Cybercrime Squad detectives have arrested and charged a 27-year-old former student for orchestrating a multi-year cyberattack campaign against Western Sydney University (WSU).
The hacker faces 20 criminal charges following a police operation that uncovered computer equipment and mobile devices used in the attacks.
The breaches, occurring since 2021, involved unauthorized access, data exfiltration, and threats to sell stolen student information on the dark web, impacting hundreds of staff and students.
Exploitation of University Systems
The hacker initially compromised WSU’s infrastructure to fraudulently obtain discounted campus parking—a scheme that escalated into academic fraud and large-scale data theft.
By exploiting vulnerabilities in the university’s single sign-on (SSO) systems between January and February 2025, the attacker gained unauthorized access to sensitive data repositories.
This allowed her to alter academic records, exfiltrate over 100GB of confidential student data, and later threaten its sale on darknet forums unless a $40,000 cryptocurrency ransom was paid.
The SSO breach alone affected approximately 10,000 individuals, highlighting critical gaps in authentication security.
Technical Methods and Charges
The attacks employed advanced techniques, including:
- Data exfiltration: Unauthorized transfer of sensitive information via compromised credentials.
- System manipulation: Unauthorized modification of academic records and parking access controls.
- Dark web extortion: Threats to monetize stolen data through underground markets.
Police charged the suspect with 20 offences under Australian cybercrime statutes, including:
| Offense Category | Specific Charges |
|---|---|
| Data Access/Modification | 10 counts of accessing/modifying restricted computer data |
| System Sabotage | 4 counts of unauthorized data modification to cause impairment |
| Financial Crimes | Dishonestly obtaining property/financial advantage by deception |
| Extortion | Demanding gain via menaces and attempted deception |
The charges align with global frameworks like the Computer Fraud and Abuse Act, which criminalizes unauthorized system access and data theft.
Institutional Impact and Ongoing Response
WSU’s infrastructure suffered repeated compromises, prompting a $600 million cybersecurity overhaul, including enhanced monitoring and forensic tools.
The university collaborated with the AFP Joint Policing Cyber Coordination Centre and NSW Cybercrime Squad’s Strike Force Docker, which continues investigating the breaches.
NSW Police emphasized the escalation from “petty fraud to systemic data terrorism,” underscoring the need for robust organizational security against insider threats.
The accused remains in custody pending trial, while WSU offers support services to affected individuals.
This case exemplifies the severe consequences of cyber-enabled crimes, particularly when perpetrators exploit institutional trust for personal gain.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
Click Here For The Original Source.
