Australian man Michael Clapsis, 44, was recently sentenced to 7 years and 4 months in prison after being convicted of multiple cybercrimes. The primary charges stemmed from his use of a portable wireless access device, a Wi-Fi Pineapple, to create fraudulent “evil twin” Wi-Fi networks at major airports in Perth, Melbourne, and Adelaide, as well as on domestic flights, including one on Qantas. These rogue networks, which mimicked legitimate ones, were used to lure unsuspecting passengers into entering their email and social media credentials on fake webpages, allowing Clapsis to intercept and steal their data. An investigation was launched in April 2024 after an airline reported a suspicious Wi-Fi network during a flight, leading to his arrest and charges in May and July 2024 for unauthorized impairment of electronic communication and possession of data to commit a serious offense.
The investigation into the Wi-Fi attacks led to the discovery of a years-long pattern of sexual voyeurism. Investigators found evidence that Clapsis had been stealing private images and videos from women’s online accounts since as early as 2015. Over a six-year period, he took more than 700 photos and videos from 17 victims, including a minor, with many of the files containing nudity or intimate content. He also attempted to access the online accounts of seven victims and remotely wipe his devices when confronted by law enforcement. The District Court Judge Darren Renton emphasized that Clapsis had engaged in “systemic” offending over several years, noting the reputational damage his Wi-Fi crimes posed to the airline industry.
The man faced numerous charges, including unauthorized access or modification of restricted data, dishonestly obtaining or dealing in personal financial information, and possession of identification information. During the investigation, police conducted a search of his luggage at Perth Airport and his home in Palmyra, seizing a laptop, mobile phone, and the portable wireless access device used for the attacks. Analysis of the seized data revealed dozens of personal credentials and fraudulent Wi-Fi pages, confirming the use of these techniques at various locations, including places associated with his previous employment.
Clapsis was ultimately charged with three counts of unauthorized impairment of electronic communication, three counts of possession or control of data to commit a serious offense, and various charges related to the theft of intimate images. The court heard that the defendant’s lawyer argued his actions, particularly the theft of intimate images, stemmed from “sexual voyeurism” and that he had not shared the stolen files. The court also considered his diagnosis of autism and his struggles with shame, noting he had recently lost his job.
Despite these factors, the gravity and systemic nature of his crimes led to a total sentence of 7 years and 4 months. The sentence reflects the seriousness of both the sophisticated cyberattacks on critical infrastructure and the long-term, invasive theft of private content from numerous women. Michael Clapsis will be eligible for parole in 2030, concluding a case that highlighted both the danger of “evil twin” Wi-Fi attacks and the devastating impact of years-long cyber exploitation.
Reference:
