Organizer of Evil Twin Attacks on Board Aircraft Sentenced to Seven Years in Prison

An Australian court sentenced a 44-year-old man who spent several months stealing the personal data of airline passengers and airport visitors. The criminal received seven years and four months imprisonment for creating fake Wi-Fi networks and subsequently using the stolen information.

Discovery and Arrest

This case began in April 2024 when staff from an Australian airline discovered a suspicious wireless network on board an aircraft. After reporting to the Australian Federal Police (AFP), law enforcement detained the then 42-year-old suspect. During a search of his carry-on luggage, they found a portable Wi-Fi Pineapple device, a laptop, and a mobile phone. Police later conducted a search of the man's home and formally arrested him.

Attack Methods

The investigation revealed that the perpetrator operated in Perth, Melbourne, and Adelaide airports, as well as on board numerous domestic flights. He used a classic variant of the "Evil Twin" attack—creating fake Wi-Fi access points using the same network names (SSIDs) as the legitimate networks of airlines and airports.

Unsuspecting passengers connected to the malicious networks and were then redirected to phishing pages. There, victims were asked to log in using their email or social media account credentials. The entered usernames and passwords fell into the criminal's hands.

Scope of Criminal Activity

Per the AFP, examination of the devices seized from the man revealed the true scale of this activity. The equipment contained thousands of intimate photos and videos, stolen credentials of numerous people, as well as records of fraudulent login pages.

The suspect specifically targeted women's accounts. Having gained access to their social networks and email, he monitored their private correspondence and stole private images and videos of an intimate nature.

Evidence Destruction Attempts

After police searched his home, the criminal attempted to destroy evidence. The following day, he deleted 1,752 files from his cloud storage and made an unsuccessful attempt to remotely wipe all data from his mobile phone.

On April 19, 2024, after the confiscation of his luggage, the man gained unauthorized access to his employer's work laptop to learn details of confidential meetings between company management and investigators.

Charges and Sentencing

In July 2024, numerous charges were formally brought against the accused. He pleaded guilty to 15 charges, including five counts of unauthorized access to restricted data, three attempts to gain such access, one count of theft, two counts of interfering with electronic communications, possessing data with intent to commit a serious offense, attempting to pervert the course of justice, and failing to comply with a judicial order.

Security Recommendations

Australian police representatives reminded the public that legitimate free Wi-Fi networks never require login via email or social media accounts. If an authorization portal requests such information, it should raise suspicion.

Experts advise against using banking apps and other services with confidential data while connected to public networks, and recommend manually deleting saved connections after use to prevent devices from automatically reconnecting to them.