AFP charges man for performing ‘evil twin’ WiFi attacks
The Australian Federal Police (AFP) has charged an Australian national for setting up a fake WiFi access point and collecting login credentials and other personal information from unsuspecting victims.
Last April, employees of an airline discovered a suspicious WiFi network during a domestic flight in Australia.
Analysis by the AFP’s Western Command Cybercrime Operations Team led officers to a 42 year old man. He was detained when he returned to Perth Airport. Investigators seized a portable wireless access device, a laptop and a mobile phone from his hand luggage. Police officers also searched his home in Palmyra.
Investigation of the equipment showed that the suspect created a so-called ‘evil twin’ WiFi network, which he used to collect login credentials belonging to other people. He also fabricated thousands of fraudulent WiFi pages. All the personal information that visitors entered here, ended up in his hands.
The suspect then used the collected information to secure even more personal data from its victims, including online communication, stored images and videos, and bank details. He did this while at the airports of Perth, Melbourne and Adelaide and during domestic flights.
The man is being charged with three counts of unauthorized impairment of electronic communication, three counts of possession of data with the intent to commit serious offences, one count of unauthorized access of restricted data, one count of dishonestly obtaining personal financial information, and one count of possession of identification information with the intent to commit a commercial crime.
According to AFP inspector Andrea Coleman this case demonstrates perfectly why you shouldn’t login to any public WiFi network. She recommends people who depend on public WiFi networks to use a Virtual Private Network or VPN to encrypt and secure their internet traffic.
Furthermore, she encourages people to disable file sharing and turn off WiFi on their phone so they can’t connect automatically to a hotspot. Lastly, people shouldn’t enter login credentials or other personal information when on a public WiFi network or do anything which entails sensitive information.
Your email address will not be published. Required fields are marked