CONTENTS
What is Web Monitoring?
Where to Find Stolen Exam Content
The Cost of Exam Exposure
The Human Element of Web Monitoring
Planning for Web Exposure: Questions to Ask Your Team
International Web Monitoring
The Threat Removal Process: How to Mitigate Exposure
DMCA Then and Now: How to Send Infringement Notices
Now What?
Too many tabs open?
We’ve been there. Enter your email to get a permanent copy of this guide sent directly to your inbox.
Why should I be monitoring the web?
It’s frustrating (and expensive!) for testing organizations to spend the time, creativity, and resources developing great test questions, only to have those items disclosed on the internet a short time after publication. The result of such disclosure? Undeserving test takers pass the exam using pre-knowledge (memorizing the answers they found online).
This type of fraudulent activity erodes the validity of your exam and hurts your program’s reputation. On top of that, your investment in developing high-quality assessments goes down the drain. Patrolling the web is a powerful tool that helps to protect your exams from cheating and gives your highly-valued intellectual properties additional validity, lifespan, and security in the current online environment.
What is web monitoring?
Web monitoring is the practice of monitoring common places on the internet for stolen or otherwise exposed test content. Some organizations handle web monitoring efforts in house, while others opt for help through a professional Web Patrol® service (like this one). Web monitoring may not detect the theft in action, but it certainly detects its outcomes and provides the necessary information to take action.
Where can I find exam content online?
Social Media
While it may be easy to find public-facing social media posts containing illicit or stolen content, you may not be aware that an entire ecosystem of online forums, chats, and private groups exists for this very purpose. Social media is an excellent place to start your search, but you may be required to dust off your sleuthing skills and assimilate in some corners of the internet you’ve never been before. Here’s an article with in-depth information on how search engine technology impacts web monitoring efforts on social media sites.
Braindumps
Braindump sites, file sharing sites, and affiliated blogs make a practice out of sharing stolen content while dodging requests to take it down. Nevertheless, you must locate and pursue the removal of your content if ever you find it in one of these forums. Make it a practice to regularly crawl the current and most popular sites, and learn the best practices for handling braindumps to aid in your success.
Search Engines
You’re already familiar with search engines and social media sites in your home country, but are you familiar with those of other countries as well? If your exam is being delivered online, your exam is international. You should familiarize yourself with the most popular tools used to share information in other countries and learn how to use them. (Bonus points if you can speak the language!) Here’s an article to help get you started on your international web monitoring strategy.
The Cost of Exam Exposure
Exams and tests are not just for organizations dedicated to testing. They’re also for training and evaluation purposes within tech companies, medical organizations, and even civil service groups in order to ensure candidates have the skills necessary to do the job well. But what happens when those tests are leaked online?
Just one online leak can have the effect of compromising an entire exam—or even the integrity of an entire institution. What else is there to lose from long-term, unchecked exposure?
1. Loss of Investments
2. Invalidated Scores
3. Reputation Costs
4. Redevelopment Costs
The Human Element: Web Crawling vs. Web Patrolling
Flexibility
Human web patrollers (as opposed to automated web crawlers) are capable of adapting seamlessly to the rapid evolution of the online social sphere—and to the specific needs of you, the client. Learn more about the differences between automated web crawling and human web monitoring in this article.
Critical Thinking
Monitoring the web for stolen test content involves a complicated and nuanced process of piecing together a series of clues that only humans are capable of detecting and connecting. Automated systems can’t do that.
Interactivity
Not only are humans capable of detecting unique vulnerabilities in web security, they are capable of interacting with others as part of their investigation as well. At times, problems only become clear via conversations, private messages, and eliciting tips from those in the know.
Culture
Web patrollers with language and cultural skill sets are indispensable aspects of a comprehensive and successful online security plan. Automated bots cannot keep up with the intricacies of the global digital landscape in a way that guarantees security.
Planning for Web Exposure
How much exposure are my exams getting on the internet?
Can I rescue the exposed items by restructuring them?
Do I have a plan in place before content is found online?
Are my exams copyrighted?
