Doesn’t this seem like an inefficient way to go about? Locked in a flying tin can with the same ~100 people for a few hours. I would think a public library or busy transit station would net way more info, with the added advantage of not being locked in if someone starts getting suspicious.
If you are trying to steel credentials from people with power and money passengers in first class are a good target.
Where else are you going to find a cluster of people like that that are using the wifi and are going to be there for hours. It’s about as optimal as I can think of.
Even better if you are targeting a spefic company. Just pick flights out of the headquarters for that company.
If you want to attack say Microsoft pick a flight from Seattle to DC. Pretty good odds of a Microsoft high up being on the flight and wanting to use the wifi for work.
What do you do when you’re locked in a flying tin can and bored out of your mind?
Some of us just fire up Kali and play
I feel like with the advent of nearly ubiquitous unlimited mobile data plans (in some parts of the world) a lot less people use public WiFi. However on a plane you have little choice, so it makes sense.
The article said the man had done similar with airport wifi and a place of prior employment. But the airplane one is an odd choice
Who hides in a Pineapple from the FCC?
EDIT:
This is the best summary I could come up with:
Australia’s Federal Police (AFP) has charged a man with running a fake Wi-Fi networks on at least one commercial flight and using it to harvest fliers’ credentials for email and social media services.
The man was investigated after an airline “reported concerns about a suspicious Wi-Fi network identified by its employees during a domestic flight.”
The AFP subsequently arrested a man who was found with “a portable wireless access device, a laptop and a mobile phone” in his hand luggage.
It’s alleged the accused’s collection of kit was used to create Wi-Fi hotspots with SSIDs confusingly similar to those airlines operate for in-flight access to the internet or streamed entertainment.
Airport Wi-Fi was also targeted, and the AFP also found evidence of similar activities “at locations linked to the man’s previous employment.”
AFP Western Command Cybercrime detective inspector Andrea Coleman pointed out that free Wi-Fi services should not require logging in through an email or social media account.
The original article contains 364 words, the summary contains 158 words. Saved 57%. I’m a bot and I’m open source!
This sounds like it could be a combination FCC and FAA felony.
Oops, nope, I was thinking of the wrong country.
You can tell because it has a goatee.
They arrested him? What was the crime?? People connected to his network. Its not like he hacked their network.
emphasis added by me From the article:
The man was investigated after an airline “reported concerns about a suspicious Wi-Fi network identified by its employees during a domestic flight.”
It’s alleged the accused’s collection of kit was used to create Wi-Fi hotspots with SSIDs confusingly similar to those airlines operate for in-flight access to the internet or streamed entertainment. Airport Wi-Fi was also targeted, and the AFP also found evidence of similar activities “at locations linked to the man’s previous employment.”
Wherever the accused’s rig ran, when users logged in to the network, they were asked to provide credentials. The AFP alleges that details such as email addresses and passwords were saved to the suspect’s devices.
The charges laid against the man concern unauthorized access to devices and dishonest dealings. None of the charges laid suggest the accused used the data he allegedly accessed.
However three charges of “possession or control of data with the intent to commit a serious offence” suggest the alleged perp was alive to the possibilities of using the data for nefarious purposes.
Cybercrime is illegal just like stealing or committing fraud
Cybercrime is usually defined as unauthorized system access.
How is running a free WiFi AP a crime?
Because you are stealing peoples data and credentials.
So the airline is also comitting a crime?
They aren’t stealing login data to my knowledge
