Veterinary Student Expelled from Tufts Over Grade Hacking

[shee-p]

A 4th year veterinary student at Tufts was expelled this past January due to suspected grade hacking. What are y'all's thoughts? Has anyone heard of this?

---

Members don't see this ad.

 

[danseth]

I hadn't heard of this before but I strongly stick by the "innocent until proven guilty" standpoint. It's almost impossible to prove innocence because you can twist things to seem like someone might be guilty. That's due process and she is owed it since she was in the United States during the time of the allegations.

 

[Cobyology]

Fell asleep at 7:38 PM and woke up at 6:33 AM. What vet student has time to sleep that much? I'll tell you... one hacking their grades.

Inb4 somebody doesn't understand the sarcasm. It is horrible that she was expelled without a proper (and fair) process.

Edit: My only concern (and maybe I've seen one too many spy movies), is that she has an alibi for almost every instance; i.e., having a picture that proves she was somewhere else. If she did do this, she clearly would have been an expert hacker and probably could have set up her computer to do these hacks automatically (is that possible?) without her even being at her computer.

Again, innocent until proven guilty though!

 

[Stroganoff]

I read the article. What a bunch of Though lacking in details from Tufts IT, the case still merits actual due process. I hope there's enough publicity that a lawyer(s) that know what he/she/they are doing will determine she has damages and standing and file suit.

 

[ajs513]

I’m conflicted. While I don’t think it’s right that she got expelled without a hearing and the ability to defend herself, Tufts is a private school and can do whatever it wants. She’d probably have the legal right to sue them but beyond that, I don’t know what else. I think Tufts shouldn’t have done that and should have allowed her to plead her case, but unfortunately it seems like they’re within their right to do what they did.

 

[flameshock]

The more I read about this the more I dislike

 

[Jess Monster]

Cheating stories are always filled with intrigue.

I don’t know who to believe. If she didn’t do it, someone else in the school probably did, unless the Lebanese government has taken a sudden interest in vet student grades in what has to be the ****tiest black ops mission ever.

 

[twelvetigers]

My husband (networking engineer) read the article, and here is his input.

He says this would be HIGH level ‘hacking’ and would require quite a lot of knowledge and experience to pull off. Do you think she had that level of knowledge and no one knew about it? Heck, if she were that good, would she have been in vet school to start with? It’s not something most (or many) people could do.

Also, having worked with and for IT/Networking on a large campus, they don’t generally have employees capable of figuring this sort of stuff out definitively.

Something is weird.

 

[ziggyandjazzy]

I speak from experience in that private schools (and perhaps public?) do not operate like a court of law. There is no "innocent until proven guilty". They also do not operate under "irrefutable evidence". I am not a lawyer and don't know legal mumbo jumbo but they essentially act with a "preponderance of evidence" standard. Which means more likely than not. At least they did at my undergrad.

Without getting too personal, I submitted a claim against a male colleague in undergrad. I know of at least three other women who also submitted claims against the same person. The school decided that there was no "preponderance of evidence" against this student. Which basically means they believe he was more likely to not have done what four separate people claimed then what he actually did. He was allowed to continue his education, even when he was a known serial abuser.

So essentially, schools can and do whatever they want to fit their own personal narrative. While everyone is claiming she should be "innocent until proven guilty" have valid points, this simply doesn't apply to private schools, unfortunately. Due process does.not.apply. This is what schools do, and are basically allowed to do.

 

[ziggyandjazzy]

By the way, if anyone wants to voice their support for this former student, you can leave your signature here: We Demand Due Process for Deported Tufts Student, Tiffany Filler

I mean I was following that until
"Furthermore, we are concerned that Ms. Filler may have been treated differently by the Cummings School because of her immigration status and national origin. While several other students (all of whom are U.S. citizens) in Ms. Filler’s course also had their final grades slightly altered, only Ms. Filler was punished and deported for allegedly cyber-hacking."

Ummmm. No. If she is a white Canadian, that is absolutely absurd.

 

[ziggyandjazzy]

My husband (networking engineer) read the article, and here is his input.

He says this would be HIGH level ‘hacking’ and would require quite a lot of knowledge and experience to pull off. Do you think she had that level of knowledge and no one knew about it? Heck, if she were that good, would she have been in vet school to start with? It’s not something most (or many) people could do.

Also, having worked with and for IT/Networking on a large campus, they don’t generally have employees capable of figuring this sort of stuff out definitively.

Something is weird.

Interesting. I know little about computers. I sent it to my partner who is a software developer and he said;
"This is generally indicative of university investigations. Doing the bare minimum to get an outcome that benefits them. She certainly could have done it as there's nothing super technical going on with this hacking. Her evidence would be more circumstantial as it could be faked. However, the things the uni is using to justify her guilt are also able to be faked. An IT dept. assessing logs is certainly not appropriate. They are by definition biased. Professional security experts need to be the ones piecing that together. I would certainly not trust Xxnameredactedxx IT department to investigate such a matter. I don't think she has much recourse though. Perhaps can do something about the loans."

I kind of wondered how hard this would be without a lot of computer knowledge.

 

[Lupin21]

My husband (networking engineer) read the article, and here is his input.

He says this would be HIGH level ‘hacking’ and would require quite a lot of knowledge and experience to pull off. Do you think she had that level of knowledge and no one knew about it? Heck, if she were that good, would she have been in vet school to start with? It’s not something most (or many) people could do.

Also, having worked with and for IT/Networking on a large campus, they don’t generally have employees capable of figuring this sort of stuff out definitively.

Something is weird.

These were my immediate thoughts. No way would she be bothering with vet school if she had those skills. haha

 

[ajs513]

But expulsion is the nuclear option. I’m not going to assume that Tufts is absolutely right and there’s no chance that they messed up and expelled the wrong person. However, I’d think that they would put in their due diligence and make 100% sure they had the right person before doing something that would blow up as much as this has. I’m sure they weren’t just like “your grades are a little higher? EXPELLED!” There has to be more to this than the article is explaining.

