The Australian Federal Police recently arrested and charged a man who used an 'Evil Twin' free Wi-Fi access point to steal data from victims on a domestic flight. 42-year-old Michael Clapsis now faces nine cybercrime charges for the alleged attack.
According to the official reports, The AFP's Western Command Cybercrime Operations Team of Data and Devices launched an investigation in April 2024 when it received a complaint from an airline concerning an unknown Wi-Fi public network identified by the in-flight employees. Upon his return to Perth Airport in the same month, authorities searched his baggage and seized his portable wireless access point, a laptop, and a mobile phone.
The AFP found the devices that had used fake Wi-Fi login pages through his fake wireless access point, which was used in Perth, Melbourne, and Adelaide during domestic flights and at the airport. The fake Wi-Fi pages required users to sign in using their email and social media login credentials, which were then stolen and stored.
The examination of these devices provided the necessary details, and the man's home was searched on 8th May, which also led to his arrest, with the court date set for June 28, 2024. One of the charges is the unauthorized impairment of electronic communication, which carries up to ten years imprisonment, with the rest of the charges carrying between two and five years imprisonment apiece.
AFP Western Command Cybercrime Detective Inspector Andrea Coleman warned users to be cautious about using login credentials through public Wi-Fi networks. "To connect to a free Wi-Fi network, you shouldn’t have to enter any personal details– such as logging in through an email or social media account,” she said. “If you do want to use public Wi-Fi hotspots, install a reputable virtual private network (VPN) on your devices to encrypt and secure your data when using the internet. When using a public network, disable file sharing, don’t do anything sensitive - such as banking -while connected to it and once you finish using it, change your device settings to ‘forget network’.
Coleman also recommends replacing passwords with different passphrases for every account, using an online password manager, and updating your devices.
Microsoft releases updates to patch any known or potential flaws to prevent attacks, such as the one reported a month ago. The FBI has made similar recommendations concerning public Wi-Fi networks as well.