Who decides how to respond to a breach of exam content found online?
What portions of my exams are showing up online?
Who is posting the exams online?
If a site is claiming to have “real” items, what items do they typically have?
Am I doing routine checks of test administrators and any third-party or proctoring providers?
Am I doing routine checks of test providers?
Over time, have I observed the exposure situation getting worse or better?
How is the level of exposure impacting my items’ useful lifespan?
Do items ever appear before the test administration window begins?
Do my question types invite exposure?
Do I have boilerplate letters/procedures to quickly address exposures?
International Monitoring
What to consider when monitoring across the globe:
Online = International
If your test is administered online, then your web monitoring strategy must be comprehensive and international in scope. You can learn more about international web monitoring strategies in this article.
Borders and Barriers
Crossing regional boundaries of the internet, like crossing into foreign territory, will reveal foreign hotspots of online activity, information-sharing models, consumer behavior, and etiquette (all in different languages).
Blind Spots
In Korea and China, people are familiar with the national web platform Naver; it is an integral aspect of their online experience. But how familiar are you with Naver? This is just one example among thousands of potential international blind spots.
Being Multilingual
Who takes your tests? In what languages? Be sure to monitor for your content in multiple languages across the internet.
Hot Hangouts
Common methods of content sharing and braindumping vary from place to place. Patrolling internationally requires knowledge of each geographic area’s popular online hot spots for fraudsters.
The Threat Removal Process
Here’s a sample process for monitoring, removing, and mitigating online web exposure:
1. Identify Team Roles
Are you enlisting help for your organization’s web monitoring efforts or handling things internally? Determine who will be responsible for online threat removal. They should be directly involved and familiar with your exam security efforts. Also consider to whom that person should report their findings—a single individual at the top, multiple team members in different departments, or a representative on your legal team? We recommend a combination of these. Over time, evaluate which processes are the quickest pipeline to threat removal.
4. Escalate to Legal
Even after several attempts, some sites and individuals will refuse to remove your content, at which point you’ll want to involve your legal team. Sometimes, this can be as simple as a strongly-worded letter implying forthcoming legal action. In the worst case, a lawsuit will have to be filed to protect your intellectual property. This worst-case scenario is rare when steps 1-3 are followed.
2. Send a DMCA Letter
Prepare, approve with your legal team, and send a takedown letter to any offending site owner and affiliated web hosting company. Make sure your letter conforms to the Digital Millennium Copyright Act (DMCA) guidelines, found at www.copyright.gov. Please note that these laws apply only to domestic sites. International sites may require different methods and procedures based on the copyright protection in their country. You can learn more about submitting DMCA takedown notices in this article.
5. Clear the Threat
Congratulations! Your efforts have paid off and the offending sites have taken down your content. Now that the present threat is cleared, it’s important to follow through with the final step in the process.
3. Track Removal
Depending on the offending site, threats may be removed within hours of your first DMCA letter. It may also take weeks and multiple letters before you are successful in removing the content from the site. Strong determination and follow up with each and every site are key to getting content removed. In the meantime, if it’s a Google-owned site or blog, you can submit a copyright infringement notice with this 7-step process.
6. Ongoing Monitoring
Continual monitoring is the most important step in the process. It is your assurance that if a threat appears again, it will be found quickly and dealt with before it impacts the integrity of your exams. Be sure to periodically take time to consider how your web monitoring efforts are performing. Make adjustments as necessary, and reach out for expert help when you need a hand.
DMCA: Then and Now
There are hundreds of braindump sites disclosing actual exam content, with new sites being created daily—including thousands of affiliated blogs, filesharing sites, social media posts, and more.
While takedown notifications leveraging the Digital Millennium Copyright Act (DMCA) have been effective in the past, the sheer volume of potential sites today makes it difficult to address all of them with your limited time and resources.
Today, many braindumps never even respond to a takedown request (even after several attempts). Fraudsters often use privacy protection services, making it nearly impossible to find an address for sending a complaint. If you do make contact, a braindump owner may make claims of “fair use,” knowing that the likelihood of your starting legal proceedings against them is slim. Or they remove the material from one of their URLs, only to post it minutes later on several new sites.