 

[LamJams]

If she is innocent she should sue and explore her legal options

 

[Caiter92]

But expulsion is the nuclear option. I’m not going to assume that Tufts is absolutely right and there’s no chance that they messed up and expelled the wrong person. However, I’d think that they would put in their due diligence and make 100% sure they had the right person before doing something that would blow up as much as this has. I’m sure they weren’t just like “your grades are a little higher? EXPELLED!” There has to be more to this than the article is explaining.

Schools can kind of do whatever the hell they want in these cases. They didn’t even give her the reasons why they felt it was her before she was expelled, and despite multiple people saying she wasn’t at her computer at times they say the grade changes occurred, the school is refusing to investigate it further. Schools aren’t aren’t like a court, they don’t have to prove a student did something to take action. It’s on you to prove you’re innocent in these cases.

 

[itsrocky]

Fell asleep at 7:38 PM and woke up at 6:33 AM. What vet student has time to sleep that much?

I’ve definitely done this before, a bunch of times second year and a couple of 12 hour clinical days. I could believe a 4th year doing this. Lol

 

[britzen]

Universities are not all powerful... Many private and public universities have been sued over alleged wrongful expulsions and many have lost cases or settled out of court (often with re-instatement to the program).


Students in some other cases have sued for lack of due process, libel, and slander, all of which seem applicable here. If I were her I'd be suing for re-instatement, the cost of her education, lost wages, and punitive damages. Maybe there's more to the story and her punishment was deserved, but based on what's in that article she seems like she has a case with merit.

 

[britzen]

I mean I was following that until
"Furthermore, we are concerned that Ms. Filler may have been treated differently by the Cummings School because of her immigration status and national origin. While several other students (all of whom are U.S. citizens) in Ms. Filler’s course also had their final grades slightly altered, only Ms. Filler was punished and deported for allegedly cyber-hacking."

Ummmm. No. If she is a white Canadian, that is absolutely absurd.

How is it patently absurd to consider this?

Let's say the school thought an American student may have committed the exact same offense. Other students grades were changed but it seems that no other investigations or punishments occurred. Why? Maybe the school officials avoided investigating or punishing an American because they thought it would be more difficult to expel a one. An American wouldn't be immediately deported after expulsion so they could potentially draw out the process. Maybe the officials felt that Americans would be more likely to sue the school because they wouldn't need to travel internationally for court dates. If an American and a Canadian were treated differently during this investigation based on their National Origin, it seems to me that would most definitely be a violation of discrimination laws.

I'm not saying that happened, but there is a reason that race, color, and National Origin are separate protected categories in the Civil Rights Act. A white Canadian may be able to avoid many types of overt discrimination because of the way they look and speak, but being a visa holder can make them vulnerable in a way that Americans are not.

 

[cbucks]

How is it patently absurd to consider this?

Let's say the school thought an American student may have committed the exact same offense. Other students grades were changed but it seems that no other investigations or punishments occurred. Why? Maybe the school officials avoided investigating or punishing an American because they thought it would be more difficult to expel a one. An American wouldn't be immediately deported after expulsion so they could potentially draw out the process. Maybe the officials felt that Americans would be more likely to sue the school because they wouldn't need to travel internationally for court dates. If an American and a Canadian were treated differently during this investigation based on their National Origin, it seems to me that would most definitely be a violation of discrimination laws.

I'm not saying that happened, but there is a reason that race, color, and National Origin are separate protected categories in the Civil Rights Act. A white Canadian may be able to avoid many types of overt discrimination because of the way they look and speak, but being a visa holder can make them vulnerable in a way that Americans are not.

I found the comment a bit off based on the fact that the article said the one individual was investigated because all grade changes came from her computer....not anyone else’s. If there had been alterations that were traced to multiple computers and the other people were not investigated, then I would consider the statement more truthful. In this case (if everything in the article is true), it makes sense that they wouldn’t expel the other students if changes were not traced to their computers and that’s why I didn’t fully agree with that part of the petition

 

[2018APreVetOdyssey]

I wonder if this will impact anyone’s decision to attend Tufts

 

[britzen]

I found the comment a bit off based on the fact that the article said the one individual was investigated because all grade changes came from her computer....not anyone else’s. If there had been alterations that were traced to multiple computers and the other people were not investigated, then I would consider the statement more truthful. In this case (if everything in the article is true), it makes sense that they wouldn’t expel the other students if changes were not traced to their computers and that’s why I didn’t fully agree with that part of the petition

What I was primarily objecting too was the comment that the discrimination claim was "patently absurd" specifically because the student was a white Canadian. Any foreigner, especially a visa holder, can face discrimination and abuse.

That said, I think the school has left itself vulnerable to the discrimination argument mostly because they seem to have done a poor job both in terms of the actual investigation and transparency.

The facts of the case don't seem firm and definitely aren't transparent - specifically they don't seem to have a way to know her IP address for sure and she supposedly did something on her computer when she was in one state and her computer was in another. The school hasn't offered an explanation as to why they know for sure it was only her computer. Even if we accept that they found out her IP address somehow and just didn't divulge it (so they do know for sure it was only her computer), they also haven't said how they know for sure there was not an accomplice, frame job, or different perpetrator for the attack where she was out of state. She could be guilty as all get out, but still make a legal case that she was treated unfairly in the investigation because of her nationality if there is any evidence that other leads weren't pursued based on that.

 

[Stroganoff]

But expulsion is the nuclear option. I’m not going to assume that Tufts is absolutely right and there’s no chance that they messed up and expelled the wrong person. However, I’d think that they would put in their due diligence and make 100% sure they had the right person before doing something that would blow up as much as this has. I’m sure they weren’t just like “your grades are a little higher? EXPELLED!” There has to be more to this than the article is explaining.

