{
	"id": "c77b0fa4-a242-4811-9d6e-4ae938d52765",
	"created_at": "2026-04-06T02:10:41.144292Z",
	"updated_at": "2026-04-10T13:12:45.484936Z",
	"deleted_at": null,
	"sha1_hash": "3ab01650c5ca303862a9f43ab9455b2878fa11df",
	"title": "Australian charged for \u0026lsquo;Evil Twin\u0026rsquo; WiFi attack on plane",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2018973,
	"plain_text": "Australian charged for \u0026lsquo;Evil Twin\u0026rsquo; WiFi attack on plane\r\nBy Bill Toulas\r\nPublished: 2024-07-01 · Archived: 2026-04-06 01:38:27 UTC\r\nAn Australian man was charged by Australia's Federal Police (AFP) for allegedly conducting an 'evil twin' WiFi attack on\r\nvarious domestic flights and airports in Perth, Melbourne, and Adelaide to steal other people's email or social media\r\ncredentials.\r\nThe police started investigating reports from airline employees in April 2024 and found evidence of the man performing\r\nmalicious activities after examining his devices seized at the airport.\r\nEvil Twin WiFi attack\r\nAn evil twin WiFi network is a malicious/fake wireless access point that uses the identical SSID (WiFI network name) as\r\nthat of a legitimate or expected network in a specific area. For example, many flights offer in-flight WiFi, requiring\r\npassengers to first connect to the airline's WiFi network.\r\nhttps://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nWhen a cybercriminal conducts an evil twin attack, they set up a WiFi network under their own control that uses the same\r\nname as the one promoted by the airline.\r\nHowever, users attempting to connect to the malicious access points are directed to a fake login page or a captive portal\r\nwebpage, asking them to log in using email addresses, passwords, or other credentials.\r\nIn the case of the Australian arrested by AFP, the agency says that he used a portable device to create free WiFi access points\r\nat multiple locations, requiring them to log in using their email or social media accounts.\r\nThe man collected this information, which could be later used to access more sensitive data, hijack social media accounts,\r\nextort victims, or sell it to other cybercriminals.\r\n\"AFP cybercrime investigators have allegedly identified data relating to the use of the fraudulent WiFi pages at airports in\r\nPerth, Melbourne and Adelaide, on domestic flights and at locations linked to the man's previous employment,\" explains the\r\nAFP.\r\nInvestigation into the post-exploitation activity and the extent of the man's operation is still underway.\r\nThe criminal charges the suspect faces are:\r\n1. Unauthorized impairment of electronic communication, incurring a maximum penalty of 10 years in prison.\r\n2. Possession of control of data with intent to commit a serious offense, incurring a maximum penalty of 3 years in\r\nprison.\r\n3. Unauthorized access or modification of restricted data, incurring a maximum penalty of 2 years in prison.\r\n4. Dishonestly obtaining or dealing in personal financial information, incurring a maximum penalty of 5 years in prison.\r\n5. Possession of identification information with intent to commit an offense, incurring a maximum penalty of 3 years in\r\nprison.\r\nMalicious or untrustworthy WiFi access points are always possible in public spaces, so people who need to use them should\r\nbe careful about sharing their other login credentials when attempting to use them.\r\nIt is also advised to turn off file sharing on untrusted WiFi networks and use a VPN to encrypt internet traffic and prevent\r\nthe capture of sensitive information.\r\nNot a common attack\r\nWhile it is not unheard of for threat actors to conduct these types of WiFi attacks, cybersecurity researcher Daniel Card\r\nwarns that evil twin attacks are not something most people need to worry about.\r\n\"This kind of attack is totally possible, as we do it in labs and as part of security testing/training but it's rarely seen in the\r\nwild,\" Card told BleepingComputer.\r\n\"It's close proximity phishing. Out of all the incidents myself and friends deal with I've never seen or heard about this in the\r\nwild other than when used by GRU (or at hacker conferences as a demo/joke/ctf). Outside of GRU (who also got caught), I\r\nonly have heard of one other case.\"\r\nThe researcher is referring to the 2018 indictments of Russian state-sponsored GRU hackers who conducted evil twin\r\nattacks to monitor targets' internet traffic.\r\nCard says that telling people not to use WiFi is unrealistic, as the need to remain online, especially on long trips, has become\r\ncrucial for employees and students.\r\nInstead, Card says that usernames and passwords are flawed authentication mechanisms, which is why MFA and robust\r\nsecurity standards are necessary to protect our accounts.\r\nhttps://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/\r\nhttps://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/"
	],
	"report_names": [
		"australian-charged-for-evil-twin-wifi-attack-on-plane"
	],
	"threat_actors": [],
	"ts_created_at": 1775441441,
	"ts_updated_at": 1775826765,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3ab01650c5ca303862a9f43ab9455b2878fa11df.pdf",
		"text": "https://archive.orkl.eu/3ab01650c5ca303862a9f43ab9455b2878fa11df.txt",
		"img": "https://archive.orkl.eu/3ab01650c5ca303862a9f43ab9455b2878fa11df.jpg"
	}
}