The Wi-Fi Hacking Neighbor From Hell

Hugh Pickens writes "Barry Ardolf, a Minnesota hacker prosecutors described as a 'depraved criminal,' has been handed an 18-year prison term for unleashing a vendetta of cyberterror that turned his neighbors' lives into a living nightmare. Ardolf hacked into his next-door neighbors' Wi-Fi network and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct, and to send threatening e-mail to politicians, including Vice President Joe Biden. The bizarre tale began in 2009 when Matt and Bethany Kostolnik moved into the house next door to Ardolf. On their first day at their new home, the Kostolnik's then-4-year-old son wandered near Ardolf's house. While carrying him back next door, Ardolf allegedly kissed the boy on the lips. 'We've just moved next door to a pedophile,' Mrs. Kostolnik told her husband. The couple reported Ardolf to the police, angering their creepy new neighbor (PDF). 'I decided to "get even" by launching computer attacks against him,' said Ardolf, who downloaded Wi-Fi hacking software and spent two weeks cracking the Kostolnik's WEP encryption. Then he used their own Wi-Fi network to create a fake MySpace page for the husband, where he posted a picture of a pubescent girl having sex with two young boys. Ardolf turned down a 2-year plea agreement last year to charges related to the Biden e-mail. After that, the authorities piled on more charges, including identity theft and two kiddie-porn accusations carrying lifetime sex-offender registration requirements."

2 weeks for a WEP?

[LordAzuzu]

Noob! :)

Re:2 weeks for a WEP?

[phillips321]

Ummm, WEP requires enough IVs to crack, either through sniffing the network and capturing IVs (slowly) or by using a replay attack against the router in order to massively speed up the IV collection process.
WPA on the otherhand can be performed offline once the 4 way handshake as been captured.... (Which can be optained by waiting for a valid client to connect or by de-authing the clients and then capturing the handshake once they reconnect)

Re:2 weeks for a WEP?

[EraserMouseMan]

Yea, no kidding. After reading an article about a sick pedophile trying to frame his neighbors my first thought was, "I could have done that in a fraction of the time." Quite reassuring to know everyone else on /. thought the same thing.

Re:2 weeks for a WEP?

[Applekid]

That's the only interesting part though, the rest can be summed up as "Complete asshole behaves like complete asshole". There was nothing technical clever or new about what he did, although he went further than most such incidents I've heard of, but few slashdotters will be at all surprised that that kind of thing is possible. The only surprise is that it doesn't happen more often, more subtly ... or does it?

Reading the TFA from ars, the reason why he was caught was because he wasn't clever at all:

1) The only reason why he was caught is because his malicious actions were intertwined with his normal web traffic (his name in plain text and Comcast packets). He could have used a clean purpose-built computer for his torture, like a laptop, that wasn't configured for his own network at all, and hid it in a safe deposit box or something and they never would have figured out where it's coming from without a long and arduous task with a spectrum analyzer.

2) Ardolf did so much stuff on the target network that it raised suspicion. It's the same thing that happens to regular criminals: they get greedy and keep coming back for more. If he just went right for the terrorist threats and never ever connected again, his neighbors would never have had any reason to suspect external hacking. Even then, his prank emails to coworkers and social network profiles were so out there that they were obvious. There must have been many more subtle ways to do damage that aren't immediately obvious.

3) The neighbor works for a law firm and they were willing to spend the resources to check out his home network and find the unknown device as well as install a sniffer. I don't see a middle-manager working for a sub Fortune-500 company getting that same kind of help, they'd probably sooner call him a schizoid and fire him instead of dealing with that.

If he was a little smarter, I think he very well could have gotten away with it framing the innocent.

Re:2 weeks for a WEP?

[LordLimecat]

It only takes a few minutes IF:
A) there is a decent amoiunt of traffic going on.
B) You do active cracking, sending all sorts of bogus traffic and making the router light up like a christmas tree, as well as causing suspicious disconnections
C) Corollary to B, you have a wifi card capable of injection

Otherwise, you need to do passive sniffing to get enough IVs to actually crack it, and that really depends on whether you are sniffing when their primary usage times are, and how much data they regularly pull over wifi.

perceived sleights

[circletimessquare]

turned into byzantine obsession is a sign of a person who will do nothing but bring grief to anyone who ever touches his or her life

if you ever meet this type, back off slowly smiling, then run like hell

their feeling of disempowerment and helplessness (self-learned) and the eternal fight against that (fruitlessly projected outwards) is all they know, it defines their entire existence

Re:are the police extra sure he did it?

[sjpadbury]

From the summary:

'I decided to "get even" by launching computer attacks against him,' said Ardolf

Sounds like he confessed, so, um, yeah?

Why the sex offenders registration?

[L4t3r4lu5]

The guy didn't download the CP for sexual purposes. He's not a paedophile, just a warped anti-social individual.

That register is for people who have a proven (and acted upon) attraction to minors; Those who are a danger to children. Adding him to the list dilutes it and mitigates its usefulness. What he did should be covered by libel / defamation laws. He deserves to be taken out of society for what he did to that family, but there's nothing in there which supports the idea that he's dangerous sexual offender.