That's why I'm so highly annoyed that the article is lacking in details -- something I see in a lot of garbage journalism these days. There's nothing at all to go off of in the article re: actual technical details, at least what I expect to see.

Assuming she has standing -- IANAL but it seems reasonable she does -- the exact details of the case would have to come out in Discovery, since Tufts is acting incredibly childish by hiding behind the privacy excuse even in light of a waiver of privacy.

Penetration of this kind where grades are altered is often an active process -- versus something like reconnaissance that can be more easily automated to occur passively. What I'm getting at is e.g., in the two examples I can remember from the article:

1) sitting in class surrounded by classmates who saw nothing but lecture notes on her laptop screen; and
2) rounding with the group for ~2ish hours with no access to a computer and with her classmates vouching she was with them;

...it's reasonable that these alibis and classmate testimony are enough to exonerate her or to really increase the Burden of Proof on the accuser.

Because I'm bored, I'll go through the article point-by-point, but I'm still frustrated it doesn't get into really any detail at all. It's like written for a High School layman audience or something, which I believe TechCrunch and most other journalism outlets write to.

For three hours, she faced eight senior academics, including one who is said to be a victim of her alleged hacks. The allegations read like a court docket, but Filler said she went in knowing nothing that she could use to defend herself.

I don't like this, since they're blindsiding her with the Spanish Inquisition (no one expects it!) and steamrolling her in the process.

Tufts said she stole a librarian’s password to assign a mysteriously created user account, “Scott Shaw,” with a higher level of system and network access.

I don't understand this. A librarian is a user. Any competent organization would follow the principle of least privilege and users would only get the level of access to what their immediate job duties entailed. Why the **** would a librarian have domain admin credentials that would allow the creation of another user? I need way more details. Domain environment, their AD forest topology, the university policy and procedures. If I had to speculate, education (both K-12 and university) shops are run like small/medium businesses and are generally very low paying compared to the market, meaning you'll only get straight up beginners, burn-outs, dummies, or lazy idiots looking for a slow-paced, low-stress job. I've never worked in a technical capacity for a university and never would considering how disgusted I am with their processes. So maybe Tufts doesn't follow strict security procedures and throws stuff together with untold amounts of "one-offs," so maybe this librarian was some old crusty person who for whatever idiotic reason was domain admin. OK, let's take that devil's advocate further: how did she obtain the librarian's user password? Social engineering? The article doesn't discuss jack squat, so we the readers are expected to simply swallow it as truth.

Filler allegedly used it to look up faculty accounts and reset passwords by swapping out the email address to one she’s accused of controlling,

Again, the article doesn't give details. WHAT creds are we talking about here? AD? Does Tufts have self-service for password resets for AD that would even allow this? Is this specifically the grading system that isn't integrated with the university's AD environment? When I worked at a university alumni association in a more business analyst role, I learned that "Sungard Banner" was popular at many universities and handled lots of the student/staff/faculty/financial/development/class enrollment/grading systems. It's now called Ellucian. But my question remains: WTF is the article talking about?

or in some cases obtaining passwords and bypassing the school’s two-factor authentication system by exploiting a loophole that simply didn’t require a second security check, which the school has since fixed.

Same question and frustration: Password to what system?

Tufts accused Filler of using this extensive system access to systematically log in as “Scott Shaw” to obtain answers for tests, taking the tests under her own account, said to be traced from either her computer — based off a unique identifier, known as a MAC address — and the network she allegedly used, either the campus’s wireless network or her off-campus residence. When her grades went up, sometimes other students’ grades went down, the school said.

I need details for every sentence here. I'm getting intellectual blue balls.

The bulk of the evidence came from Tufts’ IT department, which said each incident was “well supported” from log files and database records. The evidence pointed to her computer over a period of several months, the department told the committee.

I'm from Missouri: Show Me.

“Universities can operate like shadow criminal justice systems — without any of the protections or powers of a criminal court,” said Samantha Harris, vice president of policy research at FIRE, a rights group for America’s colleges and universities. “They’re without any of the due process protections for someone accused of something serious, and without any of the powers like subpoenas that you’d need to gather all of the technical evidence.”

I've heard of FIRE before for past campus incidents, but I don't remember what they were. I hope they provide free legal services to Ms. Filler.

Harris reviewed documents we provided outlining the university’s allegations and Filler’s appeal.

Provide the dang documents to we the readers, TechCrunch. Embed them as PDFs or whatever at the bottom of the article.

“It’s troubling when I read her appeal,” said Harris. “It looks as though [the school has] a lot of information in their sole possession that she might try to use to prove her innocent, and she wasn’t given access to that evidence.”

This is where I think Discovery secondary to a lawsuit would be beneficial. It's infuriating to basically say, "You did it! Not gonna provide evidence supporting our accusation even when people ask about it in good faith!" Reminds me of an incident in the Lounge recently, where I asked multiple times in good faith for someone to take a few seconds to explain what he was thinking, but this person would rather spend multiple posts saying "nah" when it would have been faster to just explain what he/she meant. It's. So. Incredibly. Cowardly. To not explain what you mean when someone asks in good faith to try to understand you.

A month later, the committee served a unanimous vote that Filler was the hacker and recommended her expulsion.

A committee consisting of what 3rd party forensics firm?

Struggling for answers and convinced her MacBook Air — the source of the alleged hacks — was itself compromised, she paid for someone through freelance marketplace Fiverr to scan her computer.

Need more details:

1) All details in reference to the MacBook Air;
2) Who this freelancer off of Fiverr was;
3) Exactly what this freelancer did.

