Student couldn’t hack parking fees before $40k ‘ransom’

Tom Wark and Jack Gramenz |

A former Western Sydney University student will face court charged with hacking offences.
A former Western Sydney University student will face court charged with hacking offences.

Getting free passes in the classroom and the car park has allegedly put a university student on the path to financial extortion of her alma mater.

Police allege the 27-year-old former student waged an “ongoing and sustained campaign” against Western Sydney University for more than four years before her arrest on Wednesday.

“We’re aware that there are a number of grievances … which were not resolved to their liking, and we believe that that’s the driving factor behind the offending,” Detective Acting Superintendent Jason Smith said on Thursday.

Police seized more than 100 gigabytes of data along with computers, servers and mobile devices in the raid on a unit at Kingswood in Sydney’s west.

It is unclear how many staff and students’ data has been compromised, but police had no evidence the information was sold on the dark web.

The student allegedly first attacked the university in 2021 when seeking discounted parking on campus.

From there, the cyber attacks escalated as the student gained more capability, police allege.

She also allegedly changed one of her grades from a fail to a pass.

The former electrical engineering student allegedly started holding the university to ransom from November 2024, eventually demanding $40,000 in cryptocurrency to stop her revealing sensitive data about staff and students.

Police had searched the student’s residence in September 2023 before Wednesday’s raid of her apartment resulted in her arrest and 21 fraud and cyber charges.

She was remanded in custody ahead of a court appearance in Parramatta on Friday morning.

The UWS Parramatta campus (file image)
Western Sydney University has upgraded its systems to prevent future cyber attacks. (HANDOUT/Western Sydney University)

Western Sydney University said the attacks had a significant impact on the university community and upgrades were made to prevent future attacks.

“This includes employing specialist staff, implementing new technologies that enhance our ability to detect, respond to and defend against threats to our digital environment,” it said in a statement.

University of Queensland cybersecurity expert Ryan Ko said universities could be more “porous” in data protection than other institutions.

“Many different people take multiple roles – for example, there are postgraduate students who are both student and staff, so it’s a bit more complicated,” Professor Ko told AAP.

Prof Ko said it was common for individuals committing cyber attacks to start with low-level hacks and progress to more sensitive systems.

“They tend to be opportunistic. They look for the lowest hanging fruit, in this case parking,” he said.

AAP