Australian man charged for conducting ‘evil twin’ WiFi attacks at airports
Federal Police has charged a man for executing ‘evil twin’ WiFi attacks on flights and airports, stealing email and social media credentials.
Australia’s Federal Police (AFP) have pressed charges against an Australian man for allegedly carrying out an ‘evil twin’ WiFi attack on multiple domestic flights and airports in Perth, Melbourne, and Adelaide with the aim of stealing email and social media credentials from unsuspecting passengers. The investigation by the police in Australia was initiated following reports from airline staff in April 2024. This led to the seizure of the man’s devices at the airport and discovery of incriminating evidence on them.
In an evil twin WiFi attack, a deceptive wireless access point is set up with the same SSID (WiFi network name) as a legitimate network in the vicinity. For instance, many flights provide in-flight WiFi services that require passengers to connect to the airline’s WiFi network. In this attack, cybercriminals create a fake network with the same name, tricking users into connecting to it. Once connected users are directed to a counterfeit login page or captive portal asking them to enter their login credentials.
The Australian individual apprehended by the AFP reportedly used a portable device to establish free WiFi access points at various locations making users log in using their email or social media accounts. The stolen information could potentially be exploited to gain access to sensitive data, take over social media accounts, extort victims, or sell the data to other cybercriminals. The charges brought against the suspect include unauthorised impairment of electronic communication, possession of data with intent to commit a serious offence, unauthorised access or modification of restricted data, dishonestly obtaining or dealing in personal financial information, and possession of identification information with intent to commit an offence, each carrying significant prison sentences.
While coming across malicious WiFi access points in public spaces is rare, individuals should exercise caution when sharing login credentials on such networks. It is advisable to disable file sharing on untrusted WiFi networks and use a VPN to encrypt internet traffic and safeguard sensitive information. While ‘even twin’ attacks are known in the cybersecurity world, they are not usually encountered outside of controlled environments like hacker conferences or when used by GRU operatives. Apart from a 2018 GRU case, where hackers employed evil twin attacks to surveil the internet traffic of targets from a wide range of organisations, no other incidents of this type have been reported to date.