Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government Wireless Networking Your Rights Online

Hacking Neighbor Pleads Guilty On Death Threats and Porn 284

wiredmikey writes "Another good reason to make sure your wireless is secured! 'Barry Vincent Ardolf of Blaine, Minnesota pleaded guilty to hacking into his neighbor's wireless Internet system and posing as the neighbor to make threats to kill the Vice President of the United States. Just two days into his federal trial in St. Paul, Ardolf stopped the trial to plead guilty. According to the US Department of Justice, in his plea agreement, Ardolf, 45 years-old, was indicted on June 23, 2010, admitted that in February of 2009, he hacked into his neighbor's wireless Internet connection and created multiple Yahoo.com email accounts in his neighbor's name." Ardolf's guilty plea included child porn possession, as well as the death threats.
This discussion has been archived. No new comments can be posted.

Hacking Neighbor Pleads Guilty On Death Threats and Porn

Comments Filter:
  • by asher09 ( 1684758 ) on Tuesday December 21, 2010 @07:46PM (#34636410) Homepage
    First post! ...(from my neighbor's IP address; so mod him down, not me)
  • What's not to like? (Score:5, Interesting)

    by seebs ( 15766 ) on Tuesday December 21, 2010 @07:48PM (#34636418) Homepage

    Death threats against the vice president, breaking into his neighbor's wireless... But no, he didn't stop there. Child porn.

    I wonder if some company that has a wireless security technology hired this guy to make their product look necessary.

    • +1 Ethically Questionable Business Tactic
    • by andolyne ( 1342935 ) on Tuesday December 21, 2010 @07:51PM (#34636452)

      when you read TFA, it actually just sounds like he was screwing around and the child porn was more like "this'll get the dude in trouble" rather than "I have a private collection because i'm a pedo".

      Either way, the dude was really stupid and deserves to get jail time for it.

      edit: changed the word "article" to TFA cause that's the way it's done here ;)

      • Comment removed (Score:5, Interesting)

        by account_deleted ( 4530225 ) on Tuesday December 21, 2010 @07:57PM (#34636518)
        Comment removed based on user account deletion
        • by Barny ( 103770 ) on Tuesday December 21, 2010 @08:27PM (#34636768) Journal

          Browser history, cache, etc.

          They would have gotten the guy who owns the net connections PC and gone to town, found it clean of any corroborating evidence and then gone looking for neighbours who might have been using it (since it would have been a regular thing over time). Cross reference which neighbours don't have their own net connections with a motive (who had a grudge against him).

          Easier to narrow down the field of who would do it by motive, of course once it was established it was a frame up.

          • by cob666 ( 656740 )
            The could have just checked the DHCP log in the wireless router.
        • by icebike ( 68054 ) on Tuesday December 21, 2010 @08:35PM (#34636830)

          The article is rather sparse on details, but what interests me is that Ardolf didn't succeed in his "this'll get the dude in trouble" plan; what led the police to believe that the access point had been 'hacked'? What security was used, for that matter? Were there logs?

          Chances are it was wide open, no security. The guy does not sound bright enough to have even hacked WEP, let alone anything stronger.

          With that fact in hand, and finding no evidence that the neighbor had any knowledge or ill intent, your circle of suspects is limited to what you can measure with a standard hard ware store carpenters tape measure.

          • by Anonymous Coward on Tuesday December 21, 2010 @09:19PM (#34637148)

            This guy has a history of problems with neighbors. This isnt his first run in with the law
            See: http://www.startribune.com/local/99435264.html
            and
            http://www.startribune.com/local/north/96012389.html

          • With that fact in hand

            This last week stealing wifi [michiananewschannel.com] was front page news.

            This past week Officer Keith Kirk, during the middle of the day caught and arrested a subject standing in an alley behind a local business, with residential housing on the other side of the alley, holding his laptop in one hand and self-gratifying himself in public. The person had connected his computer to the internet through the connection that the local business he was standing next to offers to their customers. This subject has been charged with multiple felony charges and his computer has been seized

        • by Hatta ( 162192 ) on Tuesday December 21, 2010 @09:03PM (#34637062) Journal

          The guilty plea certainly makes it seem like this is a case where computer fraud was handled correctly by the system

          Don't be so quick. Many innocent people plead guilty because they've been poorly advised by a public defender. A plea of guilty doesn't mean the person was guilty. It means that a deal was offered and the suspect had no faith in his defense at trial.