Within minutes, several malicious files were found, chief among which were two remote access trojans — or RATs — commonly used by jilted or jealous lovers to spy on their exes’ webcams and remotely control their computers over the internet. The scan found two: Coldroot and CrossRAT. The former is easily deployed, and the other is highly advanced malware, said to be linked to the Lebanese government.

Need more details.

Evidence of a RAT might suggest someone had remote control of her computer without her knowledge. But existence of both on the same machine, experts say, is unlikely if not entirely implausible.

I agree. It's weird, to me at least, to see multiple RATs. That's why I'd really love to see details.

Devil's advocate: Did she hire some crappy criminal to do all this grade-changing on her behalf? Did this person not know what he/she was doing? Did Filler herself install one or both RATs to give herself plausible deniability and an alibi? That doesn't make sense to me, for this reason: Let's say that Filler DID break in and change her grades. Let's say she set up the alibi with the phone pictures and the GPS metadata to the Mark Twain house, and grand rounds, and sitting in class. Let's say she hired someone else to do the dirty deed while she was fulfilling her alibi. Why the hell would the RATs be on her own computers then? If she hired someone else, it would make more sense to infect her own laptop with malware to implicate herself? That would be like me hiring a hitman to stab somebody but do it with my knives. Duh?

Thomas Reed, director of Mac and Mobile at Malwarebytes, the same software used to scan Filler’s computer, confirmed the detections but said there was no conclusive evidence to show the malware was functional.

“The Coldroot infection was just the app and was missing the launch daemon that would have been key to keeping it running,” said Reed.

TechCrunch interviews a Malwarebytes director: how did he get access to the scan logs? Provide them to us the reader, TechCrunch! Throw us a dang forensic bone here.

Even if it were functional, how could the hacker have framed her? Could Filler have paid someone to hack her grades? If she paid someone to hack her grades, why implicate her — and potentially the hacker — by using her computer?

Derp, that's what I just said above in the devil's advocate.

The landlord told me a staff resident at Tufts veterinary school, who has since left the house, “has bad feelings” and “anger” toward Filler. The former housemate may have motive but no discernible means. We reached out to the former housemate for comment but did not hear back, and therefore are not naming the person.

See, this is pretty interesting and we're lacking in answers. If a former roommate/housemate had an axe to grind... let's look into this, especially if she's dumb enough to have her password(s) in plain view for roommates to see.

Filler took her computer to an Apple Store,

Oof. Don't step foot in an Apple Store, and for the love of G*d don't consult their "Geniuses." Look up "Louis Rossman" on YouTube for exact details on just how slimy the Apple Store Geniuses are and their motivation to basically just sell you a new iPhone/iPad/MacBook/whatever rather than fix something for $1 or whatever.

claiming the “mouse was acting on its own and the green light for the camera started turning on,” she said. The support staff backed up her files but wiped her computer, along with any evidence of malicious software beyond a handful of screenshots she took as part of the dossier of evidence she submitted in her appeal.

Destruction of evidence. Devil's advocate: she's doing all this to play dumb and have Apple "Geniuses" do the destruction of evidence that would incriminate her.

Re: the "handful of screenshots," LET WE THE READERS SEE THEM! Publish them in the article, TechCrunch. My intellectual blue balls are highly inflamed right now.

“Feedback from [IT] indicated that these issues with her computer were in no way related to the alleged allegations,” said Angie Warner, the committee’s acting chair, in an email we’ve seen, recommending Filler’s expulsion. Citing an unnamed IT staffer, the department claimed with “high degree of certainty” that it was “highly unlikely” that the grade changes were “performed by malicious software or persons without detailed and extensive hacking ability.”

Doesn't this essentially exonerate Ms. Filler the vet student? The university's own IT department says it's highly unlikely that the attack was executed by someone without "extensive hacking ability."

My opinion is I strongly disagree with that statement, since nothing talked about so far is all that technical: seems like social engineering to get the librarian's password and a few other password resets to gain lateral movement.

Either way, the accuser (Tufts) kind of weakened their own case against the student. Very confusing.

Filler thought she could convince the committee that she wasn’t the hacker, but later learned that the timings “did not factor” into the deliberations of the grievance committee, wrote Tufts’ veterinary school dean Joyce Knoll in an email dated December 21.

This makes no ****ing sense. Timings are everything. This just reeks of a gaggle of idiots like some nursing home knitting and quilting club speaking on matters that are out of their wheelhouse. This highly reeks of emotional and irrational thinking.

All of the students we spoke to said they were never approached by Tufts to confirm or scrutinize their accounts.

Probably because Tufts had already made up their mind and had closed their mind to any facts.

The infographic helped a little bit even though it still lacked details:

February 13, 2018

• Accused: logs in as Scott Shaw from MBA via Tufts WLAN to view the answers to a SA medicine bonus quiz, then switch to her own account to take the quiz.
• Alibi: Classmates said she was in class and nothing suspicious was going on.
• My comments: It would take major stupidity/balls to do this all while in class in plain view of classmates.

June 26-27, 2018

• Accused: Says the bulk of the attacks occurred here such as password resets and grade changes from her private residence.
• Alibi: Sleeping, proven via Xiaomi fitness tracker sleep log.
• My comments: At least with my Fitbit, I can alter the sleep log start and end dates and times whenever I want if I find the automatic sleep tracker is inaccurate. That screenshot provided by Filler of 7:38 PM - 6:33 AM lacks the details I need. It would be better to drill down further to see her body's movement during that period to really "prove" that she was sleeping/motionless. And hopefully see her heart rate and compare it to her baseline heart rate in, say, that month.
  
  I'm also confused how password resets would go unnoticed by faculty. Also confused why she would use her own laptop from her own apartment to do these dirty deeds. Also curious -- if it's a private residence -- how Tufts knows for sure that that was her apartment vs. say her classmate's house.

