A West Australian man who built “evil twin” WiFi networks to harvest personal data and hacked into women’s online accounts to steal intimate material has been sentenced to seven years and four months’ imprisonment.
AFP Commander Renee Colley said the case underscored how cybercriminals were exploiting digital anonymity to target unsuspecting victims.
“Cybercrime is a growing global threat, and our investigators are relentless in tracking down criminals who attempt to exploit digital anonymity to attack our community.”
The 44-year-old was sentenced in the Perth District Court today and will be eligible for parole after serving five years.
Commander Colley urged Australians to take extra care when connecting to free public WiFi. “A network that requests your personal details – such as an email or social media account – should be avoided,” she said.
“People should switch off the WiFi on their devices to prevent them automatically connecting to hotspots in public spaces.”
The AFP launched its investigation in April 2024 after an airline reported a suspicious WiFi network detected during a domestic flight. The network mimicked a legitimate access point, raising immediate red flags for airline staff.
When the man arrived at Perth Airport on 19 April 2024 on a flight from interstate, AFP investigators searched his hand luggage and seized a portable wireless access device, laptop and mobile phone. A subsequent search warrant was executed at a home in Palmyra.
Forensic analysis uncovered thousands of intimate images and videos, the personal credentials of other people, and records of fraudulent WiFi pages. The day after the search warrant, the man deleted more than 1700 items from a cloud storage account and unsuccessfully attempted to remotely wipe his mobile phone.
Investigators also found he had used specialist software to access his employer’s laptop between 22 and 23 April 2024, allowing him to view confidential online meetings between the employer and the AFP regarding the investigation.
The man later pleaded guilty to a series of cyber and criminal offences, including causing unauthorised access to restricted data, attempted unauthorised access, stealing, unauthorised impairment of electronic communication, possessing data with the intent to commit a serious offence, failing to comply with a Crimes Act order, and attempted destruction of evidence.
According to the AFP, the man used a portable wireless access device – commonly known as a WiFi Pineapple – to detect device probe requests and instantly create a matching network name. Devices automatically connected, taking victims to a fake log-in page that captured their credentials but did not provide actual internet access.
AFP cybercrime teams identified data linked to these fraudulent free WiFi pages at airports in Perth, Melbourne and Adelaide, as well as on domestic flights. The man also exploited IT privileges from a previous job to access restricted information.
He then unlawfully accessed the social media and online accounts of multiple women, monitoring their communications and stealing private images and videos.
Commander Colley said rising theft of personal information should prompt people to review their own online security. “Replace singular passwords with passphrases and avoid using the same passphrase for multiple accounts,” she advised.
“Install an online password manager and update software whenever you’re prompted to do so.”
She said the AFP’s message was clear:
“Please be vigilant when connecting to any kind of free WiFi network, especially in public places such as airports.”
Support our Journalism
No-nonsense journalism. No paywalls. Whether you’re in Australia, the UK, Canada, the USA, or India, you can support The Australia Today by taking a paid subscription via Patreon or donating via PayPal — and help keep honest, fearless journalism alive.
