Bill really didn't want to fail.
A Midwestern tech worker who had risen to become a vice president of IT at a big bank, Bill was set to take a Microsoft certification test to prove his proficiency with the company's Azure platform. Passing the exam would help boost his career, adding another technical certification to his résumé that he could parlay into a raise, or maybe even a higher-paying job.
But after spending several hundred dollars to register for the test and studying for weeks, he didn't want to leave anything to chance.
So he decided to cheat.
It wasn't hard. With a little searching online, Bill — whose real identity Insider is concealing to avoid professional repercussions — was able to find the exact test he was going to take, along with the answers. He set aside a few hours, learned them all by heart, and aced the test.
It was one in a long line of tech certifications that Bill freely acknowledges he earned, at least in part, by cheating. And he's far from alone: In the tech industry, it's an open secret that there are thousands, if not millions, of cheaters just like Bill. By combing through "exam dumps" or "brain dumps" — online repositories of certification tests, answers included — fraudsters can rack up professional credentials without knowing anything about what they're being tested on. And the companies issuing the specialized certifications, from Microsoft and Amazon to Google and Salesforce, have been virtually powerless to stop the cheating, even on the major platforms that they own.
The rise of actual questions for tech certifications could have devastating consequences. Tech insiders familiar with the practice say unqualified candidates are using copies of exams for major tech systems and software to land jobs handling sensitive data and mission-critical infrastructure that affect employers and consumers alike.
"If you step on a plane to Phoenix from San Francisco, imagine how you would feel if you found out your pilot cheated on all the exams and memorized all the answers," said Humphrey Cheung, an engineer with more than two decades of experience in the tech industry who has seen actual questions used countless times. "That would kind of suck, right?"
A problem for companies, customers, and workers
Underneath every modern business, from grocery stores to missile manufacturers, lies a complex web of servers, databases, and other technology that is maintained by an army of IT and tech workers. In today's increasingly digitized economy, this critical infrastructure is as essential as electricity and water. Companies rely on tech to do everything from tracking sales and paying vendors to keeping their employees connected via Slack.
But with so many different platforms and systems to manage, companies need a quick way to ensure that IT employees and job candidates are proficient with the tools they're expected to work with. That's where third-party certifications come in. Like plumbers or electricians, IT workers earn independent certifications to confirm they understand leading systems and can install and repair them on the fly. Need to prove you can connect a Cisco router, or deploy a Salesforce instance, or secure a dataset in Google Cloud? Just get certified.
The popularity of certification tests has exploded in recent years. The research firm IDC estimates that the US market for IT education and training that includes certification tests is now worth $1.4 billion a year. That's in part because third-party certification offers workers a quick route into the tech industry without an expensive college degree, and in part because tech vendors have discovered that they can outsource the work of maintaining the systems they sell to third-party IT companies staffed up with certified technicians instead of having giant, cumbersome customer-service departments of their own.
Imagine how you would feel if you found out your pilot cheated on all the exams and memorized all the answers.
But the high stakes have also led to what many in the industry acknowledge privately is an epidemic of cheating. It's impossible to put a reliable number on the amount of cheating happening, but Cheung and several other industry veterans said that based on how often they've spoken to people who admit to using actual questions and seen them circulate in professional networks, they'd guess that nearly half of all certifications worldwide are obtained by test-takers who crib the answers from exam dumps.
These fraudulently obtained certifications are not just prevalent but also dangerous, certifications experts who track the use of these actual questions say. It can be hard to pin direct customer harm on exam dump usage, these experts said, in part because companies are reluctant to admit to that sort of harm — if an employee screws something up, companies are much more likely to just fire them, not launch an investigation into their professional qualifications. But the cheating is clearly having a corrosive effect on the tech industry, particularly the hiring process.
"Maybe the person themselves doesn't deliver the value that they're supposed to have delivered," Randy Russell, the director of certification at Red Hat, an open source solutions provider, said. He added that fraudulently obtained certifications can also damage the reputation of the certification issuer, making the credentials they issue more suspect in the eyes of recruiters and hiring managers.