June 28, 2018

• Accused: M04R H4CK1NG!!11
• Alibi: At the Mark Twain House. iPhone GPS EXIF metadata shows she was there.
• My comments: Need more details.

July 6, 2018

• Accused: Reseted a resident's account from her home.
• Alibi: 7:54 PM - 4:40 AM sleep tracker log.
• My comments: Same as above. Need more details on the activity tracker with regard to her heart rate and her body movement instead of just the start and end times of the sleep log. Also need more details on the attack.

July 7, 2018

• Accused: Used Scott Shaw account to enter new assessment scores. (What is assessor?)
• No alibi
• My comments: Need more detail on the attack.

July 20-21, 2018

• Accused: Used her MBA to log into the student records system from home.
• Alibi: At "Pho Sho" restaurant with friends corroborated by metadata. Also asleep proven via fitness tracker.
• My comments: More details, please. FFS.

July 20-21, 2018

• Accused: From campus, logged into another staffer's account.
• Alibi: On rounds from 8:30-10:30 am without computer access. Classmates corroborate she was with them the whole time.
• My comments: Need more details on the attack. Also, if she used another staffer's creds after resetting that person's password, the employee would immediately know since...yanno, their password no longer works.

Tufts said on that occasion, her computer — eight miles away from the restaurant — was allegedly used to access another staff member’s login and tried to bypass the two-factor authentication, using an iPhone 5S, a model Filler doesn’t own. Filler has an iPhone 6. (We asked an IT systems administrator at another company about Duo audit logs: They said if a device not enrolled with Duo tried to enter a valid username and password but couldn’t get past the two-factor prompt, the administrator would only see the device’s software version and not see the device type. A Duo spokesperson confirmed that the system does not collect device names.)

I need way more details on why Tufts is accusing Filler of having an iPhone 5s. Where are they getting this info?

Re: The 2FA Logs, even if Duo doesn't log device type, it's possible it's logged via other means such as if that device used the university's WLAN, then perhaps the iPhone's hardware MAC address (if not randomized) could indicate how old or new the iPhone is. It's possible the user-agent string (maybe?) shows iPhone model, but I doubt it...would just show like "Apple WebKit" etc etc and Safari/WebKit version.

This part smells.

Filler, who wears a Xiaomi fitness and sleep tracker, said the tracker’s records showed she was asleep in most, but not all of the times she’s accused of hacking. She allowed TechCrunch to access the data in her cloud-stored account, which confirmed her accounts.

Then show us more details than just the high-level screenshots showing the start and end times of her sleep activity. Show me her body movement graph and her heart rate graph. This will help me believe that she didn't manually fake her sleep activity as part of her alibi.

While photo metadata can be modified, Williams said the signs he expected to see for metadata modification weren’t there. “There is no evidence that these were modified,” he said.

I'd like to see the photos in question, but I'll give the benefit of the doubt to Jake Williams's analysis. He has no incentive to lie about this.

I'm leaning towards her actually going to the Mark Twain house when she said she was and as the photos show. This leaves either her innocence (someone else did the whole thing to frame her) or her guilt (hiring a 3rd party attacker to do all the dirty work for her).

Yet none of it was good enough to keep her enrolled at Tufts. In a letter on January 16 affirming her expulsion, Knoll rejected the evidence.

“Date stamps are easy to edit,” said Knoll. “In fact, the photos you shared with me clearly include an ‘edit’ button in the upper corner for this exact purpose,” she wrote, referring to the iPhone software’s native photo editing feature. “Why wait until after you’d been informed that you were going to be expelled to show me months’ old photos?” she said.

“My decision is final,” said her letter. Filler was expelled.

God, what a friggin' See You Next Tuesday this dean sounds. Screw Tufts. I'll be sure to never enroll in that bastion of caca. They're towards the most expensive in the country, anyway.

“My decision is final,” said her letter. Filler was expelled.

HURR DURR, I'm a twit.

But even the little things don’t add up.

Tufts never said how it obtained her IP address. Her landlord told me Tufts never asked for it, let alone confirmed it was accurate. Courts have thrown out cases that rely on them as evidence when others share the same network. MAC addresses can identify devices but can be easily spoofed. Filler owns an iPhone 6, not an iPhone 5S, as claimed by Tufts. And her computer name was different to what Tufts said.

And how did she allegedly get access to the “Scott Shaw” password in the first place?

Warner, the committee chair, said in a letter that the school “does not know” how the initial librarian’s account was compromised, and that it was “irrelevant” if Filler even created the “Scott Shaw” account.

Exactly. All these details matter. Saying that it's "irrelevant" if she created the Scott Shaw account is since it's material to the entire case, since that appears to be the entry point for penetration -- everything else was lateral movement from there, no?

Many accounts were breached as part of this apparent elaborate scheme to alter grades, but there is no evidence Tufts hired any forensics experts to investigate. Did the IT department investigate with an inherent confirmation bias to try to find evidence that connected Filler’s account with the suspicious activity, or were the allegations constructed after Filler was identified as a suspect? And why did the university take months from the first alleged hack to move to protect user accounts with two-factor authentication, and not sooner?

Because they're incompetent and evil.

But we know two things for certain. First, Tufts expelled a student months before she was set to graduate based on a broken system of academic-led, non-technical committees forced to rely on weak evidence from IT technicians who had no discernible qualifications in digital forensics. And second, it doesn’t have to say why.

Or as one student said: “We got her side of the story, and Tufts was not transparent.”

I agree entirely. They tanked her career moments before she earned her DVM and didn't have the decency to say why, like toddlers throwing a temper tantrum.

It's still possible she's guilty and perhaps hired someone to do the dirty, but there's a lot that just seems sloppy and doesn't make sense.

Again, I would really want to see extreme forensics details from her laptop, her phone, and all of the affected Tufts' systems. The article didn't provide jack squat, and neither did Tufts.

