What began as a student’s frustration allegedly spiralled into a multi-year cybercrime operation. Police allege a former Western Sydney University student hacked into university systems over four years, tampered with grades, demanded cryptocurrency ransom, and triggered a massive investigation that has now culminated in more than 20 criminal charges.
A Digital Trail of Grievance: Years of Alleged Intrusions
The story of Birdie Kingston, a 27-year-old former engineering student, has stunned university officials and cybersecurity experts alike. Police allege that between 2021 and 2024, Kingston exploited her access to Western Sydney University’s digital infrastructure to conduct a series of escalating cyber attacks.
Her motivations, police say, stemmed from long-standing grievances with the institution. Grievances that allegedly evolved into calculated digital sabotage. From altering academic results to attempting to secure financial advantage and discounted parking, the intrusions reportedly grew bolder with each passing year.
Detective Acting Superintendent Jason Smith of the NSW Police Cybercrime Squad stated that it’s quite astounding. Despite being previously spoken to by the university and police, it can be alleged that she continued to offend.
The Escalation: Ransom Demands and Dark Web Threats
According to police, the tipping point came in November 2023, when Kingston allegedly posted a ransom demand on a dark net forum, threatening to publish sensitive university data unless she was paid around $40,000 (approximately Rs. 34 Lakhs) in cryptocurrency.
Investigators claim this was not an idle threat, they later uncovered over 100GB of data retrieved from a cloud server during a search of her Kingswood residence. The contents of the data trove remain under review, though police say there’s no indication it was publicly leaked. The university did not pay the ransom.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
The Charges: Legal Reckoning Begins
Following a two-year investigation, Kingston was arrested on Wednesday and charged with over 20 criminal offences, including:
-
10 counts of accessing/modifying restricted data
-
4 counts of unauthorised data modification with intent to impair
-
Dishonestly obtaining a financial advantage by deception
If convicted, she faces up to 10 years in prison on the most serious charges. Kingston has been refused bail and is expected to appear before Parramatta Local Court on Friday. Western Sydney University issued a statement affirming that it had “acted swiftly to protect student and staff data,” adding that the breach has prompted a review of internal digital security protocols.
The university has also confirmed that no data from the alleged attacks has been made public, and affected students are being notified as investigations continue.
About the author – Prakriti Jha is a student at National Forensic Sciences University, Gandhinagar, currently pursuing B.Sc. LL.B (Hons.) with a keen interest in the intersection of law and data science. She is passionate about exploring how legal frameworks adapt to the evolving challenges of technology and justice.