But before you get discouraged...
DMCA is still a valuable tool.
What can your ongoing DMCA activity tell you about your program? You’ll glean trends on the amount and type of braindumps that share your content, the types of platforms they target, and the number of your exams they have for sale. In conjunction with other online data you’ve gathered about your exams, this information can help you identify trends and provide critical insight into the useful lifespan of your exam items and forms.
So how should you leverage DMCA?
- Obtain registered copyrights to your items and tests.
- In consultation with legal counsel, draft appropriate DMCA language to be sent to offending websites.
- After finding a braindump site with stolen test content, immediately send a DMCA notification to the contact email on its webpage, the registered owner of the website, and the host of the website.
- If no response is received within 72 hours, send the DMCA notification again, and again… and perhaps one more time. The fourth time may be the charm.
- Track and revisit this data to plan security proactively.
Now What?
Now that you know how to find content that has been exposed online, what can you do to decrease the damages and reduce your chances of future tests getting stolen and shared in the first place?
Analyze Your Testing Data
Cross-examine the results of your web monitoring efforts with other data from your test takers. Compare known “test killers” with response data to see who may have used illicit study material. You can learn more about data forensics in this ultimate guide.
Evaluate Your Online Testing Solution
Ask your online testing provider to show you the security features of your online tests that will help reduce and track content exposure—like watermarking, secure item types, and more. Make sure you have these important features in your test creation and test delivery software.
It is now possible to build tests that self-protect from content theft, either by reducing overall exposure of your pool or by rendering braindump content unnecessary and ineffective.
Publicize Your Security Measures
While you’re engaging in security-enhancing efforts, be sure to allude to them (and even describe them) to your test takers. Send the message: “If you attempt to cheat, you will be caught.” Learn more about publicizing your test security measures in this article.
Automated Item Generation (AIG)
It can be hard to stay ahead of exposure, so reduce the consequences! Use AIG to easily and inexpensively create a huge item bank, allowing you to republish your exam quickly whenever the need arises. Learn more about AIG in this ultimate guide.
Want to take a copy of the guide to-go?
You don’t need a disposable lid, bag, or box. Just download here.
Check Out These Other Test Security Resources
Security Boot Camp Part 1: Preparedness
In Part 1: Preparedness, you’ll learn how to proactively boost your security prior to testing. You’ll uncover ways to create a comprehensive test security and response plan and find out how to effectively deter security threats by publicizing your test security measures.
Go to Workbook
Security Boot Camp Part 2: Technology
In Part 2: Technology, you’ll learn ways to evaluate the technology you use to shore up your test security. Evaluating your online testing solutions, leveraging secure item types, and effectively increasing the number of items on your tests are three key ways to ensure the long-term health of your exams.
Go to Workbook
Security Boot Camp Part 1: Preparedness
In Part 1: Preparedness, you’ll learn how to proactively boost your security prior to testing. You’ll uncover ways to create a comprehensive test security and response plan and find out how to effectively deter security threats by publicizing your test security measures.
Go to Workbook
Security Boot Camp Part 2: Technology
In Part 2: Technology, you’ll learn ways to evaluate the technology you use to shore up your test security. Evaluating your online testing solutions, leveraging secure item types, and effectively increasing the number of items on your tests are three key ways to ensure the long-term health of your exams.
Go to Workbook
Security Boot Camp Part 1: Preparedness
In Part 1: Preparedness, you’ll learn how to proactively boost your security prior to testing. You’ll uncover ways to create a comprehensive test security and response plan and find out how to effectively deter security threats by publicizing your test security measures.
Go to Workbook
Security Boot Camp Part 2: Technology
In Part 2: Technology, you’ll learn ways to evaluate the technology you use to shore up your test security. Evaluating your online testing solutions, leveraging secure item types, and effectively increasing the number of items on your tests are three key ways to ensure the long-term health of your exams.
Go to Workbook
Want to subscribe to our newsletter?