Australian Michael Clapsis got 7 years and 4 months in prison for Wi-Fi attacks at airports and on flights, stealing sensitive data.
Australian man Michael Clapsis (44) was sentenced to 7 years and 4 months in prison for conducting Wi-Fi attacks at airports and on flights, stealing sensitive information, according to the Australian Federal Police (AFP).
“A Perth hacker who stole intimate videos from women and set up a fake Qantas Wi-Fi network to steal passengers’ data has been jailed, with a judge warning of the potential reputational damage of his crimes on the airline.” reported ABC news. “That investigation led to the further discovery he had been stealing women’s private images from personal online accounts for years.”
The man also attempted to access online addresses or accounts of seven victims from as early as 2015.
Investigators found he had stolen private images from women’s online accounts for years. Over six years, he took more than 700 photos and videos from 17 victims, including a 17-year-old. Many files contained nudity and intimate or sexual content.
The man also attempted to remotely wipe his phone and erase 1,752 files from his laptop, many containing intimate images of women. He also accessed his employer’s laptop without authorization to watch confidential meetings between the company and the AFP about the investigation.
Australian media identified the hacker as Michael Clapsis, 44. The AFP said Clapsis created “evil twin” Wi-Fi networks at major airports and on domestic flights, using a Wi-Fi Pineapple to steal victims’ credentials.
In July 2024, the Australian man was charged with creating “evil twin” Wi-Fi hotspots at airports and other sites, stealing email and social media credentials from users who connected.
An Evil Twin Wi-Fi attack is a type of cyberattack where a threat actor sets up a rogue wireless access point that mimics a legitimate one. The goal is to trick users into connecting to the fake access point, thereby allowing the attacker to intercept, capture, and manipulate data transmitted by the victim.
The AFP charged an Australian man with operating a fake Wi-Fi access point on a domestic flight to steal user credentials and data.
The defendant faced charges of three counts of unauthorized impairment of electronic communication and three counts of possession or control of data to commit a serious offense.
The man was also charged with unauthorized access or modification of restricted data, dishonestly obtaining or dealing in personal financial information, and possession of identification information. If convicted, he faces a maximum sentence of 23 years in prison.
The analysis of the seized data and devices from the Australian man revealed dozens of personal credentials and fraudulent WiFi pages. The man was charged in May 2024 following an investigation launched in April 2024 after an airline reported a suspicious WiFi network during a domestic flight. The investigators found a portable wireless access device, a laptop, and a mobile phone in the man’s luggage at Perth Airport. The Australian police also searched the man’s home in Palmyra. A second search warrant on May 8, 2024, led to his arrest and charges. Police alleged he created ‘evil twin’ WiFi networks to lure users into entering their credentials on fake webpages, which he then stored. These harvested cfedentials could be used to access victims’ personal information and bank details.
AFP cybercrime investigators collected evidence that indicates the use of fraudulent WiFi pages at airports in Perth, Melbourne, and Adelaide, on domestic flights, and at locations associated with the man’s previous employment.
ABC reported that the District Court Judge Darren Renton said Clapsis had engaged in “systemic” offending over several years.
“Your crimes had multiple victims,” he said.
Here’s a clear, compact summary:
Clapsis’ lawyer said he acted out of “sexual voyeurism” and didn’t share the intimate images. The court heard he has autism and has struggled with shame. After losing his job in April 2024, he worked only small odd jobs. He received a total sentence of seven years and four months and will be eligible for parole in 2030.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Wi-Fi attacks)
