The Australian Federal Police (AFP) have arrested a 42-year-old Australian resident who allegedly established a network of fake free Wi-Fi access points in airports.
Dubbed ‘evil twin’ Wi-Fi devices, the access points were installed at multiple locations and mimicked legitimate networks to capture personal data from unsuspecting victims who mistakenly connected to them.
The AFP alleged that when people tried to connect their devices to the free Wi-Fi networks, they were taken to a fake webpage requiring them to sign in using their email or social media logins. Those details were then allegedly saved to the man’s devices.
The email and password details harvested could be used to access more personal information, including a victim’s online communications, stored images and videos or bank details.
The suspect appeared in Perth Magistrates Court on June 28, 2024. He faced nine charges for alleged cybercrime offenses.
Fraudulent Wi-Fi pages and Unauthorised Access to Personal Data
In a public statement published on June 28, the AFP said it launched an investigation in April 2024 after an airline reported concerns about a suspicious Wi-Fi network identified by its employees during a domestic flight.
AFP investigators searched the man’s baggage when he returned to Perth Airport on a domestic flight on April 19 and seized a portable wireless access device, a laptop and a mobile phone from his hand luggage. They also searched his home in Palmyra, Western Australia.
The AFP’s Western Command Cybercrime Operations Team analyzed data and devices seized from the man and identified fraudulent Wi-Fi pages at airports in Perth, Melbourne and Adelaide, on domestic flights and at locations linked to the man’s previous employment.
They also found dozens of personal credentials belonging to other people on the man’s devices.
The man was arrested and charged on May 8 during a second search at his Palmyra home.
AFP Cyber Expert’s Recommendations for Wi-Fi Hotspot Use
AFP Western Command Cybercrime Detective Inspector Andrea Coleman said the case was a timely warning to be cautious about logging on to any public Wi-Fi networks.
“To connect to a free Wi-Fi network, you shouldn’t have to enter any personal details– such as logging in through an email or social media account,” she said.
Coleman provided a list of recommendations for internet users connecting to public Wi-Fi hotspots:
- Install a reputable virtual private network (VPN) on your devices to encrypt and secure your data when using the internet
- Disable file sharing
- Avoid using free Wi-Fi to complete data-sensitive tasks, such as banking
- Once you finish using free Wi-Fi, change your device settings to ‘forget network’
“We also recommend turning off the Wi-Fi on your phone or other electronic devices before going out in public, to prevent your device from automatically connecting to a hotspot,” Coleman added.
Read more: US Charges Russian Individual for Pre-Invasion Ukraine Hack