A West Australian man who created 'evil twin' WiFi networks to capture personal data and hacked into women's online accounts to steal intimate material has been sentenced to seven years and four months' imprisonment.
The man, 44, was sentenced in Perth District Court today (28 November, 2025). He will be eligible for parole after serving five years.
The AFP commenced an investigation in April, 2024, after an airline reported that its employees had identified a suspicious WiFi network - which mimicked a legitimate access point - during a domestic flight.
On 19 April, 2024, AFP investigators searched the man's hand luggage when he arrived at Perth Airport on a flight from interstate where a portable wireless access device, laptop and mobile phone were seized. A search warrant was later executed at a Palmyra home.
Forensic analysis of data and the seized devices identified thousands of intimate images and videos, personal credentials belonging to other people, and records of fraudulent WiFi pages.
The day after the search warrant, the man deleted 1752 items from his account on a data storage application and unsuccessfully tried to remotely wipe his mobile phone.
Between 22 and 23 April, 2024, the man used a computer software tool to gain access to his employer's laptop to access confidential online meetings between his employer and the AFP regarding the investigation.
Following extensive investigations, the man pleaded guilty to:
- Five counts of cause unauthorised access or modification of restricted data, contrary to section 478.1 of the Criminal Code (Cth);
- Three counts of attempt to cause unauthorised access or modification of restricted data, contrary to section 478.1 of the Criminal Code (Cth);
- One count of stealing, contrary to section 378 of the Criminal Code (WA);
- Two counts of unauthorised impairment of electronic communication, contrary to section 477.3 of the Criminal Code (Cth);
- One count of possessed or controlled data with the intent to commit a serious offence, contrary to section 478.3 of the Criminal Code (Cth);
- One count of failure to comply with an order under section 3LA(2) of the Crimes Act (Cth), contrary to section 3LA(6) of the Crimes Act (Cth); and
- Two counts of attempted destruction of evidence, contrary to section 39 of the Crimes Act (Cth).
The man used a portable wireless access device, sometimes known as a WiFi Pineapple, to passively listen for device probe requests.
When detecting a request, the WiFi Pineapple instantly created a matching network with the same name, tricking a device that it is a trusted network. The device would then connect automatically.
The network took people to a webpage, where they were prompted to log on, using an email or social media account.
Once the victim entered their log-in credentials onto that fake portal, the data was saved on the man's device so he could access them.
However, once people entered their details, it did not actually lead to a free WiFi connection.
AFP cybercrime investigators identified data relating to the use of the fraudulent free WiFi pages at airports in Perth, Melbourne and Adelaide as well as on domestic flights, while the man also used his IT privileges to access restricted and personal data from his previous employment.
The man unlawfully accessed social media and other online accounts linked to multiple unsuspecting women to monitor their communications and steal private and intimate images and videos.
AFP Commander Renee Colley said the AFP remained committed to the identification of cybercriminals who used sophisticated technology to prey on unsuspecting victims.
"Cybercrime is a growing global threat, and our investigators are relentless in tracking down criminals who attempt to exploit digital anonymity to attack our community," Commander Colley said.
"The AFP's message to the community is to please be vigilant when connecting to any kind of free WiFi network, especially at public places such as airports.
"A network that requests your personal details - such as an email or social media account - should be avoided.
"If you do want to use public WiFi, ensure your devices are equipped with a reputable virtual private network (VPN) to encrypt and secure your data. Disable file sharing, don't use things like online banking while connected to public WiFi and, once you disconnect, change your device settings to 'forget network'.
"People should also switch off the WiFi on their devices to prevent them being automatically connecting to a hotspot in public spaces."
Commander Colley said the increasing theft of personal information and identification served as an urgent warning for people, especially those who might have connected to a free WiFi network, to investigate their own online security measures.
"These people should look at replacing singular passwords with passphrases and remember to avoid using the same passphrase for multiple accounts or devices," Commander Colley said.
"Install an online password manager and update software whenever you're prompted to do so."
Anyone who believes they are a victim of cybercrime should report it to police using Report Cyber.
If you are concerned your identity has been compromised, contact the national identity and cyber support service IDCARE.org
Further advice about connecting to public WiFi and hotspots is available on the Australian Cyber Security Centre website.