I'm in full support of reinstating her to full standing to graduate with her DVM, and I'm in full support of a lawsuit that compels Tufts to provide forensics evidence that supports their assertion.

 

[SkiOtter]

Spanish Inquisition (no one expects it!)

 

[Laradd]

This is heinous.

And, this is why you;

-- dont share your computer/s

-- dont be a Good Samaritan

-- remove the computer from the net when not needing it

-- dont rely exclusively on online-only apps

-- dont keep using a compromised device

 

[cheval12]

I wonder if this will impact anyone’s decision to attend Tufts

I wondered the same thing. But I can tell you personally, it affected mine. I was wait-listed and removed my name from the wait-list yesterday. I loved Tufts, but I have dealt with this administration drama in the past and want no part!

 

[battie]

I want to know what the AVMA and AAVMC think about this, or if this is even on their radar.

 

[vetmedhead]

Just skimming this thread, but I think it's important to remember that things like due process and innocent until proven guilty apply specifically to the government and how it applies its laws to its citizens in courts of law.

I don't really have anything to add about the school's investigation itself (strog did a pretty thorough job), but I do think if things are as they were presented in this article that the student should consider hiring a lawyer to help them with discussing this further with the school. Civil suits also have different levels of proof that need to be demonstrated (they also rely on preponderance of evidence - criminal courts are the only ones who really rely on "beyond a reasonable doubt"), so I'm not sure whether that would or would not work out in her favor if she sued. A lawyer for her case would obviously know more.

 

[cbucks]

Piggybacking off a few other comments...should this be something that admitted students weigh heavily before deciding? I've been really considering Tufts as my top school, and now I'm conflicted with this information. Everything in the article is so murky that I don't 100% know how to feel, but it's been in the back of my mind for the past few days and I'm not sure how to proceed with making a decision now

 

[ziggyandjazzy]

Piggybacking off a few other comments...should this be something that admitted students weigh heavily before deciding? I've been really considering Tufts as my top school, and now I'm conflicted with this information. Everything in the article is so murky that I don't 100% know how to feel, but it's been in the back of my mind for the past few days and I'm not sure how to proceed with making a decision now

IMHO, I would not let this affect your decision. There are administrative issues at every school, some more than others. Tufts is unfortunate enough to have had this published, while similar things likely occur at other schools with less press. This article, as others have said, doesn't really give the full picture and is really murky.

Perhaps someone who goes to tufts or knows more about tufts can chime in. But I highly doubt issues like this are reserved exclusively to this school by any means.

 

[DVMDream]

Maybe this student is also responsible for the current massive Facebook/Instagram issue/possible hack.


























(I'm kidding, in case anyone couldn't tell). She should definitely hire a lawyer to look into what her options are.

 

[lioness2408]

I guess I can weigh in a little as a current Tufts student (disclaimer: like many Tufts students I don't know much more about the case than any of you, and I definitely cannot speak for all of us here at Tufts).

Honestly, I've been a little taken-aback by the magnitude of the overall response to the article. It's a weird experience, seeing places and people that you know torn apart by random people on the internet (my personal favorite was a redditor calling for prompt de-accreditation of the school). Of course, there is some pretty low-level concern/paranoia among students about "what if she really was innocent? Then it could happen to anyone!" but personally I think it's unfounded. Not only is the article heavily skewed towards Filler's side, and as others have noted, remiss in alluding to but not actually including some of the evidence cited, but no other theory besides her adjusting her own grades (or paying someone to do it for her) really makes any sense to me. A jilted roommate looking for revenge? A conspiracy from within the school to scapegoat a random student? As fun as it is to speculate, this isn't actually a Lifetime movie

I can see where it could be easy to vilify the administration from the outside looking in, and I'm sure I would do the same if this article concerned any other school. However, both of the administrators identified by name are people who lecture to and are pretty involved in the overall education of Tufts students, and so all of us here interact with them in some capacity. In my experience they seem to really enjoy working with and take pride in all of us students. Call me naive, but they're just human beings (and veterinarians themselves) who I personally can't imagine remorselessly steamrolling over an innocent student the way some people on the internet seem to suspect.

Overall, I agree with ziggy that this is something that could have happened at any school and is now being blown out of proportion. This is an isolated incident as far as I know and has not really changed my opinion of my school. I still believe that I am receiving a quality education here, and hope that this story doesn't actually discourage people from applying to or attending Tufts

 

[Stagg737]

This is a really crappy situation. The one thing I find ironic is that Tufts told her to leave ASAP and then started trying to collect loan money from her. If I was unjustly expelled I wouldn't be paying the school jack squat. Especially if I had to leave the country because of it.

 

[DVMDream]

This is a really crappy situation. The one thing I find ironic is that Tufts told her to leave ASAP and then started trying to collect loan money from her. If I was unjustly expelled I wouldn't be paying the school jack squat. Especially if I had to leave the country because of it.

Ok, this isn't how student loans work. Tufts isn't asking her to pay back her loans.... either the bank or the federal government who gave her the loans is requesting payback since she's no longer enrolled in school.

 

[DVMDream]

I don't know how Canadian school loans work but if I recall from what I've read in this forum, they don't really get loans from their government so she'd have to find a bank or other financial institution to lend her the loans.

 

[Stagg737]

Ok, this isn't how student loans work. Tufts isn't asking her to pay back her loans.... either the bank or the federal government who gave her the loans is requesting payback since she's no longer enrolled in school.

Right, but like you said she's Canadian so Idk how that would work. Though this was written in the article:

"Filler is back home in Toronto. As her class is preparing to graduate without her in May, Tufts has already emailed her to begin reclaiming her loans."