          • by westlake ( 615356 ) on Tuesday December 21, 2010 @10:29PM (#34637496)

            Don't be so quick. Many innocent people plead guilty because they've been poorly advised by a public defender. A plea of guilty doesn't mean the person was guilty. It means that a deal was offered and the suspect had no faith in his defense at trial.

            Where does it say he had a public defender?

            He'd refused a more favorable plea deal last summer, insisting on fighting the government's case against him. But after two days of trial -- including Thursday's testimony from expert witnesses who showed the elaborate means Ardolf used to harass and smear neighbors who'd once called the police on him -- he stopped denying what he had done.
            "The reality of it became apparent to him that this was going to happen and he didn't want to perpetuate his own distress or the pain for the victims," Ardolf's lawyer, Seamus Mahoney, said Friday.
            Vengeful neighbor in Blaine pleads to Biden threat, hacking [startribune.com]

            Seamus Mahoney [seamusmahoney.com] is a criminal defense attorney with a state-wide practice in Minnnesota.

          • by rtb61 ( 674572 )

            If you look at this story in depth there is a real warning of how badly it might have gone, a more in depth article http://www.startribune.com/local/north/112080854.html?elr=KArks:DCiUHc3E7_V_nDaycUiD3aPc:_Yyc:aUoD3aPc:_2yc:a_ncyD_MDCiU [startribune.com] really indicates it was only a matter of timing.

            If the actual perpetrator of the crime had stopped a little sooner, after his neighbours had been accused and prior to their lawyers assisting them with a private investigator (note the police had already defined their guilt

        • by nbauman ( 624611 ) on Tuesday December 21, 2010 @10:01PM (#34637348) Homepage Journal

          Minneapolis Star Tribune http://www.startribune.com/ [startribune.com] had several stories, which you can find by searching for "Ardolf". Good stories, although not too technical.

          The victim, Matt Kostolnik, worked in a law firm, and Ardolf sent messages to the firm. The law firm hired an investigator to figure out what was going on. The investigator tracked Kostolnik's wireless traffic, and fingered Ardolf. Then they sent the cops with a search warrant to Ardolf's house, which produced even more incriminating evidence.

          Ardolf turned down a plea bargain on the identity theft charges alone, so they added the child porn charges and went to trial. When he saw the evidence against him, he gave up and pled guilty.

          I can remember a handful of cases like this where the victim got out of it because they managed to catch the real criminal. (Wasn't there one recently in England?) I wonder how many cases there were where the innocent victim got convicted.

        • by blueg3 ( 192743 )

          In criminal matters, law enforcement knows full well that an IP address is not a unique identifier. There are countless cases where a computer is shared among multiple people or an access point is "borrowed" to obtain illicit material. You can't really get a conviction with just evidence that illicit material was sent to a particular IP address; the defendant's lawyers will have a field day with that. You need real corroborating evidence, like files on the guy's computer.

      • by Idbar ( 1034346 )
        I recently moved to a new apartment, my connection wasn't that great and I was having problems with my router. I used WEP to make it "light" to the router to deal with security and due to some backward compatibility I needed for some devices at home.

        When I thought my router was having problems, I bought a new one, only to realize through logs that my lovely neighbor broke into my network and was torrenting and stressing my router, my connection and most likely downloading illegal stuff.

        Now, my router
        • Manually assigned IP addresses and manual routing would put a big dent in this sort of thing.
          • Re: (Score:2, Insightful)

            by cob666 ( 656740 )
            Or you could only allow certain MAC addresses to connect.
            • Since when has MAC filtering been more than a minute annoyance to an attacker. Or lack of DHCP/ Routing.

