A 42-year-old Australian man has been charged with setting up fake Wi-Fi access points during domestic flights to steal user credentials and data.

The unnamed man allegedly created fake free Wi-Fi networks that mimicked legitimate ones, capturing personal data from unsuspecting users who connected to these networks. An investigation by the Australian Federal Police (AFP) Western Command Cybercrime Operations Team revealed that the man's devices contained dozens of personal credentials and fraudulent Wi-Fi pages.

The investigation commenced in April 2024 when an airline reported a suspicious Wi-Fi network detected by its employees during a domestic flight. The AFP's searched the man’s baggage at Perth Airport on April 19, 2024, after he returned from an interstate flight, and seized of a portable wireless access device, a laptop, and a mobile phone.

An initial examination of the devices prompted a second search warrant executed at his Palmyra home on May 8, 2024. This search resulted in his arrest and subsequent charges.

The AFP alleges that the man used a portable wireless access device to create ‘evil twin’ free Wi-Fi networks in various locations, including airports in Perth, Melbourne, and Adelaide, as well as on domestic flights and at sites connected to his previous employment. These networks lured users into entering their email or social media logins on fake webpages, which the man then allegedly saved.

The charges against the suspect include unauthorized impairment of electronic communication, possession or control of data with the intent to commit a serious offence, unauthorized access or modification of restricted data, dishonestly obtaining or dealing in personal financial information (usernames and passwords), and possession of identification information with the intention of committing or facilitating the commission of conduct. If found guilty, the man could face a lenghty prison sentence.