Hacking Neighbor Pleads Guilty On Death Threats and Porn

wiredmikey writes "Another good reason to make sure your wireless is secured! 'Barry Vincent Ardolf of Blaine, Minnesota pleaded guilty to hacking into his neighbor's wireless Internet system and posing as the neighbor to make threats to kill the Vice President of the United States. Just two days into his federal trial in St. Paul, Ardolf stopped the trial to plead guilty. According to the US Department of Justice, in his plea agreement, Ardolf, 45 years-old, was indicted on June 23, 2010, admitted that in February of 2009, he hacked into his neighbor's wireless Internet connection and created multiple Yahoo.com email accounts in his neighbor's name." Ardolf's guilty plea included child porn possession, as well as the death threats.

Re:What's not to like?

[andolyne]

when you read TFA, it actually just sounds like he was screwing around and the child porn was more like "this'll get the dude in trouble" rather than "I have a private collection because i'm a pedo".

Either way, the dude was really stupid and deserves to get jail time for it.

edit: changed the word "article" to TFA cause that's the way it's done here ;)

MAC Address Spoofing

[nuckfuts]

Connecting to a wireless router usually means obtaining IP settings via DHCP. In the process, the MAC address of your network adapter (which is supposed to unique) will be recorded on the router, at least for some period of time. Therefore, if you want to connect without leaving an obvious fingerprint pointing back to your computer, first modify the MAC address that your network card is putting out. On Windows machines, drivers often provide a way to specify your MAC address under the "advanced properties" of the adapter. On my Intel network adapter, for example, the setting is listed as "Locally Administered Address", and is undefined by default.

You might even spoof a specific make of network adapter by choosing an "Organizationally Unique Identifier" from the OUI Public Listing [ieee.org].

This article has a lot of details...

[Anonymous Coward]

The neighbors suspected the guy right away. Fortunately, the investigators listened to the [innocent] neighbors and started looking at the real bad guy.

http://www.startribune.com/local/north/112080854.html?elr=KArks:DCiUHc3E7_V_nDaycUiD3aPc:_Yyc:aUoD3aPc:_2yc:a_ncyD_MDCiU [startribune.com]

Re:What's not to like?

[FutureDomain]

what can a normal user do against these smart asses?

Here's an idea. Get a Linux based router (I have a Linksys with DD-WRT) and use it to muck with any connections coming from his MAC address. You could block all his Bittorrent connections and redirect his HTTP connections somewhere else (such as a rickroll or goatse). Do this long enough to annoy the heck out of him and then block him completely using a higher grade encryption (such as WPA2) and/or MAC filtering.

Re:What's not to like?

[ProfanityHead]

what can a normal user do against these smart asses?

Here's an idea. Get a Linux based router (I have a Linksys with DD-WRT) and use it to muck with any connections coming from his MAC address. You could block all his Bittorrent connections and redirect his HTTP connections somewhere else (such as a rickroll or goatse). Do this long enough to annoy the heck out of him and then block him completely using a higher grade encryption (such as WPA2) and/or MAC filtering.

MAC filtering? SERIOUSLY?

That is just so wrong.

Re:What's not to like?

[Anonymous Coward]

This guy has a history of problems with neighbors. This isnt his first run in with the law
See: http://www.startribune.com/local/99435264.html
and
http://www.startribune.com/local/north/96012389.html

Re:What's not to like?

[nbauman]

Minneapolis Star Tribune http://www.startribune.com/ [startribune.com] had several stories, which you can find by searching for "Ardolf". Good stories, although not too technical.

The victim, Matt Kostolnik, worked in a law firm, and Ardolf sent messages to the firm. The law firm hired an investigator to figure out what was going on. The investigator tracked Kostolnik's wireless traffic, and fingered Ardolf. Then they sent the cops with a search warrant to Ardolf's house, which produced even more incriminating evidence.

