Skip to main content

UK Professor Finds Nefarious Links to Paper Mill Sites on Higher Ed Websites

By Richard LeComte Jim Ridolfo

LEXINGTON, Ky. – A University of Kentucky professor has dug into the websites of universities in Australia and the United States and found some odd things lurking there. Programmers in charge of concerns that produce illicit papers for students are finding ways to redirect students from university help sites to their own “paper mills.” 

These illicit techniques insert software into vulnerable university websites so that students get redirected to sites that offer to help with papers. Instead, the sites end up selling papers to misled students, said Jim Ridolfo, director of composition and associate professor in the Department of Writing, Rhetoric and Digital Studies in the College of Arts & Sciences.  

“A lot of what we're looking at is similar to what pharma hacks have been doing for years,” he said. “You go to a legitimate site and it directs you to a pill mill site in Ukraine or something like that. Here, the links are directing you to paper mills.” 

Paper or essay mills have existed for a long time, but hackers have given these groups a variety of ways to draw students to their sites. Students think they’re going to sites for university writing labs, but they instead end up on paper mill site, which is disguised to seem legitimate and even offers chat sessions with supposed experts. Students can buy papers on different subjects; the students are then vulnerable for further exploitation through blackmail.  

“So, once a student engages with a contract cheating site, the student typically has no idea who’s behind that site,” Ridolfo said. “This is not like 30 years ago where you know people are putting fliers on university walls and saying, ‘Hey come meet me down the street at the coffee shop and we'll talk about your paper.’ You're dealing with some actor that you have no idea where they are or who they are. And you're giving them financial information. They're also potentially saying, ‘Hey we’ll email your teacher if you don't pay us more money.” 

After finding some of these hacks on higher education websites, Ridolfo decided to run a pilot study to see how prevalent these intrusions are. He and his research partner, William Hart-Davidson at Michigan State University, gathered a list of 14 paper mill domains, then used site:edu search terms to sniff out those domains from Google search results. They found that hackers have infiltrated more than 100 websites in U.S. colleges. Ridolfo and Hart-Davidson published a report in February on the pilot data, identifying four types of attacks: 

  • Inject embedded links to an external paper mill site. 

  • Write scripted attacks that redirect traffic from a specific university website to a paper mill.  

  • Use bots to place comments with links into discussions. 

  • Get universities to post referrals for essay contests on their sites. The paper mills then take the entered essays and sell them off to other students.  

The paper mills benefit further by inserting their links into the sites of prestigious universities, which potentially raises their ranks on Google searches. And they exploit the fact that universities often use a variety of ways to post resources on the Web to find weaknesses: Hackers run programs that seek out these vulnerabilities and insert the paper mills’ identities in the code.  

“It's scripted,” he said. “These are not people individually taking time to compromise each specific site. They're running scripts on a domain and looking for vulnerabilities and then just injecting those sites with different types of attacks, depending upon what's possible.” 

Once the researchers contact universities about these hacks and vulnerabilities, tech administrators frequently must work with a number of different departments and Web publishing systems, which can lead to delays in fixing the problem. He sees this research as lying at the crux between composition and tech, which is the focus of his research.  

“We're hoping to create a resource available for university administrators to find these problems,” he said. “I’m interested in these kinds of problems and the practical aspect of how we can go about solving them.” 

At the request of University of New South Wales colleagues Cath Ellis and Kane Murdoch, a further study with Chris Lindgren at Virginia Tech found 179 instances in Australia.  

“Australia was interesting because it has only around 40 institutions of higher education, so they're a lot more centralized in terms of their university administration,” Ridolfo said. “So some of the ways that contract cheating companies were going after Australian universities were a little bit trickier. They were creating fake search indexes to trick Google.” In April, these findings were presented to Australia’s Tertiary Education Quality and Standards Agency and acted upon by Australian government and university officials.  

As a next step, they’re running a scan of collegiate sites in Canada.