Man charged over alleged 'Evil Twin' WiFi attacks on planes and airports in Australia

• He allegedly set up fake free WiFi access points to steal personal data.
• The man, 42, is facing nine cybercrime charges.
• Airline staff raised concerns after noticing a suspicious WiFi network on a domestic flight.

A man has been charged over a series of alleged ‘evil twin’ attacks on planes and airports. It is claimed that the 42-year-old established fake free WiFi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them.

He was due to appear at Perth Magistrates Court on 28 June and is facing nine charges for alleged cybercrime offences. Analysis by the Australia’s Federal Police’s (AFP) Western Command Cybercrime Operations Team of data and devices seized from the man has allegedly identified dozens of personal credentials belonging to other people as well as fraudulent WiFi pages.

The investigation was sparked after an airline reported concerns about a suspicious WiFi network identified by its employees during a domestic flight in Australia. Officers searched  the man’s baggage when he returned to Perth Airport on a flight from interstate on 19 April, 2024 and seized a portable wireless access device, a laptop and a mobile phone from his hand luggage.

They also searched his Palmyra home. After an initial examination of the seized devices, the AFP executed another search warrant at the man’s home on 8 May which resulted in his arrest and charges.

Police will allege the man used a portable wireless access device to create ‘evil twin’ free WiFi networks, which he used at multiple locations to lure unsuspecting users into believing they were legitimate services. The AFP alleges that when people tried to connect their devices to the free WiFi networks, they were taken to a fake webpage requiring them to sign in using their email or social media logins. 

Those details were then allegedly saved to the man’s devices. The email and password details harvested could be used to access more personal information, including a victim’s online communications, stored images and videos or bank details. 

AFP cybercrime investigators have allegedly identified data relating to the use of the fraudulent WiFi pages at airports in Perth, Melbourne and Adelaide, on domestic flights and at locations linked to the man’s previous employment. The analysis is ongoing to determine the extent of the alleged offending.

AFP Western Command Cybercrime Detective Inspector Andrea Coleman said the case was a timely warning to be cautious about logging on to any public WiFi networks.

“To connect to a free WiFi network, you shouldn’t have to enter any personal details– such as logging in through an email or social media account,” she added. “If you do want to use public WiFi hotspots, install a reputable virtual private network (VPN) on your devices to encrypt and secure your data when using the internet.

“When using a public network, disable file sharing, don’t do anything sensitive - such as banking -while connected to it and once you finish using it, change your device settings to ‘forget network’. We also recommend turning off the WiFi on your phone or other electronic devices before going out in public, to prevent your device from automatically connecting to a hotspot.” 

Det-Insp. Coleman encouraged people to increase their online security by replacing passwords with passphrases, never using the same passphrase for multiple accounts, using an online password manager and installing all software updates. Anyone who connected to free WiFi networks in airport precincts and on domestic flights is recommended to change their passwords and report any suspicious activity on their accounts to Report Cyber. 

To learn more about the security risks of free public WiFi, CBS Boston have a video with a hacker who demonstrates the very real dangers. The full video is available on the network’s YouTube channel and can be watched right now.