Ardolf turned down a plea bargain on the identity theft charges alone, so they added the child porn charges and went to trial. When he saw the evidence against him, he gave up and pled guilty.

I can remember a handful of cases like this where the victim got out of it because they managed to catch the real criminal. (Wasn't there one recently in England?) I wonder how many cases there were where the innocent victim got convicted.

Re:My neighbor's IP

[MachDelta]

He sent threats and child porn (etc) to his neighbours co-workers. His neighbours hired an "investigator" who then discovered buddy was jacking their wireless.

Basically someone looked at their router logs.

Re:What's not to like?

[Anonymous Coward]

MAC filtering is a waste of time. MAC addresses can easily be changed to match one of your exciting addresses. And you're already broadcasting your existing devices. Guess what one of the first things attack tools do when they're having trouble getting a response from the AP?

I know; I was there...

[AntariMysteec]

I just got forwarded this link by an associate of mine. I was surprised to find out this made slashdot... I was the "private investigator" that was hired to originally absolve the neighbor from sending the original emails which included the child porn to the lawfirm's partners. After seeing the pattern I thought I had a good chance to catch the hacker and the firm retained my services to go after him. The reasoning was that if we were to lock things down (remove the wireless and hardwire) that the person trying to get at the neighbor would find other avenues to get at him. We had a very reasonable honey pot that could produce honey sitting in front of us. I'm independent not working for any one other than my own company/myself or subcontracted for numerous firms around. I used a combination of wireshark and a few self custom written utilities to go after this guy. And no, these utilities are mine and are not for sale; sorry. I'm an engineer/analyst, security specialist, and developer with about 24 years of paid professional experience which really helps when you need to understand something then write a utility to provide it. His wireless was installed by qwest and used WEP as the base configuration (GASP). Whether or not this encryption should have been used or not, the sheer nature that there was some form of encryption did matter in the end. It is easy to hack WEP (and not too hard for WPA/WPA2 either...) but it is illegal to do so. This is one of the six charges he was charged with. From what I understand, if there was no encryption then it would have been a completely different case... It took months of watching the traffic, sifting through gigabytes of PCAP logs, to find what I was looking for. Once I found the smoking gun it was provided back to the FBI that validated what I found then issued a search warrant to go after the guy. The fact was that a MAC address was impossible to use so the firewall log only showed that rogue connections were being made. A single IP address was also impossible to use since that IP address was being assigned by the neighbor's DHCP server (dsl router). The FBI and Secret Service was not involved with the initial technical search nor could they be due to federal laws. Barry was a "certified ethical hacker" (CEH) which means that he knew the process and has been trained to run the proper utilities to hack. Not that this is mandatory, any kiddie can search on youtube to find out how to do this and just how easy it is. But he at least understood the concept of IP addressing. It turns out that he understood MAC addresses as well since he was changing his computer's NIC's MAC address on a regular basis. I don't know exactly what was found on Barry's computers once the FBI took over or how much (if any) additional child porn was pulled. I do know he found the previous neighbors (from another city) SSNs, their tax returns, and also copies of the current threatening letters on his computers. The other neighbor's around Barry's house were also broken into which made the argument of using a YAGI antennae an almost impossible feat due to the physical locations of the houses. All I know is that this guy had some serious issues and became "bitter" at the world that seemed to have started when his wife suddenly died about 10 years ago. There was a LOT to this case and it wasn't a simple slam dunk. We had a mountain of evidence that was racked up over a period of time. Each piece was necessary to prove/disprove methods and ownership. The worst part was getting the information in a form that the jury would understand. I firmly believe that our federal prosecutor had a good understanding (and took the time to understand) the technology behind it and created a very easily understood case without losing the intrigrity of the technology. Point is, no matter how good you think you are; there is always someone better (and the same goes for me as well). Stay white; its just not worth it.... This guy is looking at a possible 44 years in fed. Barry was offered a plea of 2 y