Perth Man Sentenced for Hacking Women’s Online Accounts via Fake WiFi Networks
An Australian man has received a prison sentence of more than seven years for using “evil twin” WiFi networks to illegally access women’s online accounts and steal their personal and intimate images. The Australian Federal Police (AFP) made the announcement but did not disclose the man’s identity. However, multiple outlets have identified him as 44-year-old Michael Clapsis from Perth, an IT professional who misused his skills for illicit gains.
### Details of the Sentencing
On November 28, 2024, in Perth District Court, Clapsis was sentenced to seven years and four months. He will be eligible for parole after serving half of his sentence, as reported by the Sydney Morning Herald. Clapsis pleaded guilty to a total of 15 charges, which included unauthorized access to restricted data, attempted destruction of evidence, and other serious offenses related to electronic communication.
### Discovery of the “Evil Twin” Network
The AFP’s investigation commenced in April 2024 after an airline reported a suspicious WiFi network that was mimicking a legitimate access point during a domestic flight. This setup is commonly referred to as an “evil twin” network. When Clapsis arrived at Perth Airport on April 19, 2024, law enforcement officers searched his luggage and discovered various devices, including a portable wireless access point, a laptop, and a mobile phone. They later executed a search warrant at his home in Palmyra.
Forensic examinations revealed a trove of information on the seized devices, consisting of thousands of intimate images and videos, alongside credentials from multiple victims and fraud records of fake WiFi pages. The day following the search warrant, Clapsis attempted to erase over 1,700 items from a data storage application and tried to wipe his mobile phone remotely.
### Continued Misconduct During Investigation
The AFP reported that between April 22 and 23, 2024, Clapsis used specialized computer software to access his employer’s laptop, tapping into confidential online meetings with the AFP as part of the ongoing investigation. This further highlighted his misuse of IT privileges to delve into sensitive data.
According to the AFP, Clapsis utilized a device known as a “WiFi Pineapple” to capture probe requests from devices, automatically creating a fraudulent network with the same name. This tactic would trick devices into connecting to his network, which then redirected users to a login page where their credentials could be collected.
### Impact on Victims
During the sentencing, a prosecutor shared emotional statements from Clapsis’ victims, revealing the significant distress and violation of privacy they experienced. One victim expressed, “I feel like I have eyes on me 24/7,” while another stated, “Thoughts of hatred, disgust, and shame have impacted me severely. Even though they were only pictures, they were mine, not yours.”
In the courtroom, Clapsis’ attorney mentioned that he has sought help to understand his actions and address his problematic thought patterns. The case underlines the critical importance of caution regarding public WiFi networks, particularly when accessing sensitive information.
### Best Practices for Public WiFi Usage
The AFP has emphasized the need to avoid using free public WiFi whenever possible, especially for sensitive tasks. If using such networks is unavoidable, individuals should take precautions. It is advisable to install a reliable virtual private network (VPN) on devices to encrypt and safeguard personal data.
Additional guidelines include disabling file sharing, refraining from online banking activities while connected to public WiFi, and ensuring to configure devices to “forget network” once disconnected. These steps can help mitigate the risks associated with using unsecured WiFi connections.
