Perth, Australia — What began as a routine airport security check quickly unraveled into one of Australia’s most disturbing cybercrime cases, exposing a years-long pattern of digital intrusion, privacy invasion and manipulation of airline passengers through a fake in-flight Wi-Fi system.
On Thursday, a Perth court sentenced Michael Clapsis, 44, to seven years and four months in prison for running a fraudulent wireless network that mimicked Qantas’s onboard system and for stealing hundreds of intimate images from women — offenses the judge described as “systemic and deeply violating.” He will be eligible for parole in 2030.
A Fraudulent Wi-Fi Network Hidden in Plain Sight
The investigation began in April 2024 when Qantas technicians noticed an unfamiliar network appearing alongside the airline’s official service. It was identical in name and appearance — a nearly flawless clone designed to lure unsuspecting passengers.
Authorities later determined that Clapsis used a device known as a Wi-Fi Pineapple Nano, a small but powerful tool capable of creating what cybersecurity experts call an “evil twin”: a counterfeit wireless access point that intercepts data from any device that connects to it.
Passengers who unknowingly signed in risked having their passwords, login tokens, or personal credentials siphoned directly to Clapsis.
The discovery jolted airline staff and raised alarms about vulnerabilities in airport and in-flight digital systems at a time when travelers increasingly depend on Wi-Fi for work and communication.
A Crime Far More Disturbing Than Data Theft
When federal officers arrested Clapsis at Perth Airport, they expected a routine cyber intrusion case. What they uncovered instead, prosecutors said, was a far more disturbing trove of evidence.
A forensic review of his devices revealed more than 700 intimate photos and videos belonging to 17 women and girls, some of them minors. Many images involved nudity or sexual content and had been taken from private cloud accounts and personal devices without consent.
Some victims knew Clapsis personally, including one who was a serving police officer. Others had no idea their accounts had been compromised until investigators contacted them.
For more than six years, authorities said, Clapsis quietly harvested personal content, cataloguing the images and modifying file names to make the material easier to find.
In court, multiple victims reported feeling “violated, exposed and unsafe,” describing the experience as a profound breach of trust that extended beyond the digital realm into their sense of bodily autonomy.
Attempts to Destroy Evidence
As officers moved to detain him, Clapsis tried to erase his tracks. He attempted to wipe his phone and delete nearly 1,800 files, many of them containing stolen material. Investigators also found he had tried to access his employer’s laptop after the investigation began, apparently to determine what information the company had shared with police.
Judge Darren Renton told the packed courtroom that Clapsis’s behavior demonstrated “a high level of planning, persistence and willingness to obstruct justice.”
The court also noted that the fake Wi-Fi scheme had the potential to undermine public confidence in Qantas and in aviation security more broadly.
A Case That Raises Alarming Security Questions
While the intimate-image theft dominated much of the courtroom discussion, cybersecurity professionals say the Wi-Fi impersonation scheme could have had sweeping consequences.
Airport and airline networks, they warn, are fertile ground for attackers because travelers rely on them during moments of distraction — boarding flights, rushing between gates, or connecting multiple devices at once.
The case illustrates how easily consumer trust can be exploited, particularly when fraudulent networks are nearly indistinguishable from official ones.
Following the verdict, the Australian Federal Police urged passengers to verify network names carefully and avoid logging into sensitive accounts over public Wi-Fi.
A Life Unravelled
Clapsis’s defense lawyer told the court that his client had been diagnosed with autism spectrum disorder and expressed deep shame for his actions. But Judge Renton said the diagnosis did not mitigate the scale or seriousness of the crimes.
Since his arrest, Clapsis has lost his job and struggled to secure new work, the defense said. But prosecutors argued that the impacts on victims — emotional, psychological, and long-lasting — far outweighed the consequences for the defendant.
A Warning for the Digital Age
The Clapsis case has become a stark symbol of the evolving risks of cybercrime in public spaces and of the ways digital tools can be weaponized to breach personal boundaries.
For airlines and law-enforcement agencies, it has underscored the need for stronger safeguards and public awareness. For travelers, it is a reminder that even the most familiar Wi-Fi network name may not be what it seems.
As the sentence was handed down, several victims told the court they hoped the case would encourage others to take digital privacy more seriously and push institutions to invest in better protections.
“Passengers should not have to question whether the Wi-Fi on their flight is real,” one victim said. “We trust these systems. He destroyed that trust.”
