Hacking Neighbor Pleads Guilty On Death Threats and Porn

wiredmikey writes "Another good reason to make sure your wireless is secured! 'Barry Vincent Ardolf of Blaine, Minnesota pleaded guilty to hacking into his neighbor's wireless Internet system and posing as the neighbor to make threats to kill the Vice President of the United States. Just two days into his federal trial in St. Paul, Ardolf stopped the trial to plead guilty. According to the US Department of Justice, in his plea agreement, Ardolf, 45 years-old, was indicted on June 23, 2010, admitted that in February of 2009, he hacked into his neighbor's wireless Internet connection and created multiple Yahoo.com email accounts in his neighbor's name." Ardolf's guilty plea included child porn possession, as well as the death threats.

My neighbor's IP

[asher09]

First post! ...(from my neighbor's IP address; so mod him down, not me)

Re:My neighbor's IP

[Eudial]

Stupid Flanders!

Re:

[Co0Ps]

Diddly-doodily-death threats!

Re:My neighbor's IP

[MachDelta]

He sent threats and child porn (etc) to his neighbours co-workers. His neighbours hired an "investigator" who then discovered buddy was jacking their wireless.

Basically someone looked at their router logs.

Re:

[deek]

He might have gotten away with it too, if instead he used the connection to download and share heaps of music, and then sent an anonymous tip to the RIAA. That would have put his neighbour in court quick smart. From what I've heard, lack of evidence means little to the RIAA.

What's not to like?

[seebs]

Death threats against the vice president, breaking into his neighbor's wireless... But no, he didn't stop there. Child porn.

I wonder if some company that has a wireless security technology hired this guy to make their product look necessary.

Re:

[gnarfel]

+1 Ethically Questionable Business Tactic

Re:What's not to like?

[andolyne]

when you read TFA, it actually just sounds like he was screwing around and the child porn was more like "this'll get the dude in trouble" rather than "I have a private collection because i'm a pedo".

Either way, the dude was really stupid and deserves to get jail time for it.

edit: changed the word "article" to TFA cause that's the way it's done here ;)

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:What's not to like?

[Barny]

Browser history, cache, etc.

They would have gotten the guy who owns the net connections PC and gone to town, found it clean of any corroborating evidence and then gone looking for neighbours who might have been using it (since it would have been a regular thing over time). Cross reference which neighbours don't have their own net connections with a motive (who had a grudge against him).

Easier to narrow down the field of who would do it by motive, of course once it was established it was a frame up.

Re:

[cob666]

The could have just checked the DHCP log in the wireless router.

Re:

[Barny]

Fact is they wouldn't bother, they are supporting evidence at best.

What they wanted was the logs and files (deleted or not) from the bad guys computer, that is hard evidence that he did it and would take a lot of work from a defence lawyer to avoid.

Re:

[Barny]

It would have.

Police still don't think technically, they stick to police work and leave the dissecting of evidence to professionals. They would have thought, "The crime was done via computer, so lets get a warrant to search for and seize his computer stuff" then they get someone else to go through that, to find the evidence that ties the person to the crime. Finding none they would have gone searching for a motive.

The problems arise when technology forms the core of the case, rather than just being evidence

Re:

[tehcyder]

And maybe the FBI did some "research" (like, why would someone who can spell and pass a Bar exam sign his name to death threats?).

Passing a Bar exam shows you're good at studying law, not that you're a well-adjusted human being.

Re:What's not to like?

[icebike]

The article is rather sparse on details, but what interests me is that Ardolf didn't succeed in his "this'll get the dude in trouble" plan; what led the police to believe that the access point had been 'hacked'? What security was used, for that matter? Were there logs?

Chances are it was wide open, no security. The guy does not sound bright enough to have even hacked WEP, let alone anything stronger.

With that fact in hand, and finding no evidence that the neighbor had any knowledge or ill intent, your circle of suspects is limited to what you can measure with a standard hard ware store carpenters tape measure.

Re:What's not to like?

[Anonymous Coward]

This guy has a history of problems with neighbors. This isnt his first run in with the law
See: http://www.startribune.com/local/99435264.html
and
http://www.startribune.com/local/north/96012389.html

Re:

[tehcyder]

He is, it's called Crime. Contrary to popular belief, most criminals do get caught.

That is a meaningless statement, as nobody knows how many unreported crimes there are, nor how many criminals have never registered on the authorities radar.

Re:

[witherstaff]

With that fact in hand

This last week stealing wifi [michiananewschannel.com] was front page news.

This past week Officer Keith Kirk, during the middle of the day caught and arrested a subject standing in an alley behind a local business, with residential housing on the other side of the alley, holding his laptop in one hand and self-gratifying himself in public. The person had connected his computer to the internet through the connection that the local business he was standing next to offers to their customers. This subject has been charged with multiple felony charges and his computer has been seized

Re:What's not to like?

