A former University of Kansas student who used a keystroke logger to steal professors’ passwords, hack into KU’s computer system and change his grades is now a convicted felon for those crimes.

At the court hearing, he promised he had removed keystroke logger software from all of his electronic devices and would not access it again.

Varun H. Sarja, 20, of Olathe pleaded guilty on Thursday to four of the 18 felony counts he originally faced, two counts of identity theft and two counts of unlawful computer acts. Under the plea agreement, the remaining 14 charges were dropped.

With no prior criminal history, Sarja will face probation under the state’s sentencing guidelines, Douglas County District Court Judge Kay Huff said. He’s scheduled to be sentenced July 2.

Sarja also will be required to get a mental health evaluation, allow law enforcement to verify that his electronics no longer have the keystroke logger program and write apology letters to all the professors and teaching assistants who were affected, under plea deal recommendations from prosecutor Deborah Moody and Sarja’s attorney, John Kerns.

Before accepting Sarja’s plea, the judge asked him to explain to her what he did wrong.

“Quite simply, I used passwords that weren’t mine to change my grades in the KU system,” Sarja said.

Sarja told the judge that he has completed his sophomore year of college, but did not specify where.

KU held a hearing to remove him from the university in summer of 2017, after KU police began investigating the hacking but before criminal charges were filed, in November 2017.

The Journal-World first reported the cybersecurity breach in October 2017, after details were shared at a KU School of Engineering Senate meeting but the involved student was not named. University officials said then that the hack “was minimal and caught quickly” and a “disciplinary process is taking place for the person responsible.”

Sarja was a freshman studying engineering at KU during the 2016-17 school year, when he successfully used a keystroke logger to steal instructors’ confidential login information, hack into multiple campus computers and change F’s to A’s.

Keystroke logger devices plug easily into computers and record every keystroke that’s typed, enabling hackers to obtain others’ user names and passwords for accounts and computer systems.

Sarja was on academic probation in spring 2017, and after being surprised to see he had an A in math, a KU School of Engineering academic adviser and the math professor began checking into it.

An ensuing investigation by KU police revealed that Sarja had changed almost all of his 10 grades that year, starting in December, and stole teachers’ login credentials to do it. Sarja told detectives he loved engineering, wanted to be successful and was scared to tell his parents he had failed classes.

The Journal-World requested Sarja’s booking photo from the Douglas County Sheriff’s Office, but did not immediately receive a response as to whether it would be released.