And for those recruiters and companies, they're forced to eat up more of their time weeding out candidates who may be cheaters. "The hiring managers and companies are also harmed, because they now have to devote more time and resources to vetting who is and isn't actually qualified," Tim Woodruff, a developer and consultant who specializes in the IT tool ServiceNow and has tracked the use of actual questions in the industry, said. But the biggest losers in the whole debacle, Woodruff said, are the aspirant tech workers who are taking the certifications legitimately, only to see the value of these tests degrade. "The people trying to launch or grow their career are probably the ones who are harmed most of all," he said.
Given how high-tech the industry is, the wave of cheating is surprisingly a low-tech scam. Many of the questions on major technical certification tests are reused for months or even years, so unscrupulous test-takers simply jot down or memorize the exam, type them up afterward, and then post the Dumps online. Prospective test-takers then pay for access to the completed test and breeze through their own exam. It's the same kind of scam college students run, just transferred to the world of IT testing.
The people trying to launch or grow their career are probably the ones who are harmed most of all
Exam dumps have been around for years. In 2002, a man in Vancouver, Washington, pleaded guilty to theft of trade secrets after compiling answers to the Microsoft exams for system engineers and solution developers and selling them online. But two decades later, such cheating is so ubiquitous that people are no longer being charged for the theft. Cheat sheets are available through countless channels online, from group chats and social-media ads to the websites of hundreds of companies — with names like CertKillers.net and ExamTopics.com and DumpsGate.com — that openly sell the answers to certification exams. Some of the sites feature threads and forums where users praise the dumps for helping them cheat, helpfully correct mistakes in the posted tests, and request the answers for other certification exams.
"Exam dumps are an industry now, is the sad truth," Michael Paul, a data-protection consultant in the United Kingdom, said. "You get this attitude from some people of, 'Oh, I just need to get the exam passed.' They don't care that they're diminishing the entire value of that certification."
In an ironic twist, major tech companies host lively marketplaces for actual questions on their own platforms. On the messaging app Telegram, group chats with impressive-sounding names like "Salesforce Support" connect thousands of users looking to buy and sell exam dumps. Cheaters say that WhatsApp, the messaging app owned by Facebook's parent company, Meta, is a popular venue for finding dumps, and sellers advertise their wares on Instagram, YouTube, and Amazon's Marketplace. You can buy the answers to major tech certifications — including Microsoft Azure and Amazon Web Services — for as little $10, complete with reviews attesting to their reliability.
Even LinkedIn, the job-networking site owned by Microsoft, has become a place where users offer actual questions for sale — despite the fact that Microsoft's own tools are affected by the cheating. The answers to "LinkedIn Skill Assessments," a set of free in-house exams that LinkedIn offers to enable users to certify their proficiency with dozens of tech tools, from Adobe Illustrator to Google Analytics, are all freely available on GitHub, which is also owned by Microsoft. Gleeful TikTok users have been quick to make videos highlighting this flaw in LinkedIn's tests.
The reasons for cheating
Cheung, the developer based in Singapore, was working for a networking company a few years ago when he received a résumé from a job applicant who had recently obtained his certification as a Cisco Certified Network Professional.
Cheung noticed some potential red flags in the application, so he invited the candidate to sit down with a Cisco router and run through a few problems. The candidate was stumped. Cheung then asked him to change some basic configurations. The candidate still couldn't do it — even after Cheung told him he could use Google for help.
"People get nervous in an interview, and I'm OK with that," Cheung said. "So I gave him every chance, and he couldn't do it."
Ultimately, it became clear to Cheung that despite the candidate's "certification" in Cisco systems, he had no clue what he was doing. So Cheung asked the candidate if he had used an exam dump to pass his certification. The defeated-looking candidate said yes.
For some, using actual questions is driven by nothing more than a desire to climb the corporate ladder by any means necessary. They aren't thinking about getting caught — they're thinking about whether or not the cheat sheets are right. Because actual questions are crowd-sourced by people who previously took the tests, there's no guarantee that the dump-makers copied out the questions correctly — or that they actually knew which of the multiple-choice options were the right answers. "When I started looking for the questions, there's a lot of wrong answers, so I didn't trust it," said an IT consultant in Italy who used an exam dump this summer.
But others have more complex reasons for cheating. For some, it's the expense. Certification tests can cost several hundred dollars a pop — or more for higher-level credentials. Sometimes the exam fees are paid for by a worker's employer, but those trying to break into the industry often have to foot the bill themselves. Bill, the IT worker at a Midwestern bank, said that one reason he cheated was the reassurance the exam dump gave him that he wouldn't have to pay to retake the test.
