The State Comptroller reveals a widespread phenomenon of matriculation exam leaks in social network groups (Telegram. Sha’a) a few minutes after opening the vaults where they are kept, and sometimes the solutions are also leaked during the exam. He located seven groups in which dozens of cases of illegal distribution of questionnaires were carried out and solutions, one of which has 12,000 members. The auditor points out that these are actions that may be considered a criminal offense of fraudulently receiving something.
This emerges from the education chapter in the state auditor’s cyber report published today (Tuesday). The chapter deals with the databases of the matriculation exams. The Ministry of Education submitted only four complaints to the police about the leaking of exams and three of them have already been closed on the grounds of an “unknown criminal” or “the absence A criminal offense.” The Ministry of Education said it made the punishment worse and began distributing several versions of each exam to track down the copycats.
The auditor states with very uncharacteristic severity that cyber defects in the computer systems of the matriculation exams “could jeopardize the integrity, availability, confidentiality and reliability of the matriculation exam scores, and there is also a fear of harming the principles of exam purity”. The auditor points out that the information on the matriculation exams is “sensitive information required for the highest level of security”. Despite this, severe deficiencies were found in the protection systems of the databases, in which the exams and grades are stored.
One of the information systems uses an outdated version of a protection system that the company providing it has stopped supporting. The last time a risk survey was conducted for the matriculation exam databases was in 2018. The findings of the survey revealed a “low level of cyber protection”. In some systems, a high risk was discovered, including a finding that was defined as critical. Despite the obligation to carry out a risk survey every year and a half and despite the difficult findings, no further survey has been carried out since then.