Australian police arrest hacker who created 'Evil Twin' wireless network to steal data during flights

(Image credit: Shutterstock)

The Australian Federal Police recently arrested and charged a man who used an 'Evil Twin' free Wi-Fi access point to steal data from victims on a domestic flight. 42-year-old Michael Clapsis now faces nine cybercrime charges for the alleged attack. 

According to the official reports, The AFP's Western Command Cybercrime Operations Team of Data and Devices launched an investigation in April 2024 when it received a complaint from an airline concerning an unknown Wi-Fi public network identified by the in-flight employees. Upon his return to Perth Airport in the same month, authorities searched his baggage and seized his portable wireless access point, a laptop, and a mobile phone.

The AFP found the devices that had used fake Wi-Fi login pages through his fake wireless access point, which was used in Perth, Melbourne, and Adelaide during domestic flights and at the airport. The fake Wi-Fi pages required users to sign in using their email and social media login credentials, which were then stolen and stored.

The examination of these devices provided the necessary details, and the man's home was searched on 8th May, which also led to his arrest, with the court date set for June 28, 2024. One of the charges is the unauthorized impairment of electronic communication, which carries up to ten years imprisonment, with the rest of the charges carrying between two and five years imprisonment apiece. 

AFP Western Command Cybercrime Detective Inspector Andrea Coleman warned users to be cautious about using login credentials through public Wi-Fi networks. "To connect to a free Wi-Fi network, you shouldn’t have to enter any personal details– such as logging in through an email or social media account,” she said. “If you do want to use public Wi-Fi hotspots, install a reputable virtual private network (VPN) on your devices to encrypt and secure your data when using the internet. When using a public network, disable file sharing, don’t do anything sensitive - such as banking -while connected to it and once you finish using it, change your device settings to ‘forget network’.

Coleman also recommends replacing passwords with different passphrases for every account, using an online password manager, and updating your devices.

Microsoft releases updates to patch any known or potential flaws to prevent attacks, such as the one reported a month ago. The FBI has made similar recommendations concerning public Wi-Fi networks as well.

Roshan Ashraf Shaikh
Contributing Writer

Roshan Ashraf Shaikh has been in the Indian PC hardware community since the early 2000s and has been building PCs, contributing to many Indian tech forums, & blogs. He operated Hardware BBQ for 11 years and wrote news for eTeknix & TweakTown before joining Tom's Hardware team. Besides tech, he is interested in fighting games, movies, anime, and mechanical watches.

  • ThatMouse
    What a dumbass. I bet he was just screwing around too. Flights can be super boring.
  • 35below0
    Dumbass indeed. He's looking at a stiff sentence and for what?

    People who were victims were also kinda dumbasses. They're not to blame for being deceived but they really weren't informed at all if they were falling for this.
    How many times do legit websites and network have to tell people they will NEVER ask for personal information and not to give personal info over unsecure networks?