Mission Impossible: Test Theft

It has come to the attention of Caveon Test Security, that crime syndicates are infiltrating test centers worldwide with the goal of stealing secure exam information. Their nefarious intent is to use cutting-edge burglary tactics to enable cheaters, create distrust, and destabilize the global assessment system.

Your mission, should you choose to accept it, is to counter this ring of thieves using whatever means necessary. Specifically, you are tasked with disrupting some of their most diabolical schemes: using nearly undetectable video and photographic technology to steal test questions, using software to digitally copy exams, and – most dangerous of all – hacking or stealing test information from the server itself.

To help you in this seemingly impossible task, we have assembled a team of experts. They are uniquely trained and highly motivated – specialists without equal. They include an architect (to set goals and think through test security strategies), a techie (to ensure the right levels of computer and system access are administered and monitored), a patrol officer (to keep a watchful eye on the physical environment of a testing organization), and an oracle (to anticipate testing malfeasance by creating and managing a security incidence response plan). You may select two additional team members. You can read their classified files here.

The mission ahead of you is more than difficult; it’s nearly impossible. If you are to succeed, innovation is imperative. Your team’s ingenuity is your best tool against this constantly adapting and unprincipled foe.

The threat is real.

The tactics are continually changing.

The consequences, should they succeed, are catastrophic.

Familiarize yourself with this dossier of well-known tactics your adversary uses for stealing test questions. You must know your enemy. Assembled by Caveon CEO David Foster and H.L. Miller, Jr. (and recently updated) the full document can be read by clicking here. The types of theft are ranked according to risk: their threat advisory level.

This document will self-destruct in five seconds.

Good Luck.





Stealing Actual Test files from Test Administration Servers, or Stealing Test Booklets during Shipping and Storage

An administrator at a testing center in South Korea, frustrated at a job that he feels fails to utilize his hard-earned computer programing capabilities, decides to earn some extra income. He hacks into the testing server, uses a program to decrypt the test questions and answer documents, and sells them online.

A second grade teacher notices that the door to the room storing test booklets is open and the room is empty. A filing cabinet, storing all the tests for her student’s exam the next day sits in the corner. It is all too easy to walk in, take a booklet, and return to her classroom.

The most dangerous tactic employed by exam thieves worldwide is stealing test files directly from the server or test booklets during shipping and storage. The thieves penetrate IT security through weak user-access policies and procedures and hack the files using decryption software. In addition, thieves may use traditional methods to burgle test booklets and answer sheets from unsecured testing rooms, storage areas, and during transit. This tactic is particularly dangerous because once established, these back-channel hacks can be used repeatedly without being detected. It also provides exact test content and answer sheets.

Threat Alert Level: SEVERE


Stealing Questions by Digital Still or Video Photography

A proctor observes as a student enters a testing center, adjusts the headphones, puts on glasses, and takes the exam. Everything goes smoothly and the proctor signs the student out at the end of the session. However, unbeknownst to the proctor, those glasses contain a small lens embedded into the frame that recorded the questions as they appear on the screen. The questions have been stolen and are later found online.

A nearly undetectable, accurate, and easy tactic thieves use to steal questions is to capture images during a test administration using advanced video and photographic technology. Possible technology includes high-resolution digital cameras in cell phones or hidden cameras in glasses, pens, buttons, and watches, etc. The hidden camera technology is constantly adapting, and is able to store and then transmit the entire content of exams. With this type of theft, only the questions are stolen while the answer key remains secure.

Threat Alert Level: SEVERE


Stealing Questions by Automatically Digitally Recording Test Content

An IT employee, needing extra time to study for a certification exam, starts to TIVO her favorite reality show. An idea strikes her: what if she were to record the test, memorize the questions, and then use the generous retake policy to get a perfect score? Once in the testing room, the woman waits until the proctor’s back is turned to reach under the desk and insert a small flash drive into the testing computer’s port. The drive installs computer software that records the exam session as it takes place, effectively stealing all of the exam questions.

Thieves can directly steal questions (though not answers) by using Copy and Paste commands (if there are no restrictions in place), or by connecting an automated TIVO-like recording system to one of the computer’s ports. Though it requires a special skill set to be able to install this type of software, it is relatively simple to learn and detection is low once the software is in place.

Threat Alert Level: SEVERE


Memorizing Questions to be Recalled Later

A group of university students decide to earn some extra money by memorizing a college entrance exam and selling it online to high school students. Knowing they couldn’t individually memorize all of the exam questions, they divide up sections of the test. By the end of the exam session they have collectively stolen all of the test questions, and equally divide the profits from selling the exam on Craigslist.

Requiring no technology, this old-school method involves memorizing test questions during the test administration and recalling and recording them later. This tactic is particularly effective if an organized group of thieves’ assigns individuals to each memorize particular sections of questions. It is facilitated by Mark-and-Review features of testing systems that allow the thieves to review and concentrate on the questions they must memorize. This type of theft is prone to inaccuracies due to human error and does not capture the answer key.

Threat Alert Level: HIGH


Transcribing Questions Verbally

A thief enters the testing room with an audio-recording device hidden in the collar of his shirt. Whispering under his breath during the time when the proctor is on the other side of the room, the thief records each of the questions to be transcribed later. The thief also scribbles notes on a piece of “scratch paper” and then casually folds it up and puts it in his pocket as he leave the room.

During an exam, thieves can record questions through written or recorded methods (audio recording device, text recording device, paper, two-way radio or cell phone, etc.) This process will involve transcribing the recorded information to make it ready for broad distribution, and inaccuracies can result. This process only gathers exam questions, and is easy to detect if proctors are properly trained and vigilant.

Threat Alert Level: HIGH


Manipulation of Test Administration Rules

A testing center employee looking to make some extra money uses a fake name and email address to register a “phantom” test-taker. At the assigned time, the test center employee quickly downloads the test files for the fake account, and then immediately cancels all record of the exam. The employee has managed to steal the test while avoiding a paper trail.

Thieves who wish to manipulate test administration rules can do so in many ways. Violating re-take rules or identification policies to allow individuals to gather more test questions, scheduling “phantom” test takers to access and download test files, and extending the time limit on pen-and-paper exams to allow harvesting, etc., are just a few of of the potential ways. This tactic typically only captures test questions and no answer key.

Threat Alert Level: HIGH


Obtaining Test Content from a Program Insider

A disgruntled item writer looking for revenge stays late at work, copies the test files, and gets the last laugh as he posts them online or sells them to a news outlet.

An anonymous third party approaches a down-on-her luck exam development contractor; all she has to do is copy to answer key onto a flash drive and pop it in the mail.

This tactic involves having an employee or contractor of a testing program provide test questions to confederates for a variety of motives. The program insider must have access to some or all of the items. While the stolen content will be highly accurate and include both questions and answers, this type of theft is rare because the potential for detection and punishment is high.

Threat Alert Level: GUARDED








Alison Foster

Test Security Specialist, Caveon Test Security

Leave a Reply