An Australian man has been charged with operating fake Wi-Fi access points on domestic flights in an attempt to steal user credentials and data.
The 42-year-old man, who has not been named, “allegedly set up fake free Wi-Fi access points that mimicked legitimate networks and stole personal information from unsuspecting victims who accidentally connected to them,” the Australian Federal Police (AFP) said in a press release last week.
The agency said it launched an investigation a month ago after receiving a report from an airline that an employee had identified a suspicious Wi-Fi network during a domestic flight, and the suspect was charged in May 2024.
A mobile wireless access device, a laptop and a mobile phone were subsequently seized during a search of his luggage on April 19. He was arrested on May 8 following the execution of a search warrant at his home.
The individual is alleged to have launched “Evil Twin Wi-Fi attacks” disguised as legitimate Wi-Fi networks at various locations, including domestic flights and airports in Perth, Melbourne and Adelaide.
Users who tried to connect to the free, fake network were asked to enter their email address or social media credentials through a captive portal web page.
“The email and password details collected could then be used to access more personal information, including the victim’s online communications, stored images and videos, and bank account details,” AFP reported.
The defendants were charged with three counts of unauthorized interference with electronic communications and three counts of possessing or controlling data with intent to commit a felony.
He was also charged with unauthorized access to or alteration of restricted data, unauthorized obtaining or trading in personal financial information and possession of identification documents, which carry a maximum sentence of 23 years in prison if convicted.
“You shouldn’t have to enter any personal information, such as logging in with an email or social media account, to connect to a free Wi-Fi network,” said Andrea Coleman, AFP’s Western Command cybercrime investigator.
“If you use public Wi-Fi hotspots, install a trusted Virtual Private Network (VPN) on your devices to encrypt and protect your data as you use the internet.”
