Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Wi-Fi Hacking Neighbor From Hell

Posted by Soulskill on from the internet-equivalent-to-road-rage dept.

Hugh Pickens writes "Barry Ardolf, a Minnesota hacker prosecutors described as a 'depraved criminal,' has been handed an 18-year prison term for unleashing a vendetta of cyberterror that turned his neighbors' lives into a living nightmare. Ardolf hacked into his next-door neighbors' Wi-Fi network and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct, and to send threatening e-mail to politicians, including Vice President Joe Biden. The bizarre tale began in 2009 when Matt and Bethany Kostolnik moved into the house next door to Ardolf. On their first day at their new home, the Kostolnik's then-4-year-old son wandered near Ardolf's house. While carrying him back next door, Ardolf allegedly kissed the boy on the lips. 'We've just moved next door to a pedophile,' Mrs. Kostolnik told her husband. The couple reported Ardolf to the police, angering their creepy new neighbor (PDF). 'I decided to "get even" by launching computer attacks against him,' said Ardolf, who downloaded Wi-Fi hacking software and spent two weeks cracking the Kostolnik's WEP encryption. Then he used their own Wi-Fi network to create a fake MySpace page for the husband, where he posted a picture of a pubescent girl having sex with two young boys. Ardolf turned down a 2-year plea agreement last year to charges related to the Biden e-mail. After that, the authorities piled on more charges, including identity theft and two kiddie-porn accusations carrying lifetime sex-offender registration requirements."

8 of 584 comments (clear)

  1. Re:Would MAC address filtering counter this proble by drinkypoo · · Score: 1, Informative

    What additional security measures can be taken to thwart script kiddies like this guy?

    Well, there's always physical security. You catch someone doing something like this, and you put them under arrest yourself and then hope they resist, at which point you may use necessary force to subdue them. In California, anyway. Bring a witness with a camera.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  2. Re:are the police extra sure he did it? by sjpadbury · · Score: 3, Informative

    From the summary:

    'I decided to "get even" by launching computer attacks against him,' said Ardolf

    Sounds like he confessed, so, um, yeah?

    --
    We're all full up on Crazy here...
  3. WEP by david.given · · Score: 4, Informative

    This seems totally bogus to me. How could someone possibly crack WEP in two weeks? I suppose if you didn't read the instructions you might be able to stretch it to a few hours, but two weeks? What was he doing all that time?

  4. Re:Why the sex offenders registration? by Combatso · · Score: 3, Informative

    but there's nothing in there which supports the idea that he's dangerous sexual offender.

    uh, so kissing their ten year old son on the lips against his will doesn't qualify?

  5. Re:Plea Deal by RazzleFrog · · Score: 2, Informative

    He basically screwed around with the whole court system. Making a withdrawing pleas, coaching his family on what to say and notes they should write to the judge, making outrageous counter-claims, etc. Once he abandoned the plea they went after him for everything he had done. The 18 years is fair based on everything I read in that PDF.

  6. Re:So how do you monitor your home wifi? by ledow · · Score: 3, Informative

    Don't trust your Wifi router to secure your internet connection, is the answer. WEP was built for wireless, and cracked. WPA was built for wireless, and cracked. Bluetooth was built for wireless, and cracked. It's only a matter of time before WPA2 and everything else goes the same way.

    Plug a *real* router in there somewhere so that such things can be monitored and logged and/or you can VPN over your own internal Wifi link so that even someone having complete access to your wireless isn't a problem at all. Then you don't even *need* wifi encryption turned on at all (but it's a good hindrance to any intruders) and you can play games like upside-down-ternet with people who try to get a free ride on your connection.

    That's the setup I had - just had a WPA network (WPA2 wasn't around at the time) and didn't trust WEP or (correctly, it seems now) WPA to secure my network. So I just made the wireless access point be an "untrusted" network, as it should be, on my main Linux router - which did the actual connection to the Internet and offering IP's etc.

    Whenever I connected to wifi in the home, I ran OpenVPN over the top (so the only traffic you could sniff would be my already-encrypted OpenVPN traffic) - which was transparent and automatic and simple and could use per-client keys. I surfed, and my guests minds were blown that even after I'd told them the WPA password and they'd joined the wireless network they couldn't "see" anything at all.

    This also lets you block EVERYTHING coming in via wifi to your laptop except for that OpenVPN port with a decent software firewall, which means you don't have to worry about something accessing filesharing ports, or tapping into whatever junk services your PC's are exposing to the whole wifi network (which, incidentally, can save a lot of bandwidth).

    You're seriously relying on a piece of £30 Taiwanese crap to secure your entire Internet connection being broadcast over a radio sphere that could be kilometres wide if you have the right reception equipment? Nope. Treat it like an unsecured Internet connection - tunnel into a known-good server which has a wired connection to the Internet.

  7. Re:2 weeks for a WEP? by LordLimecat · · Score: 3, Informative

    It only takes a few minutes IF:
    A) there is a decent amoiunt of traffic going on.
    B) You do active cracking, sending all sorts of bogus traffic and making the router light up like a christmas tree, as well as causing suspicious disconnections
    C) Corollary to B, you have a wifi card capable of injection

    Otherwise, you need to do passive sniffing to get enough IVs to actually crack it, and that really depends on whether you are sniffing when their primary usage times are, and how much data they regularly pull over wifi.

  8. Bullhunky Court Documents by Anonymous Coward · · Score: 2, Informative

    Note that while I think that the court documents of the prosecution read like a really badly written TV soap, I am in no way supporting this "hacker" (not a term I would even think of attributing to him).

    In the court document (second link in this post), there is crap like:

    Details of the Offense

    A. Ardolf Kisses the Kostolniks’ Four-Year-Old Son Shortly
    after the Kostolniks Move to the Neighborhood

    Matt and Bethany Kostolnik moved into their dream home in
    August 2008. Located on a cul-de-sac in Blaine, the home provided
    room for their growing family; they had two children under five
    years old, and were expecting another child soon. On August 2,
    2008, one day after moving into their new home, the dream became a
    nightmare. The Kostolniks’ four-year-old son, W.K., wandered into
    a neighbor’s yard to climb on an inviting play-set. A pregnant
    Bethany saw W.K. in the neighbor’s yard and, while standing in the
    driveway of her home, called for him to come back while
    simultaneously trying to keep her 18-month-old son, J.K., from
    walking out the open doorway of their home. Finally, Bethany
    chased after W.K.
    .

    Its not a statement of facts, its a horror story told in the voice of Morgan Freeman at the beginning of a B movie.
    Sham(e)