilising more student clients. Eddy indicated his mobile phone number as 0773032207 and Mathew demanded that his payment by mobile money transfer be made on mobile number 0788269361.

Sunday Monitor has established the mobile phone number 0773032207 of Sultan Eddy is registered in the name of Eddy Kabagambe while Mathew’s 0788269361, where the money for marks was to be wired, is registered in the name of Denis Kisina.

Sources at Makerere said the university has been contracting Kisina (Mathew) from outside to manage their IT section and speculated that he could have created a link to gain remote access to the university data base without the institution’s knowledge.

In the latest information, Mathew brags how he has free access to the university’s computer server and can do anything with it or on it.

“I have access to data. In fact I can fix missing papers and marks. If you have a retake, I can help you get rid of it by giving you any mark above 50 per cent. I can also improve on CGPA if you want for all faculties except ICT,” Mathew wrote to his student clients on his Facebook account on June 21, 2014 assuring them that they can only pay after confirming that work has successfully been done.
“When I change the results, the change also reflects online ( so she can confirm from there. But the best proof is to get a testimonial from the registrar. If she won’t be satisfied with the online confirmation only, we may have to wait till results come out,” Mathew added.

In this transaction, Mathew indicated that he charges Shs300, 000 for each paper to be worked on, but offered to accept Shs100,000 since the papers involved were many.

Mathew is just one of the many internal and external mercenaries who have been trading in student marks by intruding into the university’s data base

In 2008, the Senate, Makerere’s highest academic decision making body, discovered that data on Academic Records Information System (ARIS) was not secure. ARIS is a system that is used to manage academic records of the university. The department of the academic registrar controls and uses ARIS.

Committee established
A committee was set up to assess the performance of ARIS. In its 2009 report, the committee observed that some academic units had refused to use ARIS system because they had developed their own systems.

The report notes that while ARIS was supposed to encompass all records at the university, only academic and registration systems were using it while applications, admissions, examination timetables and study records did not.

The committee noted that the university lacked approved standard guidelines on data entry. For instance, they noted that the list of data entrants range from coordinators, vacationers, temporary staff, secretaries, lecturers to messengers who are able to type on a computer.

“Data is entered differently in all the different units. The university has not yet developed minimum standards for software procurement and use nor has it developed documentation of software guidelines.

Currently, different units procure and use software without being subjected to any minimum standard requirement and documentation and this has implication on suitability and security of the software,” the report reads.

It recommended that examination results being sensitive records, the systems developed to protect and safeguard them should be installed with electronic alerts that would instantly notify the control centre of any tampering being made to the marks and the user and his/her location.

“That information would enable the control centre to verify whether proper authority to make changes was given. All systems must have strong security systems inbuilt in them to prevent any unauthorised use and intrusion,” the report further reads.

However, sources have intimated that the recommendations were ignored, plunging the university into the current situation.

“It is embarrassing. There is no point in making investigations and recommendations made are not implemented. They already have a report on marks fraud and how to control it but they have never implemented,” said the source who preferred anonymity.

New information shows that the same Mathew attempts to change results for students from one of the other universities and Makerere School of ICT but failed.