Which makes it sound like Tufts was lending her the money/paying her tuition for her. If they were private loans from another institution then I'd say she should pay them back and sue Tufts. If Tufts was paying her tuition she could probably sue, but if she wasn't able to or was unsuccessful I'd tell them 'bye Felicia'.

 

[DVMDream]

Right, but like you said she's Canadian so Idk how that would work. Though this was written in the article:

"Filler is back home in Toronto. As her class is preparing to graduate without her in May, Tufts has already emailed her to begin reclaiming her loans."

Which makes it sound like Tufts was lending her the money/paying her tuition for her. If they were private loans from another institution then I'd say she should pay them back and sue Tufts. If Tufts was paying her tuition she could probably sue, but if she wasn't able to or was unsuccessful I'd tell them 'bye Felicia'.

Schools don't pay a students tuition or provide loans. This is called crappy journalism.

 

[grebes4lyfe]

Schools don't pay a students tuition or provide loans. This is called crappy journalism.

Tufts does do private loans through the institution. The financial aid info they sent me had a part for federal loans and another part for loans through tufts directly.

 

[DVMDream]

Tufts does do private loans through the institution. The financial aid info they sent me had a part for federal loans and another part for loans through tufts directly.

Only for undergrad according to Tufts own website and for very very small amounts.

I'm kind of surprised they do even this because you need certain credentials and certificates to act as a loan provider, it is why mostly banks provide loans.

 

[Stroganoff]

Not only is the article heavily skewed towards Filler's side, and as others have noted, remiss in alluding to but not actually including some of the evidence cited, but no other theory besides her adjusting her own grades (or paying someone to do it for her) really makes any sense to me.

I'll say up front that I 100% agree with you that the article is skewed and biased to her side. I don't think any reasonable person here has drawn the conclusion that she's completely innocent.

And even though we don't have the level of detail to do any real objective analysis, we do have some primary sources to go off of. For example:

1) "Warner, the committee chair, said in a letter that the school “does not know” how the initial librarian’s account was compromised, and that it was “irrelevant” if Filler even created the “Scott Shaw” account."

Saying that material evidence of an attack is "irrelevant" is infuriating to me and essentially throws the entire case out the window. In other words, from my read, stealing the librarian's password and somehow using it to create a "Scott Shaw" dummy account with lots of admin permissions is kind of how the penetration into the school's systems took place to begin with.

That's akin to saying, "Oh, it's irrelevant how you actually broke into my house. All I know is some things are missing, but I know you were the one who did it!"

(Also @lioness2408, since you're a student, do you have any idea what systems they're even talking about?? What "librarian" would have admin access to IT systems?)

2) Dean Knoll completely discarding the JPEG EXIF metadata, for instance, that places her at the Mark Twain house and other places, is silly. It's possible, but her reasoning doesn't satisfy any reasonable, thinking person. And like you said, the Dean is a veterinarian and also teaches passionately. Great! So what in the flying hell are her forensics credentials to be able to come to a conclusion? This is kindergarten kangaroo BS.

3) The iPhone 5s/6 thing doesn't make sense to me. Neither do other details.

4) "but later learned that the timings “did not factor” into the deliberations of the grievance committee, wrote Tufts’ veterinary school dean Joyce Knoll in an email dated December 21."
^ That means they made an emotional decision that completely ignores evidence.


So yes, I agree with you the article is biased, and I also agree it lacks details. And I agree that Filler could have done it or paid someone to do it are plausible, but there's so much garbage that exonerates her that I'd need to see the school's forensic evidence to conclude with a clean enough conscience that she did it and is worth tanking her veterinary career over.

Call me naive, but they're just human beings (and veterinarians themselves) who I personally can't imagine remorselessly steamrolling over an innocent student the way some people on the internet seem to suspect.

Then they can cut the crap and provide their evidence that led to their decision. If not, sue and subpoena it. If my school said, "We're kicking you out, but we aren't saying how we came to this conclusion," I'd like to think I'd make it my life mission to sanction them if only so that they cannot hurt anyone else again.

Overall, I agree with ziggy that this is something that could have happened at any school and is now being blown out of proportion.

I don't think it's blown out of proportion considering a professional student got expelled just a few months prior to graduation. I agree that this could happen at any school. Doesn't mean that anything anyone has said in this thread is out of proportion. This isn't about bombing a quiz, for example, it's expulsion and not providing evidence.

 

[Stroganoff]

I'm kind of surprised they do even this because you need certain credentials and certificates to act as a loan provider, it is why mostly banks provide loans.

My undergrad offered private loans... like 8% fixed APR, totally evil.

 

[DVMDream]

My undergrad offered private loans... like 8% fixed APR, totally evil.

Meh, that's what the federal loans are up to now. Don't go to school, kids, it'll ruin you financially forever.

 

[Stroganoff]

Meh, that's what the federal loans are up to now.

Yeah but federal loans offer IBR/IDR/deferment/forbearance. When schools get into the private loan game, the terms are quite nasty.

Don't go to school, kids, it'll ruin you financially forever.

Or don't go to expensive schools thinking that the education is that much better.

Edit: Frick. I was trynna just copy the first image, but they're all together.

 

[DVMDream]

Yeah but federal loans offer IBR/IDR/deferment/forbearance. When schools get into the private loan game, the terms are quite nasty.


Or don't go to expensive schools thinking that the education is that much better.

Edit: Frick. I was trynna just copy the first image, but they're all together.

Even the cheapest school is becoming too expensive.

 

[DVMDream]

Yeah but federal loans offer IBR/IDR/deferment/forbearance. When schools get into the private loan game, the terms are quite nasty.


Or don't go to expensive schools thinking that the education is that much better.

Edit: Frick. I was trynna just copy the first image, but they're all together.

IBR is only great for 25 years, then the tax bomb explodes in your face.

 

[Stroganoff]

IBR is only great for 25 years, then the tax bomb explodes in your face.