[Hatta]

The guilty plea certainly makes it seem like this is a case where computer fraud was handled correctly by the system

Don't be so quick. Many innocent people plead guilty because they've been poorly advised by a public defender. A plea of guilty doesn't mean the person was guilty. It means that a deal was offered and the suspect had no faith in his defense at trial.

The case went to trial - and he folded.

[westlake]

Don't be so quick. Many innocent people plead guilty because they've been poorly advised by a public defender. A plea of guilty doesn't mean the person was guilty. It means that a deal was offered and the suspect had no faith in his defense at trial.

Where does it say he had a public defender?

He'd refused a more favorable plea deal last summer, insisting on fighting the government's case against him. But after two days of trial -- including Thursday's testimony from expert witnesses who showed the elaborate means Ardolf used to harass and smear neighbors who'd once called the police on him -- he stopped denying what he had done.
"The reality of it became apparent to him that this was going to happen and he didn't want to perpetuate his own distress or the pain for the victims," Ardolf's lawyer, Seamus Mahoney, said Friday. Vengeful neighbor in Blaine pleads to Biden threat, hacking [startribune.com]

Seamus Mahoney [seamusmahoney.com] is a criminal defense attorney with a state-wide practice in Minnnesota.

Re:

[rtb61]

If you look at this story in depth there is a real warning of how badly it might have gone, a more in depth article http://www.startribune.com/local/north/112080854.html?elr=KArks:DCiUHc3E7_V_nDaycUiD3aPc:_Yyc:aUoD3aPc:_2yc:a_ncyD_MDCiU [startribune.com] really indicates it was only a matter of timing.

If the actual perpetrator of the crime had stopped a little sooner, after his neighbours had been accused and prior to their lawyers assisting them with a private investigator (note the police had already defined their guilt

Re:What's not to like?

[nbauman]

Minneapolis Star Tribune http://www.startribune.com/ [startribune.com] had several stories, which you can find by searching for "Ardolf". Good stories, although not too technical.

The victim, Matt Kostolnik, worked in a law firm, and Ardolf sent messages to the firm. The law firm hired an investigator to figure out what was going on. The investigator tracked Kostolnik's wireless traffic, and fingered Ardolf. Then they sent the cops with a search warrant to Ardolf's house, which produced even more incriminating evidence.

Ardolf turned down a plea bargain on the identity theft charges alone, so they added the child porn charges and went to trial. When he saw the evidence against him, he gave up and pled guilty.

I can remember a handful of cases like this where the victim got out of it because they managed to catch the real criminal. (Wasn't there one recently in England?) I wonder how many cases there were where the innocent victim got convicted.

Re:

[blueg3]

In criminal matters, law enforcement knows full well that an IP address is not a unique identifier. There are countless cases where a computer is shared among multiple people or an access point is "borrowed" to obtain illicit material. You can't really get a conviction with just evidence that illicit material was sent to a particular IP address; the defendant's lawyers will have a field day with that. You need real corroborating evidence, like files on the guy's computer.

Re:

[Hognoxious]

Cops are concerned with getting raises, promotions, names in the papers. They are typically not concerned with justice. If its an open and shut case, they will happily send innocent men to jail.

Mmmm, the cops don't make that decision. It's done by juries - usually composed of twelve people who are not cops.

Re:

[tehcyder]

If its an open and shut case, they will happily send innocent men to jail.

If they're framing an innocent person, it obviously wasn't an open and shut case then, was it?

Re:

[icebike]

Oh, come on. The fool sent threats via email.

Monitoring?

Next you are going to blame google for turning him in.

Re:

[Kilrah_il]

So you admit it was Google? I knew it! They probably also killed Kennedy.

Re:

[Kilrah_il]

Unfortunately in the US's legal system many innocent people are forced to plead guilty by threats of excess punishment.

Citation please?

Re:

[Kilrah_il]

You are correct. If someone during a police investigation pleaded guilty and then later retracted the plea, what do you think he would say? I'm sure it wouldn't be "Well, the police were very nice and all, and I did plea, but now that I think of it, I'll change my mind".
Of course he will say he was pressured. And in a way he is correct: Part of the job of a police investigator is to pressure the suspect into pleading guilty. They usually do it to people who they think actually did do the crime.
Now, I am not

Re:

[tehcyder]

The guilty plea certainly makes it seem like this is a case where computer fraud was handled correctly by the system

Unfortunately in the US's legal system many innocent people are forced to plead guilty by threats of excess punishment. When you don't have evidence to prove your innocence pleading guilty is sometimes the wise choice.

You don't need evidence to prove you're innocent. You'd only plead guilty if the prosecution had strong evidence of your guilt, plus you were actualy guilty.

