Man Sentenced After Running Fake Airport and In-Flight Wi-Fi Networks

An Australian man has been sentenced to seven years and four months in prison after operating evil twin Wi-Fi networks on domestic flights and in major airports to steal travelers’ social media credentials and access private, intimate content. 

According to the Australian Federal Police (AFP), the 44-year-old used a portable wireless device known as a Wi-Fi Pineapple to mimic legitimate airport SSIDs and lure unsuspecting passengers into connecting.

“The man unlawfully accessed social media and other online accounts linked to multiple unsuspecting women to monitor their communications and steal private and intimate images and videos,” said the AFP in its press release.

How the Rogue Wi-Fi Attack Worked

Evil twin attacks occur when an attacker clones the name of a legitimate wireless network, causing nearby devices to automatically connect. 

In this case, the offender broadcast fake networks that appeared identical to the Wi-Fi offered in airports in Perth, Melbourne, and Adelaide, as well as on domestic flights.

Once connected, victims were redirected to a phishing portal prompting them to log in using email or social media accounts. 

Those credentials were harvested and used to access women’s online accounts, monitor private communications, and steal sensitive media — an escalation that turned a technical attack into a deeply personal violation.

Australian authorities traced fraudulent activity back to April 2024, confiscated the man’s devices, and later discovered attempts to delete evidence and access confidential meetings between his employer and investigators. 

A full list of charges included unauthorized access to restricted data, impairment of electronic communications, possession of data for serious offenses, and attempted destruction of evidence.

Inside the Attacker’s Fake Hotspot Setup

The offender’s setup relied on passive Wi-Fi probing — a standard behavior in which smartphones search for known networks. 

When a device probed for a familiar SSID, the Wi-Fi Pineapple automatically generated a spoofed access point with the same name. 

Because many devices are configured to auto-join known networks, victims often connect without noticing.

Instead of providing internet access, the rogue network displayed a fake captive portal. 

Any credentials entered were logged and stored on the attacker’s device. These phishing pages were sophisticated enough to appear legitimate, yet simple enough to bypass suspicion during hurried travel moments.

Investigators later linked the attacker’s infrastructure to fraudulent airport Wi-Fi activity and confirmed connections across multiple states and flights.

Protecting Yourself From Rogue Hotspots

Even seemingly legitimate hotspots can mask rogue access points designed to capture sensitive information. 

To reduce risk from similar attacks, users can take the following steps:

• Use a VPN to encrypt traffic on untrusted networks.
• Disable auto-connect settings to prevent devices from joining rogue hotspots.
• Avoid entering credentials on captive portals requesting email or social logins.
• Switch off Wi-Fi when not actively using it.
• Disable file sharing and avoid sensitive activities like online banking while on public Wi-Fi.
• Use strong passwords or passphrases, and avoid password reuse across accounts.
• Adopt a reputable password manager and maintain timely software updates.

These measures help reduce the likelihood of automatically connecting to spoofed networks and limit the damage if credentials are exposed.

How Cheap Tools Make Network Impersonation Easy

While this case is unusually extreme in scope and intent, it underscores a larger reality: attackers are increasingly targeting people, not just systems. 

Public Wi-Fi has become essential infrastructure for travelers and commuters, yet user security habits and organizational protections often remain outdated. 

With cheap hardware and widely available tools, threat actors can now spin up convincing clones of trusted networks anywhere people gather — airports, cafes, hotels, even airplanes.

The AFP described this incident as a broader warning for the public and policymakers, citing “a growing global threat” as cybercriminals exploit digital anonymity with more sophisticated tactics.

Organizations should reassess the risks tied to public wireless access and strengthen awareness training, device protections, and authentication safeguards. 

It only takes one unsuspecting connection to a fake hotspot for an attacker to gain everything they need.

When attackers can so easily impersonate trusted networks, it reinforces why modern security must rely on verification — not assumptions of trust.