A Western Australian man will serve at least five years in prison for setting up fake wifi networks at airports and in-flight to steal credentials and other “intimate material” from travellers seeking free internet.
File photo of arrest, courtesy of Australian Federal Police.
The man was arrested in mid-2024, after being searched at Perth Airport and found to be in possession of a “wifi pineapple”, a device and platform typically used for pentesting and auditing wireless networks.
The wifi pineapple was used to “passively listen” for requests from people to connect to a wireless network, and then set up a “matching network with the same name, tricking a [user’s] device” into thinking “that it is a trusted network.”
This is also known as an evil twin attack.
“The network took people to a webpage, where they were prompted to log on, using an email or social media account,” the Australian Federal Police said.
“Once the victim entered their log-in credentials onto that fake portal, the data was saved on the man’s device so he could access them.
“However, once people entered their details, it did not actually lead to a free wifi connection.”
Police said a forensic analysis of data and seized devices found the man had been able to hoover up “thousands of intimate images and videos” and “personal credentials belonging to other people”.
The man was able to delete some of the stolen data from a “storage application”. He also tried to remotely wipe his phone, but was unsuccessful.
Police said, however, that the man also “gained access to his employer’s laptop to access confidential online meetings between his employer and the Australian Federal Police regarding the investigation.”