"Catch Them If You Can" - How to mitigate online test threats

19,642 views
20,711 views

Published on

Caveon is pleased to host an informative Webinar outlining the risks test programs face when test information is exposed on the Internet, and what can be done to control it.

The Law School Admission Council publishes the LSAT, which is taken by thousands of students seeking admittance to law school. Before and after candidates sit for the exam, internet conversations proliferate across hundreds of online “waterholes” regarding the exam. Learn how LSAC manages these risks by monitoring and participating in online discussions, killing the threads quickly and effectively.

For nearly a decade, Caveon has monitored the web for some of the largest, most important test programs in the world. As online threats have changed, so have the tools and techniques used by Caveon to protect its clients’ tests. Attend this Webinar to learn do-it-yourself tips for finding your content online and mitigating the risks of such exposure.

Topics to be covered include:

- Types of online threats
- Conducting simple searches
- Culling the benign from the “perilous”
- Participating in the online discussion of your exams
- Removing content from infringing sites


Featured presenters: Faisel Alam, Test Security, Law School Admission Council (LSAC), and Steve Addicott, Vice President, Caveon.

Published in: Education, Technology
1 Comment
0 Likes
Statistics
Notes
  • The            setup            in            the            video            no            longer            works.           
    And            all            other            links            in            comment            are            fake            too.           
    But            luckily,            we            found            a            working            one            here (copy paste link in browser) :            www.goo.gl/i7K0s4
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total views
19,642
On SlideShare
0
From Embeds
0
Number of Embeds
17,410
Actions
Shares
0
Downloads
11
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