I was quite surprised to see the exam that came up was literally the same questions
For others, it's desperation. The IT consultant in Italy, who asked to remain anonymous, said he studied hard for a certification offered by the cybersecurity firm CyberArk, and thought he knew the subject matter. But he turned out to be a bad test-taker, and he failed the exam — twice. So he found some dumps online, studied the actual questions in advance, and finally passed. He then used the certification to help him land a pay raise.
There's a perception in the tech industry that actual questions are particular widespread in emerging market economies, where the relative cost of taking a test — and the potential payoff for achieving a certification — is much higher. "Broadly speaking, we do find that there tends to be more issues around exam security in those markets, India being one in particular where we see a fair amount of it," said Russell, the Red Hat director. "Getting certified in that market can actually be absolutely transformative to one's income prospects and livelihood."
An engineer from Pakistan said when he was starting his career, he used dumps to get his first Salesforce certification. Taking the exam cost him the equivalent of half his monthly salary — he simply couldn't afford to fail and pay to retake it. After memorizing some actual questions he found, he aced the test.
"I was quite surprised to see the exam that came up was literally the same questions," he recalled. "They didn't have a big bank of questions." He now works for a major tech firm in the United States and said he only obtains certifications through legitimate means now.
But the perception that workers from poorer countries are more likely to be cheaters can also fuel racism against foreign-born tech workers. "People from India are often looked upon with a disproportionate level of suspicion," Woodruff, the ServiceNow developer, said. "Companies and hiring managers are much more likely to assume that an Indian person obtained their certifications by fraudulent means, even if that biased expectation is subconscious and due to their recent experiences in hiring."
Companies are trying, and failing, to fight back
Given the onslaught of cheating, companies that offer certifications are taking a variety of countermeasures to try to combat cheaters. Some periodically refresh the exams with new questions; others monitor test-takers to see if anyone is answering the exams suspiciously fast. A Google spokesperson said the company asks exam-dump sites to take down the questions — an approach that seems unlikely to stem the tide of cheating. ServiceNow said it employs data analytics to identify when clusters of exam-takers all answer questions similarly, indicating that they likely used the same exam dump.
Red Hat, the cybersecurity firm, eschews multiple-choice questions altogether, opting instead for hands-on exams that require the test-taker to demonstrate actual proficiency with its tools. Many companies incorporate a hands-on component in their most senior certifications, but the increased costs of supervising and assessing such tests make them too expensive for many entry-level certifications.
But certification companies acknowledge that they are far from eradicating the problem. The more people cheat, the more others feel obligated to utilize underhanded methods to keep up with the cheaters they're competing against. And in many cases, the cheating appears to be condoned — and even encouraged — by employers. Vendors often supply consulting and technical-support companies better deals on their products if the firms have more certified workers on staff. Multiple tech workers told Insider that it's common for unscrupulous employers to push their workers to use illicit dumps to earn extra credentials — either to make the company more attractive to potential clients or to earn it a discount on IT products.
One said his company provided him with copious actual questions when he asked them if they had any legitimate training resources for an upcoming exam he was due to take. It made him suspect the expertise of his colleagues, and paranoid that if his employer's actions ever emerged, he might also be falsely accused of using dumps and stripped of his legitimately acquired certifications.
Fed up with the lack of progress at cracking down on cheaters, some workers in the tech industry are taking matters into their own hands. Woodruff spent the summer infiltrating multiple Telegram groups — some of which have thousands of members — that are dedicated to sharing the company's exams. Over time, he gained the trust of the group's administrators, ultimately convincing them to appoint him as a fellow administrator to help oversee the groups.
He immediately disbanded the groups and banned all their members, disrupting — if only temporarily — one small part of the exam-dump trade.
Rob Price is a correspondent at Insider, based in San Francisco.
Got a tip? Contact Rob by phone or Signal at +1 650-636-6268, email at firstname.lastname@example.org, or on Twitter at @robaeprice. Confidentiality offered.
Correction: November 14, 2022 — An earlier version of this story misstated the scope of Red Hat's business, it is an open source solutions provider not solely a security software provider.