              Strong passwords, WPA2-CCMP and a good watch on your logs is the only thing that's going to keep you safe (at this point in time) if you are home user.
            • MAC filtering will stop a kiddie for all of 3 seconds. WEP for 45 seconds. WPA (with a PSK) with a short password ( 8 characters) for a few minutes or hours based on complexity and/or computing power. The best thing you can do is to use WPA2 with a long random password full of special characters. Even then you're open to a bruteforce attack. When I'm on wifi, I just assume everything I do is being monitored (lemme adjust my tinfoil hat), if there's anything critical that I need to do, I do it plugged
        • Re: (Score:2, Informative)

          what can a normal user do against these smart asses?

          Here's an idea. Get a Linux based router (I have a Linksys with DD-WRT) and use it to muck with any connections coming from his MAC address. You could block all his Bittorrent connections and redirect his HTTP connections somewhere else (such as a rickroll or goatse). Do this long enough to annoy the heck out of him and then block him completely using a higher grade encryption (such as WPA2) and/or MAC filtering.

          • Re: (Score:3, Informative)

            what can a normal user do against these smart asses?

            Here's an idea. Get a Linux based router (I have a Linksys with DD-WRT) and use it to muck with any connections coming from his MAC address. You could block all his Bittorrent connections and redirect his HTTP connections somewhere else (such as a rickroll or goatse). Do this long enough to annoy the heck out of him and then block him completely using a higher grade encryption (such as WPA2) and/or MAC filtering.

            MAC filtering? SERIOUSLY?

            That is just so wrong.

            • by Cwix ( 1671282 )

              If he doesnt have a large number of devices, AND he doesnt add new devices with any frequency, then adding a few address to a MAC list isnt a bad idea. Unless the neighbor knows what mac to spoof, he wont get on.

              It by no means is a great or even good security practice, but in certain situations, it isnt that horrible.

              • If he doesnt have a large number of devices, AND he doesnt add new devices with any frequency, then adding a few address to a MAC list isnt a bad idea.

                The problem is that the scenario involves a neighbor who has gone through the effort of breaking WEP; anyone using the tools to break WEP already has the tools available to see the MAC addresses of whitelisted clients, and thus can just spoof a valid MAC address.

                • by Cwix ( 1671282 )

                  While you are correct that it isn't failsafe, doesn't negate the fact that good security is layered. Any roadblock you can put up, that doesn't cause you too many problems, is a good roadblock.

                  Will it stop the attacker? Maybe, Maybe not. It really depends how much the attacker actually knows, and how much hes relying on uB3r l33T WEP crack scripts.

              • Unless the neighbor knows what mac to spoof, he wont get on.
                You know that your wireless devices are broadcasting their MAC addresses right?
          • If BitTorrent never works then it is obvious that it is blocked. If you slow it down to something ridiculously measly, such as a few kb/s, and eventually disconnect at random intervals, it is much more annoying for the neighbor and hence funnier that way.

            Same goes for HTTP redirects. Make them only happen every 50 pages or something. If you have a fair bit of time on your hands then injecting fake news articles onto their favorite news site could be interesting.

            • by Myopic ( 18616 )

              I'm revoking your nerd merit badge for explaining all of that instead of linking to the obligatory XKCD [xkcd.com].

              • Yeah well I'm going to revoke your nerd merit badge revoking privileges and replace you with a very simple shell script.

                On second thoughts, someone could just write a browser add-on to prevent people such as me making such terrible mistakes in future.

            • by Jardine ( 398197 )

              If BitTorrent never works then it is obvious that it is blocked. If you slow it down to something ridiculously measly, such as a few kb/s, and eventually disconnect at random intervals, it is much more annoying for the neighbor and hence funnier that way.

              My ISP provides that service already. Thanks Bell Canada!

        • by icebike ( 68054 ) on Tuesday December 21, 2010 @08:57PM (#34637016)

          Luckily, I tracked this down and secure further the network, but without proper tools, what can a normal user do against these smart asses?

          Read Slash Dot occasionally and notice that WEP is insecure.
          http://lmgtfy.com/?q=WEP+insecure+site%3Aslashdot.org [lmgtfy.com]

          Move away from WEP (its been known for 5 years to be easily hacked).

          WPA2 is where you want to be.
          I had a laptop with a mini-pci network adapter built in that was old enough that it didn't support anything but WEP. 8 bucks got me a replacement card from Amazon, which did WPA2.

          Computers are easy to upgrade. Some stuff is harder.

