Authors and institution: Anonymous
Focus area: Identifying the case
A lecturer of an elective subject with 120 enrolled students noticed that around a dozen students were submitting identical or near-identical answer patterns to the weekly short-answer question tasks in Moodle. When the lecturer reviewed the times that the students finished the questions, they also noticed that they were often completed very close together in time (for example, within minutes of one another), or at unusual hours (for example, 2am). The lecturer became concerned that this may indicate that students were either colluding, or potentially that a third-party was carrying out work for multiple students. The lecturer alerted their Faculty Academic Integrity Officer, who shared their concerns, and referred the matter to the Central Integrity Team (CIT) for further review.
The central integrity office investigation
CIT obtained the Moodle logs for the elective subject and ran an analysis to look for shared internet protocol (IP) addresses among the students in the subject. This is something that is often observed where students have colluded or where third parties have carried out work for multiple students. CIT identified that 66 students shared non-campus IP addresses and that one of these IP addresses often carried out the weekly assessment task for multiple students one after another.
IP address analysis identified that a majority were VPN connections, however, among the VPN activity the team also observed occasional non-VPN connections originating from Kenya. As Kenya is known as a contract cheating hotspot, this gave CIT cause to suspect that the VPN connections were being operated by one or more individuals in Kenya and that the students were therefore likely to have engaged in contract cheating.
Contract cheating research shows that students who have engaged in contract cheating have often done so multiple times. Consequently, CIT expanded its investigation to include every subject the 66 students had participated in. CIT built a case for the Misconduct Committee to consider using the following evidence:
- Shared IP addresses connected to assessments for multiple students on the same dates, including quizzes conducted from the same IP address in sequence, one after another.
- Activity from contract cheating hotspots, such as Kenya or Pakistan, where it was contextually unusual for the student to be based (i.e. the student was located in Australia).
- Impossible location changes in the Moodle logs based on IP address analysis.
- Highly inconsistent document metadata, obtained from Turnitin.
- Engagement data that showed the students had often had very low engagement with subjects, and that engagement was highly focused on assessment.
Misconduct Committee finding
The Misconduct Committee found that the 66 students had engaged in contract cheating in the module of interest, and in additional subjects (an average of 10 subjects per student).
Key lessons or points for implementation
- Learner management systems hold valuable information that can be used to identify contract cheating at scale.
- Trained investigators can conduct deeper analyses of the concerns an academic may be having about anomalous student behaviour.
- Students who have been found to have engaged in contract cheating once are more likely to have engaged in this practice multiple times, and it is worthwhile to expand your search beyond the one case.
Academic integrity toolkit