Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Redazione RHC : 1 December 2025 16:39
An Australian court has convicted a 44-year-old man who stole the personal data of airline passengers and airport visitors over several months . He was sentenced to seven years and four months in prison for creating fake Wi-Fi networks and then using the stolen information.
This story began in April 2024, when employees of an Australian airline discovered a suspicious wireless network on board a plane. After contacting the Australian Federal Police (AFP) , law enforcement arrested the suspect, then 42 years old. A search of his carry-on luggage uncovered a Pineapple portable Wi-Fi device, a laptop, and a mobile phone. Police then searched his home and formally arrested him.
The investigation revealed that the attacker operated at Perth, Melbourne, and Adelaide airports, as well as on numerous domestic flights. It used a classic variant of the Evil Twin attack, creating fake Wi-Fi hotspots using the same network names (SSIDs) as legitimate airline and airport networks.
As a result, unsuspecting passengers connected to malicious networks and were redirected to phishing pages. There, victims were asked to log in using their email or social media credentials. The passwords and login information entered ended up in the hands of the criminals.
According to AFP, an examination of the devices seized from the man revealed the true extent of this activity. Thousands of intimate photos and videos, stolen credentials of numerous people, and records of fraudulent login pages were found on the devices.
It also emerged that the suspect had specifically targeted women’s accounts . After gaining access to their social media and emails, he monitored their personal correspondence and stole private intimate images and videos.
After police searched his home, the perpetrator attempted to destroy evidence . The next day, he deleted 1,752 files from his cloud storage and attempted, unsuccessfully, to remotely erase all data from his phone.
In July 2024, the defendant was formally charged with multiple crimes. He ultimately pleaded guilty to 15 charges , including five counts of unauthorized access to classified data, three counts of attempted access, one count of theft, two counts of disrupting electronic communications, possession of data with intent to commit a crime, attempted destruction of evidence, and failure to comply with a court order.
Australian police remind users that legitimate free Wi-Fi networks never require login via email or social media accounts. If the login portal requests such information, it should raise suspicion.
Additionally, experts recommend avoiding using banking apps and other services with sensitive data when connected to public networks and manually deleting saved connections after use to prevent the device from automatically reconnecting to them.
Redazione