"Catch Them If You Can" - How to mitigate online test threats

  1. 1. Caveon Events & Updates• Feb 26-29: ATP• Feb 28 : US DOE Symposium• May 23-24: Conference on Statistical Detection of Potential Test Fraud, Univ of Kansas• Mid-March Webinar: ATP Lessons Learned• Caveon Security Insights Blog, weekly article• Facebook, Twitter, LinkedIn
  2. 2. “Catch Them If You Can!”Protecting Your Program From Online Cheats February 15, 2012
  3. 3. Your Presenters!Faisel Alam Steve AddicottTest Security Specialist Vice PresidentLSAC Caveon 3
  4. 4. Agenda• Who is LSAC? Who is Caveon?• Types of Online Threats• Do-It-Yourself Web Patrolling – Monitoring – Qualifying Threats – Fighting Back• Q&A
  5. 5. Meet the LSATLSAT Structure – Paper and pencil – Administered 4 times/year • February, June, September/October, and December – Approximately 800 testing centers – Over 100,000 test takers annually – 6 total sections • 5 multiple-choice • 1 writing sample • 35 minutes/section 5
  6. 6. Meet the LSAT• LSAT scores released within 4 weeks of test administration• “Black Out” period until scores released – No test discussion allowed – Pdf of questions sent to test takers with release – Test takers sign pledge of “confidentiality”• Monitor open forums for discussion of disclosed and undisclosed test items – Caveon Web Patrol™ 6
  7. 7. About Caveon….• Our mission: To help protect the tests, programs, and reputations of our clients, some of the most important test programs and test publishers in the world – Certification & Licensure – State Assessment, DOEs & Large Districts – Higher Ed• Entering our 9th year of operation• Provide practical, measureable security enhancements www.caveon.com
  8. 8. Caveon Web Patrol• We blend – Technology tools – Human experts• Identify possible threats• Cull the benign from the “perilous”• Test Content removed We do the heavy lifting, so our clients don’t have to…
  9. 9. Online Threats• Message Boards – Open discussion of test items • Disclosed or undisclosed • Specific vs. general – Discover of experimental section • Discussion of experimental section specifics threaten future test forms • Discovery of experimental section is not considered a threat 9
  10. 10. Online Threats• Chat rooms – Instant discussions of topics that are difficult to monitor• Braindump sites – IT tests are extremely vulnerable – Google Docs – allow for online collaboration• Rogue Review Courses• Proxy “Broker” Sites – Ebay, Craig’s list, etc. – Copyright issues – Medium for selling undisclosed materials 10
  11. 11. 3 Steps to “Do-It-Yourself” WebPatrolling1. Continual, Consistent Patrolling – Identify possible threats2. Measure the threat – Cull the benign from the “perilous”3. Fight Back – Aggressively “take-down” infringing content
  12. 12. Continual, Consistent Patrolling• SOMEONE needs to monitor – Budget and allocate time…and a resource – Regular monitoring • The web changes continually • Threats are dynamic
  13. 13. Continual, Consistent Patrolling• Someone to Monitor• Utilize lots of search tools
  14. 14. Search Tool Sample List• http://google.com • http://www.48ers.com/• Http://www.yahoo.com • http://www.ace.net.nz/tech/TechFile• http://blekko.com/ Format.html• http://duckduckgo.com/ • http://www.auctionmapper.com/inde• http://kijiji.searchtempest.com/ x.php• http://lookahead.surfwax.com/i • http://www.bing.com/ ndex-2011.html • http://www.craigslist.org/about/sites• http://spezify.com/ • http://www.ebay.com/• http://topsy.com/ • http://www.exalead.com/search/• http://traffikd.com/social- • http://www.flickr.com/search/ media-websites/ • http://www.mnemo.org/• http://tweetmeme.com/ • http://www.monitter.com/• http://www.scribd.com/ • http://www.surfcanyon.com/• http://www.searchenginecoloss • http://youropenbook.org/ us.com/ • http://zimkiv.com/• http://www.similarsites.com/
  15. 15. Continual, Consistent Patrolling• Someone to monitor• Utilize lots of search tools• Gain item/exam “key words”
  16. 16. “Measure the Threat”• “Measure” the risk and rate it
  17. 17. Rating Security Risks• Level 5: Blatant exam compromise and imminent security threat. – These websites will claim to have the actual exam questions, to have someone take the test for you, or actively solicit and accept submissions of actual exam questions.• Level 4: Suspected of having test content. – The site insinuates, without stating, that they have the exam content. These sites are often “cloaked.” They may suggest that “additional help” is available They may accept or encourage “braindumps.” They will usually stress that the practice materials are very similar to the actual tests. “Cloaked” indicates the only means of contact is through anonymous, non-traceable methods, such as e-mails submitted using web forms or Post Office boxes in foreign countries.
  18. 18. Rating Security Risks, con’t• Level 3: Not sure if this is a legitimate exam prep site. – The site offers test prep materials and it is “cloaked,” user submissions are encouraged or the site has a specific focus on “exam cramming” including having “very similar” questions to the test.• Level 2: May be a legitimate exam prep site. – The site is not “cloaked” but features, such as user forums, are present on the website that indicate some probability of having copyrighted exam materials.• Level 1: Appears to be a legitimate test prep site. – The website must provide verifiable contact information and the website provides a full test preparation offering including seminars and training. There is no hint of “exam cramming” and “user forums” are not present.
  19. 19. “Measure the Threat”• “Measure” the risk and rate it• Verify the Risk – Immediate Level 5 notifications – Regular summary reports
  20. 20. CAVEON WEB PATROL™ Reports OCT 2011 Administration Web Patrol Alerts Caveon# URL Comments Rating Date/Time Found http://www.braindumpgalaxy.com/ braindumps.aspx?cid=113&n=LS1 AT Braindump for LSAT questions 5 09/30/11 11:20am http://www.realpass4sures.com/ls2 at-exams.html Braindump for LSAT questions 5 09/30/11 11:22am http://www.top-law- schools.com/forums/viewtopic.ph Discussion concerning Experimental Section-3 p?f=6&t=167298&start=25 Offending post by 941law 5 10/01/11 12:45pm http://www.top-law- schools.com/forums/viewtopic.ph p?f=6&t=167270&view=unread - Discussion concerning Experimental Section-4 unread Offending post by boomer6289 5 10/01/11 12:50pm http://www.top-law- schools.com/forums/viewtopic.ph p?f=6&t=166386&view=unread#u5 nread Invitation to join LSAT chat 5 10/01/11 2:19pm
  21. 21. Fighting Back!• Research Infringing Site – Contact Us – Whois.com – Contactprivacy.com
  22. 22. Fighting Back!• Depending upon the threat… – Send a “Bystander” Letter – Leverage the Digital Millennium Copyright Act
  23. 23. CAVEON WEB PATROL™ OCT 2011 Administration Web Patrol Alerts Caveon# URL Comments Rating Date/Time Found http://www.braindumpgalaxy.com/ braindumps.aspx?cid=113&n=LS1 AT Braindump for LSAT questions 5 09/30/11 11:20am http://www.realpass4sures.com/ls2 at-exams.html Braindump for LSAT questions 5 09/30/11 11:22am http://www.top-law- schools.com/forums/viewtopic.ph Discussion concerning Experimental Section-3 p?f=6&t=167298&start=25 Offending post by 941law 5 10/01/11 12:45pm http://www.top-law- schools.com/forums/viewtopic.ph p?f=6&t=167270&view=unread - Discussion concerning Experimental Section-4 unread Offending post by boomer6289 5 10/01/11 12:50pm http://www.top-law- schools.com/forums/viewtopic.ph p?f=6&t=166386&view=unread#u5 nread Invitation to join LSAT chat 5 10/01/11 2:19pm
  24. 24. FIGHTING BACK!• Work with message board moderators or site administrators – Message boards are highly regulated – Moderators make the best allies – Users can be permanently or temporarily banned – Auction listings are removed 26
  25. 25. FIGHTING BACK!• Create a username – A visible security presence – An anonymous one – Ideal way to garner pure feedback about your test administration• Reach out to offending individual – Log a security message on the website – An official “warning” email 27
  26. 26. Final Thoughts• Test takers do not consider sharing test information a breach of test security – Comparing test experiences• Many conversations start in general terms and result in test-specific conversations• Maintaining standardized conditions and non- disclosure of test items ensures a fair test for all test takers 28
  27. 27. 1,492 Threats Identified, 1,482 Removed Workingbase.com TransTutors.com StudentOfFortune.co m JustAnswer.com Freelancer.com Total # of Projects Removed Total # of Projects CourseHero.com Posted Brainmass.com Allforfreelancers.com Algebra.com Answers.yahoo 0 200 400 600 800 1000
  28. 28. Questions? How did we do?Please post comments/reactions/suggestions to: http://linkd.in/CatchThem
  29. 29. Thank you!Steve Addicott Faisel AlamVice President Test Security SpecialistCaveon, LLC LSACsteve.addicott@caveon.com435-901-4744- Will you “Like” us on Facebook?- Check out our blog… www.caveon.com

×