The Australian Federal Police (AFP) have arrested a 42-year-old West Australian man for allegedly creating fake free WiFi networks that mimicked legitimate services to steal personal data. The man faces nine charges related to cybercrime and is scheduled to appear in Perth Magistrates Court today.
The investigation began in April 2024 when an airline reported a suspicious WiFi network detected by its employees during a domestic flight. AFP's Western Command Cybercrime Operations Team analyzed data and devices seized from the man, uncovering numerous personal credentials and fraudulent WiFi pages.
Upon the man's return to Perth Airport from an interstate flight on April 19, 2024, AFP investigators searched his baggage and seized a portable wireless access device, a laptop, and a mobile phone. Further searches at his Palmyra home and a second warrant execution on May 8, 2024, led to his arrest and the formal charges.
Modus operandi
The AFP alleges that the man used a portable wireless access device to set up ‘evil twin' WiFi networks in multiple locations, tricking users into believing they were legitimate. Users attempting to connect to these networks were directed to fake login pages requiring email or social media credentials, which were then harvested and stored on the man's devices. These credentials could be used to access sensitive personal information, including online communications, stored media, and bank details.
Investigations have linked the fraudulent WiFi networks to airports in Perth, Melbourne, and Adelaide, domestic flights, and locations associated with the man's previous employment. The analysis of the extent of the alleged offenses is ongoing.
The man faces charges including unauthorized impairment of electronic communication, possession or control of data with intent to commit a serious offense, unauthorized access to restricted data, and dealing in personal financial information. These charges carry potential penalties ranging from two to ten years' imprisonment.
AFP's advice
AFP Western Command Cybercrime Detective Inspector Andrea Coleman emphasized the importance of caution when connecting to public WiFi networks. She advised:
Avoid entering personal details to access free WiFi.
Use a reputable virtual private network (VPN) to encrypt data.
Disable file sharing and refrain from sensitive activities like banking on public networks.
Change device settings to ‘forget network' after use.
Turn off WiFi on devices in public to prevent automatic connections.
Det-Insp. Coleman also recommended enhancing online security by using passphrases, not reusing them across multiple accounts, utilizing an online password manager, and regularly installing software updates.
Individuals who may have connected to free WiFi networks in airport precincts or on domestic flights are advised to change their passwords and report any suspicious activity on this portal.
14 Million OpenSSH Servers Potentially Vulnerable to “regreSSHion” Bug
Leave a Reply