SMU scholar jailed 16 weeks for illegal log-in, modification of grades

SINGAPORE — Worried that he might lose his scholarship, a first-year Singapore Management University (SMU) business student hacked into his professor’s account and amended his grades for one module.

When investigations pointed to him committing the offences, Tran Gia Hung, an Asean (Association of South-east Asian Nations) scholar, adamantly denied any wrongdoing, while claiming that he was framed by “a tech-savvy person”.

On Wednesday (Nov 8), the 22-year-old was sentenced to 16 weeks’ jail, after he admitted to 10 counts of unauthorised access and modification of computer material, and another count of intentionally obstructing justice by erasing evidence linked to his offence. The sentence begins on the same day.

Another 28 counts of unauthorised access and modification were taken into consideration for the purposes of sentencing.

SMU has confirmed that Tran’s scholarship has been terminated immediately, and that it will be reviewing his student status. 

The court heard on Wednesday that on April 25 last year, Dr Rajah Kumar, a professor at SMU’s Lee Kong Chian School of Business, was about to release the grades of two modules, one of which Tran was enrolled in, via the eLearn portal.

But he noticed something amiss: there were a few differences to the grades he had uploaded earlier in the day.

Upon checking, he found out that someone had made several unauthorised changes to the grades, and reported the matter to the university.

SMU investigations revealed that there were numerous log-ins — including failed attempts — to Prof Rajah’s account from one particular IP address traced to Tran’s student account.

Questioned by SMU on April 28, Tran denied accessing his professor’s account, claiming that he was framed.

Later in the day, he emailed the school administration reiterating his claim, and added that the “person who framed him is a tech savvy person”, said Deputy Public Prosecutor (DPP) Nicholas Khoo. A police report was subsequently filed.

A day after the interview, Tran and a friend went to Sim Lim Square to erase all data and files on his MacBook which he had used to commit the offences.

Subsequent investigations uncovered eight unauthorised log-ins to Prof Rajah’s eLearn account over four days, traced back to Tran.

The student initially said he had obtained the password through trial and error — observing Dr Rajah’s keystrokes in class. But Tran later changed tack, saying that the password had “suddenly appeared” on his browser.

DPP Khoo told the court that Tran accessed his professor’s account “in order to obtain projects and reports submitted by past-year students so that he could use it to do better”.

There were also 30 unauthorised amendments made to the grades of 10 students across the two modules, the court heard. Tran changed his final examination grade for one module from D+ to B, and his final overall module grade from B to A-.

He also amended the final examination grade of one Yudi Alvin — who he also accused of committing the offence — downwards, from B- to D+.

Urging the court to impose a jail sentence of at least four months, DPP Khoo said Tran’s adjustment of Mr Alvin’s grades down “carried a degree of maliciousness”.

Even when evidence was stacked against him, Tran still “spun a story that he had been framed”, DPP Khoo said, adding that Tran was “belligerent, unremorseful, and uncooperative” during investigations.

His actions were “despicable”, the prosecutor said, and “deserves strong condemnation from the court”.

Mr Amarjit Singh, who represented Tran, said that his client had been “overwhelmed with difficulties in (his) coursework”.

Tran, who has since been suspended, is the second SMU student to be jailed for such offences.

Last year, Russian law student Georgy Kotsaga was sentenced to two months’ jail for unauthorised access and modification of computer material.

The 32-year-old had illegally logged into his professor’s accounts to cheat in his law examination, and also deleted his examination scripts and those of 18 others by using the same account.

For the offences under the Computer Misuse and Cybersecurity Act, Tran could have been fined S$5,000 or jailed for two years or both for making an unauthorised access of computer material, and fined up to S$10,000 or jailed for three years or both for the unauthorised modifications.

For obstructing the course of justice, he could have been jailed up to seven years and/or fined.

Responding to TODAY’s queries, an SMU spokesperson said that the school has taken measures to beef up security of its portals. 

Since April last year, SMU has implemented two-factor authentication for its faculty to log into the eLearn portal. “The same measure is being rolled out to other SMU systems storing sensitive data,” the spokesperson added. 

In addition, the school has tightened physical access to computer equipment in seminar rooms and classrooms, and that these computers have been configured to prevent any self-running files on attached external devices — like thumb drives — from running. 

“On a regular basis, SMU’s Integrated Information Technology Services team also carries out Security Awareness initiatives, such as regular briefings on IT security measures. They also issue circulars reminding users to design strong passwords, and highlighting different phishing patterns,” the SMU spokesperson told TODAY.