A West Australian IT worker and father has been jailed for at least five years after using fake 'free Wi-Fi' networks to steal intimate photos and videos from the personal accounts of women.
Michael Clapsis, 44, was sentenced in Perth District Court on Friday to seven years and four months’ imprisonment, with a non-parole period of five years.
Authorities arrested him and seized “a portable wireless access device, a laptop and a mobile phone” at Perth Airport in April 2024, after airline employees noticed a suspicious Wi-Fi network during a domestic flight.
A home in the Perth suburb of Palmyra was also searched before Clapsis was charged in May 2024 and later appeared in court in June of that year while on bail.
Australian Federal Police (AFP) have since alleged that devices they seized as part of the investigation contained “thousands of intimate images and videos, personal credentials belonging to other people, and records of fraudulent Wi-Fi pages” collected by Clapsis over several years.
At least one of the victims was a 17-year-old, authorities alleged.
Officers also alleged Clapsis had attempted to delete more than 1,700 files from a data storage account following searches of his home, and unsuccessfully tried to remotely erase the data on his mobile phone.
He pleaded guilty in June 2025 to several charges related to cybercrime, stealing, and the attempted destruction of evidence.
Offender used ‘evil twin’ Wi-Fi networks
AFP officials said Clapsis used his technical knowledge to create so-called ‘evil twin’ Wi-Fi networks, which posed as free public Wi-Fi services at airports in Perth, Melbourne, and Adelaide, as well as on several domestic flights.
They alleged he used these networks to steal data from the devices of unsuspecting people who connected to them.
This involved using a device known as a Wi-Fi Pineapple, which can be used for legitimate security testing but also to create a rogue access point (AP).
Clapsis’s rogue networks tricked the devices of nearby people searching for Wi-Fi into thinking his network was a trusted one which they could connect to automatically, police said.
AFP officials say stolen account details and 'thousands of intimate images and videos' were found on Clapsis's devices. Image: AFP / Supplied
Once connected, the networks took victims’ devices to a webpage where they were asked to use an email address or a social media account to log in.
“Once the victim entered their log-in credentials onto that fake portal, the data was saved on the man’s device so he could access them,” the AFP said.
“However, once people entered their details, it did not actually lead to a free Wi-Fi connection.”
Clapsis had accessed social media and other online accounts “linked to multiple unsuspecting women to monitor their communications and steal private and intimate images and videos”, police alleged.
He had spent more than six years collecting images from such accounts, the court reportedly heard.
Judge Darren Renton said Clapsis’s offending had been “systemic” and involved “multiple victims”, according to ABC News.
The prosecutor reportedly read statements from some victims to the court, including one who said they had been left "feeling exposed and unsafe" after being told their private images and data had been stolen.
A lawyer for Clapsis reportedly said his client had engaged in "sexual voyeurism" but had not used the images in any other way.
Employer’s ‘restricted and personal data’ accessed
Clapsis had also used IT privileges given to him through his work to access “restricted and personal data” from his latest employer, AFP said.
The technology worker was most recently employed as an IT infrastructure manager for international shipping company MSC, according to a LinkedIn profile bearing his name and image.
MSC did not respond to a request for comment when contacted by Information Age.
AFP officials said Clapsis used an unspecified software tool to gain access to a laptop belonging to his then-employer during the initial police investigation in April 2024, as well as details of confidential online meetings between the company and police.
AFP Commander Renee Colley said the case showed authorities could “identify criminals even when they’re hiding behind sophisticated technology and techniques”.
The public should “be vigilant” when using free Wi-Fi networks, including those in public spaces, or turn off Wi-Fi on their devices altogether to prevent automatic connections, Colley added.
“A network that requests your personal details – such as an email or social media account – should be avoided,” she said.
“If you do want to use public Wi-Fi, ensure your devices are equipped with a reputable virtual private network (VPN) to encrypt and secure your data.
“Disable file sharing, don’t use things like online banking while connected to public Wi-Fi and, once you disconnect, change your device settings to ‘forget network’.”
