Police allege ‘evil twin’ of in-flight Wi-Fi used to steal passenger’s credentials
- Reference: 1719812709
- News link: https://www.theregister.co.uk/2024/07/01/australia_evil_twin_wifi_airline_attack/
- Source link:
The man was investigated after an airline “reported concerns about a suspicious Wi-Fi network identified by its employees during a domestic flight.”
The AFP subsequently arrested a man who was found with “a portable wireless access device, a laptop and a mobile phone” in his hand luggage.
[1]
That haul led the force to also search the man’s home – after securing a warrant – and then to his arrest and charging.
[2]
[3]
It’s alleged the accused’s collection of kit was used to create Wi-Fi hotspots with SSIDs confusingly similar to those airlines operate for in-flight access to the internet or streamed entertainment. Airport Wi-Fi was also targeted, and the AFP also found evidence of similar activities “at locations linked to the man’s previous employment.”
Wherever the accused’s rig ran, when users logged in to the network, they were asked to provide credentials.
[4]
The AFP alleges that details such as email addresses and passwords were saved to the suspect’s devices.
The charges laid against the man concern unauthorized access to devices and dishonest dealings. None of the charges laid suggest the accused used the data he allegedly accessed.
However three charges of “possession or control of data with the intent to commit a serious offence” suggest the alleged perp was alive to the possibilities of using the data for nefarious purposes.
[5]
AFP Western Command Cybercrime detective inspector Andrea Coleman pointed out that free Wi-Fi services should not require logging in through an email or social media account.
Perhaps curiously, she advocated users of public Wi-Fi should “install a reputable virtual private network (VPN) on your devices to encrypt and secure your data when using the internet.” He also recommended disabling file sharing, avoiding sensitive apps like banking while using public networks, and manually forgetting connections after use so that devices don’t automatically reconnect to naughty networks.
The accused appeared before a magistrate last week and was released on bail, and on condition he restrict his use of the internet in certain ways. ®
Get our [6]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZoJ@QFhF5loWgU5MVheifwAAAIQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZoJ@QFhF5loWgU5MVheifwAAAIQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZoJ@QFhF5loWgU5MVheifwAAAIQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZoJ@QFhF5loWgU5MVheifwAAAIQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZoJ@QFhF5loWgU5MVheifwAAAIQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://whitepapers.theregister.com/
Re: "on condition he restrict his use of the internet"
No kidding! They should have at least done something to slow him down, like only allowing him to connect through AOL via dialup.
Re: "on condition he restrict his use of the internet"
He lives in Australia not the American mid-west... Oh wait...
Name them?
Was his name, "Assange"?
I blame
The Wifi-Alliance
"The charges laid against the man concern... dishonest dealings."
If "dishonest dealings" are an indictable offence, why are there so many politicians on the loose?
Eh?
AFP Western Command Cybercrime detective inspector Andrea Coleman pointed out that free Wi-Fi services should not require logging in through an email or social media account
Pretty much every free WIFI offering asks for these details
Re: Eh?
Right? And even if you have to “sign up”, so many people re-use credentials that there’s a high chance of being able to use their details anyway.
Also, obviously, the VPN hokey is just parroting the nonsense that the VPN peddlers say, too.
Re: Eh?
But 90% of the time they don't bother checking the (fake) email address you have provided and just wave you through the portal.
Re: Eh?
I mean the number of times that the Ayatollah Khomeni, living at SW1A 1AA * logs in, you have to conclude there is zero checking of these details.... Mind you a little salting and pollution of their mailing lists is always a good thing. If they are harvesting valuable data, then it is not a "free" WiFi is it - so I give them non valuable data so they don't get nabbed for telling porkies.
* Buckingham Palace to save you looking it up
Re: Eh?
Michael Mouse using an info@[wifi provider's domain] logs in on a few access points around the world.
He often agrees to receive their spam emails too.
Re: Eh?
Michael.Mouse@disney.com
Michel.Souris@disney.fr
Who's been copying my lead ...
So charged with unauthorized access to devices and dishonest dealings.- Unless I am missing something, users voluntarily gave up details to access his AP and network services and he stored them like many ISPs do, so what crime was committed, unless he deliberately tried to imitate an airline free wi-fi to get credentials, if he just put up a page saying free wi-fi, then that's the users own fault?
However three charges of “possession or control of data with the intent to commit a serious offence” suggest the alleged perp was alive to the possibilities of using the data for nefarious purposes. - So just because he had the data freely given and that he "could" use it for naughty means, is now a crime, smells like he cops are desperate to pin something on him?
"unless he deliberately tried to imitate an airline free wi-fi to get credentials"
The article says he did exactly that:-
"It’s alleged the accused’s collection of kit was used to create Wi-Fi hotspots with SSIDs confusingly similar to those airlines operate for in-flight access to the internet or streamed entertainment."
"on condition he restrict his use of the internet"
How naive. Really ? Go back home and be nice is all he gets ?
He knows how to set up this stuff, he will do it again. How is the police going to monitor his connection to be sure he plays nice ? They won't. They don't have the means and, frankly, they have more important criminals to catch - and I'm furious that I have to acknowledge that.