Man charged for creating evil twin networks to gain access to victims' personal information

Last week, the Australian Federal Police (AFP) charged a 42-year-old man in Western Australia for allegedly setting up fake free Wi-Fi access points. These networks, known as “evil twin” networks, were designed to mimic legitimate Wi-Fi access points, tricking victims into connecting to them instead of the real ones.

Once connected to the evil twin network, the hacker could eavesdrop on wireless communications and gain access to personal information such as email login details, social media accounts, financial information, and more.

An analysis by the AFP’s Western Command Cybercrime Operations Team of data and devices seized from the man allegedly revealed dozens of personal credentials belonging to other people, as well as fraudulent Wi-Fi pages.

Police allege that the man used a portable wireless access device to create ‘evil twin’ free WiFi networks, which he used at multiple locations to lure unsuspecting users into believing they were using legitimate services. When people tried to connect their devices to the free Wi-Fi network, they were redirected to a fake webpage that required them to log in with their email or social media credentials.

These login details were saved on the man’s phone and could be used to access even more sensitive information. Further investigation by AFP cybercrime investigators identified data related to the use of the fraudulent Wi-Fi pages at airports across the country, including Perth, Melbourne, and Adelaide. These activities were also linked to several domestic flights and locations associated with the man’s previous employment.

The man is facing nine charges for alleged cybercrime offences.

AFP Western Command Cybercrime Detective Inspector Andrea Coleman said the case serves as a timely reminder to be cautious when logging on to any public Wi-Fi networks.

Read full statement of this news by the AFP here.

How to protect yourself from evil twin networks

We strongly encourage everyone to take precautions when connecting to free Wi-fi hotspots. Some things we recommend:

• Use a VPN to encrypt your data
• Ask staff at the venue for the Wi-Fi details
• Check for spelling of the Wi-Fi name
• If the network is asking for you to login with your email, social media or other login details, do not use it
• When checking the secure icon on the top left make sure the URL is also correct
• Forget network when not using it
• Turn off the Wi-fi on your electronic device before going out in public so it does not automatically connect to hotspots