Man arrested over ‘evil twin’ Wi-Fi networks that stole data during flights

Australian police have arrested a man and charged him with nine cybercrime law violations for allegedly using a portable Wi-Fi access point to set up fake public Wi-Fi networks to steal data from unsuspecting users.

The man set up “evil twin” Wi-Fi networks at airports, during flights and other locations related to his “past employment,” tricking users into logging into the fake network using their email address or social media accounts. Those login credentials were then sent to the man’s devices, police said.

Dozens of credentials were reportedly stolen. These credentials could have potentially given the man access to the victims’ accounts and potentially stolen other sensitive information such as bank login details or other personal information.

Airline staff noticed one of the strange Wi-Fi networks on board. The unnamed Australian airline then reported the presence of the Wi-Fi to police, who investigated the incident in April and arrested the suspect in May.

The Australian Broadcasting Corp. reports that the man, Michael Clapsis, appeared in the Perth Magistrates Court in Australia and has since been released on “strict” bail with restricted internet access. He was also required to surrender his passport. A now-deleted LinkedIn profile suggests Clapsis may have previously worked for a shipping company.

He is charged with three counts of unauthorized interference with electronic communications, three counts of possession or control of data with intent to commit a serious crime, one count of unauthorized access to or alteration of confidential data, one count of dishonestly obtaining or unlawfully dealing in personal financial information and one count of possession of identification information with intent to commit a crime. Clapsis is scheduled to appear in court again in August.

Evil Twin attacks can use a variety of methods to steal victims’ data. They typically involve offering free Wi-Fi deals that appear legitimate but actually contain “login pages” designed to steal your data. Reputable Wi-Fi networks should never ask you to log in with your social media credentials or provide a password for any of your accounts. It’s also a good idea to use a VPN and avoid connecting to public Wi-Fi networks if a more secure option is available.