A man who set up fake free Wi-Fi access points at airports and on airplanes to steal personal information was arrested

A 42-year-old man has been arrested and charged with setting up fake free Wi-Fi access points at Australian airports and on domestic flights to steal personal information from others. The Australian Federal Police is warning people not to access public free Wi-Fi without due caution.

WA man sets up fake free wifi at Australian airports and on flights to steal people's data, police allege | Cybercrime | The Guardian

https://www.theguardian.com/technology/article/2024/jun/28/wa-man-fake-free-wifi-airports-data-theft-ntwnfb

Australians charged with 'Evil Twin' WiFi attack on plane
https://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/

The man indicted is a 42-year-old man from Western Australia. The man set up fake Wi-Fi access points at airports in Perth , Melbourne and Adelaide, on domestic flights and at locations related to his former workplace. The fake Wi-Fi access points he set up had SSIDs similar to those of free Wi-Fi access points provided at airports and on planes, and users who mistakenly connected to them were directed to a dummy page that asked them to enter their email address and social networking login information. The information entered was stored on the man's device and may have been used to access personal information.

However, the Australian Federal Police began investigating in April 2024 after receiving a report from an airline that a suspicious Wi-Fi network had been spotted on an aircraft during flight.

On June 28, 2024, police searched the man's luggage when he returned to Perth Airport and found a mobile Wi-Fi device, a laptop computer, and a mobile phone. After further searching his home in the suburbs of Perth, police arrested the man.

The man was charged with interfering with electronic communications, possessing data with intent to commit a felony, unauthorized access to or alteration of restricted data, unauthorized obtaining of personal financial information and possessing identification documents for criminal purposes. If convicted, he faces up to 23 years in prison.

According to security researcher Daniel Card, the cyber attack carried out by the man is called 'Evil Twin', but because the free Wi-Fi hotspot needs to be installed in person, it is quite rare for it to actually be carried out.

The Australian Federal Police Cyber Crime Unit has recommended that people be careful when using public Wi-Fi: 'Do not enter personal information when accessing free Wi-Fi,' 'Change your password if you connect to a suspicious network,' 'Report any suspicious activity to the police,' 'Do not access sensitive transactions such as banking transactions over public networks,' 'Disable file sharing on your device,' and 'Use a VPN.'

On the other hand, Card said, 'The need to stay online even while traveling long distances is increasing, so telling people not to use Wi-Fi is unrealistic,' and argued that multi-factor authentication rather than usernames and passwords and robust security standards are needed to protect accounts.