A 42-year-old West Australian man is set to appear in Perth Magistrates Court today, facing nine charges for alleged cybercrime offences.
The Australian Federal Police (AFP) has accused the man of establishing fake free WiFi access points, mimicking legitimate networks to capture personal data from unsuspecting victims.
Cybercrime Investigation Unfolds
The investigation began in April 2024 when an airline reported concerns about a suspicious WiFi network identified by its employees during a domestic flight.
AFP investigators searched the man’s baggage upon his return to Perth Airport on April 19, 2024, seizing a portable wireless access device, a laptop, and a mobile phone.
A subsequent search of his Palmyra home led to further evidence collection.
"Is Your System Under Attack? Try Cynet XDR: Automated Detection & Response for Endpoints, Networks, & Users!"- Free Demo
The AFP’s Western Command Cybercrime Operations Team analyzed the seized data and devices, allegedly revealing dozens of personal credentials belonging to other people and fraudulent WiFi pages.
The AFP alleges that the man used a portable wireless access device to create ‘evil twin’ free WiFi networks at multiple locations, luring users into believing they were legitimate services.
Alleged Modus Operandi
The AFP claims that when people attempted to connect to these fake networks, they were redirected to a fraudulent webpage requiring them to sign in using their email or social media logins.
These details were then allegedly saved to the man’s devices, potentially giving him access to victims’ online communications, stored images, videos, and bank details.
Detective Inspector Andrea Coleman of the AFP’s Western Command Cybercrime unit emphasized the importance of being cautious when connecting to public WiFi networks.
“To connect to a free WiFi network, you shouldn’t have to enter any personal details– such as logging in through an email or social media account,” she advised.
Legal Consequences and Public Advisory
The man faces serious charges, including unauthorized impairment of electronic communication, possession or control of data with the intent to commit a serious offense, unauthorized access or modification of restricted data, and dealing in personal financial information.
The maximum penalties for these offenses range from two to ten years of imprisonment.
Detective Inspector Coleman urged the public to take precautions when using public WiFi, such as installing a reputable virtual private network (VPN), disabling file sharing, and avoiding sensitive activities like banking.
She also recommended turning off WiFi on devices when not in use and using strong, unique passphrases for online accounts.
Anyone who is connected to free WiFi networks in airport precincts and on domestic flights is advised to change their passwords and report any suspicious activity to Report Cyber.
The AFP’s investigation is ongoing to determine the full extent of the alleged offenses.
Are you from SOC/DFIR Teams? - Sign up for a free ANY.RUN account! to Analyse Advanced Malware Files