Re:Why the sex offenders registration?

[Combatso]

but there's nothing in there which supports the idea that he's dangerous sexual offender.

uh, so kissing their ten year old son on the lips against his will doesn't qualify?

Re:Why the sex offenders registration?

[nitehawk214]

It doesn't matter. If I obtain some heroin and plant it on you to frame you, I am still guilty of a drug offense.

Re:Why the sex offenders registration?

[batquux]

Unless you're a cop.

WEP

[david.given]

This seems totally bogus to me. How could someone possibly crack WEP in two weeks? I suppose if you didn't read the instructions you might be able to stretch it to a few hours, but two weeks? What was he doing all that time?

Re:WEP

[crow_t_robot]

What was he doing all that time?

Reading the man pages for aircrack-ng?

Re:Would MAC address filtering counter this proble

[dltaylor]

Most NICs support either intentional or "back-door" MAC address cloning. Cloud-computing resources can crack your WEP (trivial), WPA (harder/slower), and WPA2 (much harder and slower, but still doable, unless you rotate them daily).

Then, if you have implemented some reasonable level of security, when the jackboots kick in your door, you'll have a much harder time defending yourself during the pre-trial investigation, and, then, assuming you live long enough, in court, due to the security you put into place, obviously trying to hide your evil actions.

At best, you can discourage casual (mis-)use of your WiFi, but that wouldn't help against a long-term attack like this one.

If you're worried about it, shut it off, and run the cable, as I have.

The REAL WTF...

[DoofusOfDeath]

Is that prosecutors are allowed to offer plea deals.

If the prosecutor believes crimes were committed, then file charges. If not, don't.

If people are cowed into pleaing guilty (or no contest) to charges to which they believe they're innocent due to legal costs or fears of false conviction, the solution is radical reform of the legal system. NOT to create a gray area of semi-crime, semi-guilt, and semi-punishement. That is *not* innocence until proven guilty.

Re:Would MAC address filtering counter this proble

[TheCRAIGGERS]

Yeah, Mac filtering is pretty useless. I mean, what's the chances of a leet hacker using a Mac?

Steven Seagal's Apple Newton notwithstanding.

Re:are the police extra sure he did it?

[canajin56]

You mean besides the confession (already mentioned by another reply to you), and besides the fact that when he was emailing his victim's coworkers and bosses with message claiming to be a pedophile he accidentally left some of his ISP's software running, so his laptop was sending login information to Comcast using his own name and Comcast account number? Besides the search warrant that turned up a journal where he detailed his plan to "utterly destroy his life"? Besides the manuals on hacking WEP where he had scribbled his victim's wifi network name? Besides the fact that on his computer was the child pornography he planted on his victim? Along with a note in his journal "PLANT CHILD PORN". Besides the pile of stolen mail under his bed? Besides the unsent letter he had prepared where he had printed off his victim's last tax return, and attached a note that their life belongs to him, and he will end it? Yeah, basically sounds like a setup, could have been anybody!

Re:So how do you monitor your home wifi?

[ledow]

Don't trust your Wifi router to secure your internet connection, is the answer. WEP was built for wireless, and cracked. WPA was built for wireless, and cracked. Bluetooth was built for wireless, and cracked. It's only a matter of time before WPA2 and everything else goes the same way.

Plug a *real* router in there somewhere so that such things can be monitored and logged and/or you can VPN over your own internal Wifi link so that even someone having complete access to your wireless isn't a problem at all. Then you don't even *need* wifi encryption turned on at all (but it's a good hindrance to any intruders) and you can play games like upside-down-ternet with people who try to get a free ride on your connection.

That's the setup I had - just had a WPA network (WPA2 wasn't around at the time) and didn't trust WEP or (correctly, it seems now) WPA to secure my network. So I just made the wireless access point be an "untrusted" network, as it should be, on my main Linux router - which did the actual connection to the Internet and offering IP's etc.

Whenever I connected to wifi in the home, I ran OpenVPN over the top (so the only traffic you could sniff would be my already-encrypted OpenVPN traffic) - which was transparent and automatic and simple and could use per-client keys. I surfed, and my guests minds were blown that even after I'd told them the WPA password and they'd joined the wireless network they couldn't "see" anything at all.

This also lets you block EVERYTHING coming in via wifi to your laptop except for that OpenVPN port with a decent software firewall, which means you don't have to worry about something accessing filesharing ports, or tapping into whatever junk services your PC's are exposing to the whole wifi network (which, incidentally, can save a lot of bandwidth).

You're seriously relying on a piece of £30 Taiwanese crap to secure your entire Internet connection being broadcast over a radio sphere that could be kilometres wide if you have the right reception equipment? Nope. Treat it like an unsecured Internet connection - tunnel into a known-good server which has a wired connection to the Internet.

Re:are the police extra sure he did it?

[Born2bwire]

You read the article! No fair!