          • Comment removed based on user account deletion
          • by Idbar ( 1034346 )
            I certainly read quite often about that. I had an old windows smartphone with no WPA support (I recently changed my phone so I was able to upgrade my security).

            My point is, does that mean that if I get to crack the WPA security of my neighbors, I should just do whatever I want on their network, including illegal attacks and downloading illegal content, and well "Bad luck I manage to crack your security and screwup your life"?
      • He was originally pissed at his neighbors for calling the cops on him when he got caught kissing their son. I wouldn't be so sure of his motives.
        Also, you should have wrote RTFA rather than just TFA.
      • What I wonder: How does someone who is not actively looking for it get CP? It's not like you could "stumble upon" it while browsing...

      • I know you are joking, but you are only half-joking.

        Seriously, is /. a high school male locker room where everybody is obligated to use profanities, or abbreviations of them?

    • You think that the dude hit Google to find what he considerred good child porn. I have no clue what that would be since I consider it all to be bad. Also, CP is such a common thing to plant these days. He needs to step up his game.

      Also, did the guy hack it, or just get access to it since it was left without proper security, as I would not consider it "hacking" to access the neighbor's wireless.

      Furthermore, I am one of the people that believe that people should understand the technology they use, or
      • Comment removed based on user account deletion
        • by Capsaicin ( 412918 ) * on Tuesday December 21, 2010 @08:23PM (#34636716)

          Unsecured doesn't imply incompetent - there are people who happily leave a public WiFi connection to the net which is securely isolated from their internal network.

          In fact, if you intend doing anything online which might raise the ire of authorities, "securing" your WiFi is actually quite foolish. What you are effectively doing is removing a reasonable doubt that activity over the connection is your activity.

          • Install TOR on your computer [wordpress.com]. Then you can have all kinds of random illegal traffic going through your net connection and blame (most of) it on strangers.

            Seth
          • In fact, if you intend doing anything online which might raise the ire of authorities, "securing" your WiFi is actually quite foolish. What you are effectively doing is removing a reasonable doubt that activity over the connection is your activity.

            The geek's notions of "reasonable doubt" will most likely land him in the slammer.

            • by Capsaicin ( 412918 ) * on Wednesday December 22, 2010 @12:53AM (#34638382)

              The geek's notions of "reasonable doubt" will most likely land him in the slammer.

              IAAL.

              But do note, I'm not saying that simply leaving your connection unsecured will keep you out of the slammer. I'm saying that securing your connection will give us (lawyers) one less handle to work with.

      • "Good child porn", if not oxymoronic, is probably not hard to find. Once I saw a Wikileaks story on the "secret" blacklist of websites that Norway was firewalling. Somehow the list got out to Wikileaks, and all the URLs were published there as links. I clicked on a random one from the list, thinking "he he he, this wouldn't work if I were in Norway." Except the site was kind of gross so I clicked Back and tried another one. That was gross too... I started to think, hmmm, I can see why these sites pissed off
      • Also, did the guy hack it, or just get access to it since it was left without proper security, as I would not consider it "hacking" to access the neighbor's wireless.

        I wouldn't consider taking a car with the keys left in it "theft", but go figure - the law disagrees ;) Just because it's easy to attach to someone's unsecured network doesn't mean doing so is acceptable -- the wrongdoer is the one making the connection, not the one who fails to make such activity challenging enough to deter the would-be perpetrator.

        • by Belial6 ( 794905 )
          If leaving keys in your car was the local custom for implicitly letting people know that it was ok to use the car, then it would not be stealing. While some people don't expect someone else to connect to their router, leaving a router without a password IS the stand practice for telling people it is ok to use the router. Every router comes with a way to indicate that you don't want someone use it without permission.

          If you want a car theft analogy, you would need to have a society where lots of people,
    • He worked for Medtronic [citypages.com], which is a huge recipient of healthcare funding for unnecessary surgeries for old people. So, in a sense, yes, he was being indirectly paid by the US government as he tried to frame his neighbor as being anti-government-spending. I'd say that qualifies as promoting a product.

    • Death threats against the vice president, breaking into his neighbor's wireless... But no, he didn't stop there. Child porn.

      Read deeper.

