In April 2024, as reported by Hackread.com, staff on a commercial flight spotted a suspicious Wi‑Fi network, prompting an investigation by the Australian Federal Police (AFP). The man, identified by the media as Michael Clapsis, used a portable wireless hacking device to create “evil‑twin” Wi‑Fi hotspots, fake access points mimicking legitimate airport or airline Wi‑Fi networks.
Travellers who connected were redirected to fake login pages, where the attacker could harvest credentials for email, social media or other accounts. After officers searched his luggage and home, they found devices and records showing he had stolen login credentials and intimate photos and videos belonging to multiple people.
The day after the search warrant was executed, he deleted 1752 files from his cloud storage account and failed in an attempt to remotely wipe his phone. On April 22 and 23, 2024, he used a software tool to access his employer’s laptop without permission and viewed confidential online meetings between his employer and the AFP about the investigation.
According to AFP’s press release, he also unlawfully accessed social media and other online accounts belonging to several women without their knowledge to monitor their activity and steal private photos and videos. On 28 November 2025, a court sentenced him to 7 years and 4 months in prison; he will be eligible for parole after five years.
The case may sound like a happy ending scenario, but in reality, it is a warning to travellers about the dangers of public Wi‑Fi. An “evil‑twin” attack happens when a hacker sets up a wireless access point that looks real but secretly intercepts all data users share.
Security experts recommend avoiding public Wi‑Fi when possible, using a trusted virtual private network (VPN), disabling automatic connection to open networks and never entering passwords or sensitive information on unfamiliar Wi‑Fi portals.