Some people might be into that. Besides, kink shaming is @finnickthedog's job.

*goes to bed*

 

[Stagg737]

Schools don't pay a students tuition or provide loans. This is called crappy journalism.

Probably, there are other possibilities though. Some schools offer X dollars of aid assuming you finish or complete a certain track. If you drop out or change tracks then you owe the full amount. HPSP scholarship is like this as well as most med schools that offer tuition credits for staying in state afterwards. My guess is Tufts vet school isn't one of those programs as it was bad journalism, but idk.

 

[SkiOtter]

Or don't go to expensive schools thinking that the education is that much better.

Edit: Frick. I was trynna just copy the first image, but they're all together.

Sdn only lets me have one image in my signature so I had to combine them

 

[DVMDream]

Probably, there are other possibilities though. Some schools offer X dollars of aid assuming you finish or complete a certain track. If you drop out or change tracks then you owe the full amount. HPSP scholarship is like this as well as most med schools that offer tuition credits for staying in state afterwards. My guess is Tufts vet school isn't one of those programs as it was bad journalism, but idk.

HPSP isn't funded by the school.

 

[lioness2408]

(Also @lioness2408, since you're a student, do you have any idea what systems they're even talking about?? What "librarian" would have admin access to IT systems?)

Unfortunately this is one of the aspects of the case where I don't know anything more than anyone else. I don't think I've interacted with any of the librarians since maybe first day orientation, and I don't really spend any time in the library myself. Don't know anything about any systems either, Tufts students have access to multiple ones and I'm sure faculty and staff have even more

1) "Warner, the committee chair, said in a letter that the school “does not know” how the initial librarian’s account was compromised, and that it was “irrelevant” if Filler even created the “Scott Shaw” account."

Saying that material evidence of an attack is "irrelevant" is infuriating to me and essentially throws the entire case out the window. In other words, from my read, stealing the librarian's password and somehow using it to create a "Scott Shaw" dummy account with lots of admin permissions is kind of how the penetration into the school's systems took place to begin with.

That's akin to saying, "Oh, it's irrelevant how you actually broke into my house. All I know is some things are missing, but I know you were the one who did it!"

I think the two issues I see with this particular statement is that the quote from Warner is so piecemeal that it could have easily been taken out of context, if we really put our tinfoil hats on (they included a letter from Knoll, why just quote four discontinuous words from Warner's?).

I can see where you're coming from with the breaking-into-a-house analogy, but I think that when you commit a physical crime there is going to be physical evidence, whereas with a cyber crime like this there may not be anything so concrete. Getting access to the account may very well have been as easy as looking over this librarian's shoulder while she entered her password, or paying someone who knew the login credentials. In those cases, the only way to ascertain how it happened would be if the guilty party confessed. In light of that, I don't find it particularly damning that the school realized that was not evidence they were going to find and built their case around other information instead. I don't think the case can be thrown out the window on the basis of this by any means.

The iPhone 5s/6 thing doesn't make sense to me. Neither do other details.

Without information released from the school, these details are largely a game of telephone. The school told Tiffany something related to her case, and she relayed this to a journalist writing a sympathetic piece about her. Since the school cannot release its own information about the case (per privacy laws) and otherwise will not release its own information (in anticipation of what at this time seems like a likely lawsuit), I'd currently consider any of the evidence cited in the article besides the screenshots of actual correspondence to be largely hearsay.

Then they can cut the crap and provide their evidence that led to their decision. If not, sue and subpoena it. If my school said, "We're kicking you out, but we aren't saying how we came to this conclusion," I'd like to think I'd make it my life mission to sanction them if only so that they cannot hurt anyone else again.

As I alluded to above, it seems that providing their evidence is not as simple as just posting it online like "ok guys, here it is!" First and foremost, as frustrating as it is to all of us armchair detectives right now, Tufts really isn't under any obligation to release this information to the world. In fact, even if they could just do so I don't think they would because it just wouldn't be in the school's best interest to provide their evidence to anyone who might form an opinion about it in case it is later needed in a civil trial. If she does lawyer-up and file a lawsuit I trust that Tufts will provide all the information that they used to form their decision in Discovery, and then we can all happily devote an afternoon to deconstructing it all.

Furthermore, there are privacy concerns. I have seen some disgruntlement over the fact that Tufts would not release its information even if Filler waived her privacy rights. However, don't forget that she was not the only student affected in this case. Other students both had their grades altered (though downwards instead of upwards) and some came forward to attest to Filler's alibis. Private information about those students, like their grades, are probably a not-insignificant part of Tufts' case against Filler, and so all of them would also be compromised by releasing whatever file the school has on her. Would you want your personal business put on display for your classmates as well as the internet masses, just because someone thought they could get away with grade-altering? I know I wouldn't.

This isn't about bombing a quiz, for example, it's expulsion and not providing evidence.

This is another aspect of the case that I take with a grain of salt based on the skew of the article. I'm not sure that we should totally believe that Tufts withheld vital evidence from Tiffany, any more than I believe that she was actually unexpectedly pulled off of clinics in the middle of the day with no warning to face the grievance committee.

As a disclaimer, I hope it doesn't seem like I am blindly defending Tufts. If it comes out that there was actually foul play on the part of the administration and an innocent student was expelled right before graduation, I'll be the first to condemn my school. It's just that right now I find some of the evidence against her more compelling than any suggestion of shadiness on the school's end. No one but Tiffany Filler really knows what happened, and the rest of us may never get concrete answers, but cheating is still the narrative that makes the most sense to me.

 

[ZZ801832]

Such a sketchy situation. All I can think of is if she really was tech-savvy enough to hack into the school' system, wouldn't she be smart enough to not do it from her own laptop?

Wondering if there's any chance of her "transferring" to a Canadian University to re-do her fourth year and graduate next year.