      Think before another knee-jerk mod-up:

      It began in August 2008, when Ardolf's new neighbors called Blaine police to report a creepy encounter. Ardolf, they told police, had picked up their 4-year-old son and kissed him. After that, Matt and Bethany Kostolnik said, they intended to just keep their distance from him.


      Unknown to them, he began moving to exact revenge.


      He create

    • From the Summary:

      Another good reason to make sure your wireless is secured!

      Seems like just the opposite to me - a good reason to leave your wireless open. Plausible deniability.

      "Would use of those Yahoo accounts be traceable through forensic analysis of the computer that accessed it?"
      "yes"
      "And was any found on my computer?"
      "no"
      "And were all computers that had access to this wireless router analyzed?"
      "no"

  • by DWMorse ( 1816016 ) on Tuesday December 21, 2010 @08:01PM (#34636558) Homepage
    In all fairness, I live in Minnesota. I can vouch that there's just not much else to do around here in the winter.
  • MAC Address Spoofing (Score:4, Informative)

    by nuckfuts ( 690967 ) on Tuesday December 21, 2010 @08:26PM (#34636760)

    Connecting to a wireless router usually means obtaining IP settings via DHCP. In the process, the MAC address of your network adapter (which is supposed to unique) will be recorded on the router, at least for some period of time. Therefore, if you want to connect without leaving an obvious fingerprint pointing back to your computer, first modify the MAC address that your network card is putting out. On Windows machines, drivers often provide a way to specify your MAC address under the "advanced properties" of the adapter. On my Intel network adapter, for example, the setting is listed as "Locally Administered Address", and is undefined by default.

    You might even spoof a specific make of network adapter by choosing an "Organizationally Unique Identifier" from the OUI Public Listing [ieee.org].

    • That only helps if you're religious about changing it back and removing all traces each time you connect for a brief bit of time. Stay connected for a few months doing something that will get you a visit by police/fbi/cia, etc, and you're no better off if they visit while you're still connected, still using the "spoofed" IP address. If you've got a "spoofed MAC address" file on your desktop and they come looking, I'm pretty sure that if that MAC address matches the ones they have logs of, you're still toast
  • by Anonymous Coward on Tuesday December 21, 2010 @08:29PM (#34636780)

    The neighbors suspected the guy right away. Fortunately, the investigators listened to the [innocent] neighbors and started looking at the real bad guy.

    http://www.startribune.com/local/north/112080854.html?elr=KArks:DCiUHc3E7_V_nDaycUiD3aPc:_Yyc:aUoD3aPc:_2yc:a_ncyD_MDCiU [startribune.com]

    • Good link and that does have lots more on the history prior to the pleading guilty. The article was updated to link to that story for more details.
  • Is that this fool will be sucking some sausage sammich in prison before long. His lawyer may be able to plead out the pedo rap (honestly I just downloaded it from the internet so I could make my neighbor look bad)but I don't think they will ignore this in jail. Sucks to be him but that's what happens when you let your malice get the best of you.
    • I imagine it's too late to try to plead down the child porn charges. He apparently already had his chance, and could have avoided prison entirely, but the guy, for all the claims of being technically-savvy, seems pretty awe-inspiringly dumb. I see no evidence that the prosecutor offered a new plea bargain, though maybe the judge will look somewhat more kindly on this incredibly nasty guy for having spared the court any further trouble. He'll see jail time, and of a significant variety, and will probably

    • by c0lo ( 1497653 )

      Sucks to be him but that's what happens when you let your malice get the best of you.

      Agrravating circumstances... when what's the best of you isn't even remotely good enough.

  • by Sanat ( 702 )

    My neighbor on one side of me has an open WIFI connection (apparently) as the grandson of my other neighbor walks into my backyard to pickup the signal with his iPOD. Last night he was sitting in a plastic chair in the middle of my yard in six inches of snow and freezing cold out so he can acquire a connection and do whatever it is he is downloading/reading for hours at a time.

