A 44-year-old West Australian man has been jailed for more than seven years for using “evil twin” Wi-Fi networks to capture personal data and infiltrate online accounts, in a case that highlights cyber risks for individuals and organisations using public connectivity. The offender, whose name has not been released, was sentenced in the Perth District Court on Nov. 28 to seven years and four months’ imprisonment. He will be eligible for parole after serving five years.
The Australian Federal Police (AFP) began investigating in April 2024 after an airline reported that staff had detected a suspicious Wi-Fi network on a domestic flight. The network was configured to resemble a legitimate access point used by passengers.
On April 19, 2024, AFP officers searched the man’s hand luggage when he arrived at Perth Airport on an interstate flight, seizing a portable wireless access device, a laptop, and a mobile phone. A search warrant was later executed at a residence in Palmyra. Forensic examination of the devices identified thousands of intimate images and videos, login credentials belonging to other people, and records linked to fraudulent Wi-Fi pages, according to the AFP.
Investigators found that the man had used a portable wireless access device, described by police as similar to a Wi-Fi Pineapple, to monitor for device “probe” requests and respond by creating counterfeit networks. When nearby devices searched for known networks, the device generated a lookalike network with the same name, prompting automatic connection. Users were then redirected to a fake login page that asked them to sign in using an email or social media account. Once a victim entered a username and password, those credentials were stored on the offender’s device, enabling access to the victim’s accounts. The connection did not provide functioning free Wi-Fi.
AFP cybercrime investigators linked the fraudulent Wi-Fi activity to locations at Perth, Melbourne, and Adelaide airports, as well as to domestic flights. They also found evidence that the man had used IT privileges from previous employment to access restricted and personal data, and had unlawfully accessed social media and other online services linked to multiple women to monitor communications and obtain intimate content.
The day after the search warrant was executed, the man deleted 1,752 items from a cloud data storage account and made an unsuccessful attempt to remotely wipe his mobile phone. Between April 22 and 23, 2024, he used software tools to access his employer’s laptop and join confidential online meetings between his employer and the AFP about the ongoing investigation. The man pleaded guilty to a series of federal and state charges.
AFP Commander Renee Colley said the case is consistent with broader cyber-enabled crime patterns affecting the Australian community and businesses. “Cybercrime is a growing global threat, and our investigators are relentless in tracking down criminals who attempt to exploit digital anonymity to attack our community,” Colley said.
Colley urged caution when connecting to open networks in public locations. “The AFP’s message to the community is to please be vigilant when connecting to any kind of free Wi-Fi network, especially at public places such as airports. A network that requests your personal details – such as an email or social media account – should be avoided,” she said.
She added: “If you do want to use public Wi-Fi, ensure your devices are equipped with a reputable virtual private network (VPN) to encrypt and secure your data. Disable file sharing, don’t use things like online banking while connected to public Wi-Fi, and once you disconnect, change your device settings to ‘forget network’. People should also switch off the Wi-Fi on their devices to prevent them being automatically connecting to a hotspot in public spaces.”
Colley said the growth in theft and misuse of personal information is a warning for anyone who may have used public or unsecured Wi-Fi to review their security practices. “These people should look at replacing singular passwords with passphrases and remember to avoid using the same passphrase for multiple accounts or devices. Install an online password manager and update software whenever you’re prompted to do so,” she said.
For insurers, brokers, and corporate risk managers, the case shows how credential harvesting via public Wi-Fi can expose not only individuals’ personal accounts but also corporate systems where credentials are reused, with implications for cyber, crime, and privacy-related exposures.
In October, the AFP referred to findings from the Australian Institute of Criminology’s (AIC) Cybercrime in Australia 2024 report, which examines “poly-victimisation” – where individuals experience more than one type of cybercrime within a 12‑month period.
According to the report, 42.1% of cybercrime victims in Australia experienced two or more types of cyber incidents in a single year. The AIC found that victims of scams and fraud are particularly likely to be targeted again, with 80% of those affected by fraud or scam-related incidents reporting at least one additional form of cybercrime in the same period.
The data suggests that once an individual’s information or systems are compromised, offenders may return to exploit those details across multiple attack types, including further fraud, account takeover, and identity misuse. For the insurance sector, this pattern suggests that an initial reported incident may point to elevated risk of subsequent losses and may need to be factored into assessments of ongoing cyber exposure and post-incident support for policyholders.