    I have decided to stay out of the situation as my neighbor has the right to have a non-password protected access point if he desire

  • by Bob9113 ( 14996 ) on Wednesday December 22, 2010 @08:52AM (#34640432) Homepage

    Ardolf faces a potential maximum penalty of 20 years in prison on the distribution of child pornography charge, ten years on the possession of child pornography charge, five years on both the unauthorized access to a computer and the threats to the Vice President charges, and a mandatory two-year minimum prison sentence on each count of aggravated identity theft.

    Ardolf, they told police, had picked up their 4-year-old son and kissed him.

    So let me see if I get this straight. The max penalty for child porn possession is 10 years, and picking up a 4 year old and kissing him (presumably without the parent's consent) isn't even in the charges? Given that child porn has been extended to include images of adults who are portrayed as children and that he had inappropriate contact with a real child, that seems out of whack to me. Distribution of child porn is easier for me to understand being in the same ball park as inappropriate contact, but possession? And not even including inappropriate contact in the charges?

    Maybe there is a good reason in this specific case that the articles don't cover, but this seems like a solid red flag to analyze the laws and make sure they are coded properly. This sounds like a pretty serious bug to me.

  • by AntariMysteec ( 1964036 ) on Thursday December 23, 2010 @08:44AM (#34651064)
    I just got forwarded this link by an associate of mine. I was surprised to find out this made slashdot... I was the "private investigator" that was hired to originally absolve the neighbor from sending the original emails which included the child porn to the lawfirm's partners. After seeing the pattern I thought I had a good chance to catch the hacker and the firm retained my services to go after him. The reasoning was that if we were to lock things down (remove the wireless and hardwire) that the person trying to get at the neighbor would find other avenues to get at him. We had a very reasonable honey pot that could produce honey sitting in front of us. I'm independent not working for any one other than my own company/myself or subcontracted for numerous firms around. I used a combination of wireshark and a few self custom written utilities to go after this guy. And no, these utilities are mine and are not for sale; sorry. I'm an engineer/analyst, security specialist, and developer with about 24 years of paid professional experience which really helps when you need to understand something then write a utility to provide it. His wireless was installed by qwest and used WEP as the base configuration (GASP). Whether or not this encryption should have been used or not, the sheer nature that there was some form of encryption did matter in the end. It is easy to hack WEP (and not too hard for WPA/WPA2 either...) but it is illegal to do so. This is one of the six charges he was charged with. From what I understand, if there was no encryption then it would have been a completely different case... It took months of watching the traffic, sifting through gigabytes of PCAP logs, to find what I was looking for. Once I found the smoking gun it was provided back to the FBI that validated what I found then issued a search warrant to go after the guy. The fact was that a MAC address was impossible to use so the firewall log only showed that rogue connections were being made. A single IP address was also impossible to use since that IP address was being assigned by the neighbor's DHCP server (dsl router). The FBI and Secret Service was not involved with the initial technical search nor could they be due to federal laws. Barry was a "certified ethical hacker" (CEH) which means that he knew the process and has been trained to run the proper utilities to hack. Not that this is mandatory, any kiddie can search on youtube to find out how to do this and just how easy it is. But he at least understood the concept of IP addressing. It turns out that he understood MAC addresses as well since he was changing his computer's NIC's MAC address on a regular basis. I don't know exactly what was found on Barry's computers once the FBI took over or how much (if any) additional child porn was pulled. I do know he found the previous neighbors (from another city) SSNs, their tax returns, and also copies of the current threatening letters on his computers. The other neighbor's around Barry's house were also broken into which made the argument of using a YAGI antennae an almost impossible feat due to the physical locations of the houses. All I know is that this guy had some serious issues and became "bitter" at the world that seemed to have started when his wife suddenly died about 10 years ago. There was a LOT to this case and it wasn't a simple slam dunk. We had a mountain of evidence that was racked up over a period of time. Each piece was necessary to prove/disprove methods and ownership. The worst part was getting the information in a form that the jury would understand. I firmly believe that our federal prosecutor had a good understanding (and took the time to understand) the technology behind it and created a very easily understood case without losing the intrigrity of the technology. Point is, no matter how good you think you are; there is always someone better (and the same goes for me as well). Stay white; its just not worth it.... This guy is looking at a possible 44 years in fed. Barry was offered a plea of 2 y

Genius is ten percent inspiration and fifty percent capital gains.

Working...