Re:

[Idbar]

I recently moved to a new apartment, my connection wasn't that great and I was having problems with my router. I used WEP to make it "light" to the router to deal with security and due to some backward compatibility I needed for some devices at home.

When I thought my router was having problems, I bought a new one, only to realize through logs that my lovely neighbor broke into my network and was torrenting and stressing my router, my connection and most likely downloading illegal stuff.

Now, my router

Re:

[camperdave]

Manually assigned IP addresses and manual routing would put a big dent in this sort of thing.

Re:

[cob666]

Or you could only allow certain MAC addresses to connect.

Re:

[Architect_sasyr]

Since when has MAC filtering been more than a minute annoyance to an attacker. Or lack of DHCP/ Routing.

Strong passwords, WPA2-CCMP and a good watch on your logs is the only thing that's going to keep you safe (at this point in time) if you are home user.

Re:

[Mordok-DestroyerOfWo]

MAC filtering will stop a kiddie for all of 3 seconds. WEP for 45 seconds. WPA (with a PSK) with a short password ( 8 characters) for a few minutes or hours based on complexity and/or computing power. The best thing you can do is to use WPA2 with a long random password full of special characters. Even then you're open to a bruteforce attack. When I'm on wifi, I just assume everything I do is being monitored (lemme adjust my tinfoil hat), if there's anything critical that I need to do, I do it plugged

Re:

[FutureDomain]

what can a normal user do against these smart asses?

Here's an idea. Get a Linux based router (I have a Linksys with DD-WRT) and use it to muck with any connections coming from his MAC address. You could block all his Bittorrent connections and redirect his HTTP connections somewhere else (such as a rickroll or goatse). Do this long enough to annoy the heck out of him and then block him completely using a higher grade encryption (such as WPA2) and/or MAC filtering.

Re:

[ProfanityHead]

what can a normal user do against these smart asses?

Here's an idea. Get a Linux based router (I have a Linksys with DD-WRT) and use it to muck with any connections coming from his MAC address. You could block all his Bittorrent connections and redirect his HTTP connections somewhere else (such as a rickroll or goatse). Do this long enough to annoy the heck out of him and then block him completely using a higher grade encryption (such as WPA2) and/or MAC filtering.

MAC filtering? SERIOUSLY?

That is just so wrong.

Re:

[Cwix]

If he doesnt have a large number of devices, AND he doesnt add new devices with any frequency, then adding a few address to a MAC list isnt a bad idea. Unless the neighbor knows what mac to spoof, he wont get on.

It by no means is a great or even good security practice, but in certain situations, it isnt that horrible.

Re:

[apparently]

If he doesnt have a large number of devices, AND he doesnt add new devices with any frequency, then adding a few address to a MAC list isnt a bad idea.

The problem is that the scenario involves a neighbor who has gone through the effort of breaking WEP; anyone using the tools to break WEP already has the tools available to see the MAC addresses of whitelisted clients, and thus can just spoof a valid MAC address.

Re:

[Cwix]

While you are correct that it isn't failsafe, doesn't negate the fact that good security is layered. Any roadblock you can put up, that doesn't cause you too many problems, is a good roadblock.

Will it stop the attacker? Maybe, Maybe not. It really depends how much the attacker actually knows, and how much hes relying on uB3r l33T WEP crack scripts.

Re:

[nogginthenog]

Unless the neighbor knows what mac to spoof, he wont get on.
You know that your wireless devices are broadcasting their MAC addresses right?

Re:

[igreaterthanu]

If BitTorrent never works then it is obvious that it is blocked. If you slow it down to something ridiculously measly, such as a few kb/s, and eventually disconnect at random intervals, it is much more annoying for the neighbor and hence funnier that way.

Same goes for HTTP redirects. Make them only happen every 50 pages or something. If you have a fair bit of time on your hands then injecting fake news articles onto their favorite news site could be interesting.

Re:

[Myopic]

I'm revoking your nerd merit badge for explaining all of that instead of linking to the obligatory XKCD [xkcd.com].

Re:

[igreaterthanu]

Yeah well I'm going to revoke your nerd merit badge revoking privileges and replace you with a very simple shell script.

On second thoughts, someone could just write a browser add-on to prevent people such as me making such terrible mistakes in future.

Re:

[Jardine]

If BitTorrent never works then it is obvious that it is blocked. If you slow it down to something ridiculously measly, such as a few kb/s, and eventually disconnect at random intervals, it is much more annoying for the neighbor and hence funnier that way.

My ISP provides that service already. Thanks Bell Canada!

Re:What's not to like?

[icebike]

Luckily, I tracked this down and secure further the network, but without proper tools, what can a normal user do against these smart asses?

Read Slash Dot occasionally and notice that WEP is insecure.
http://lmgtfy.com/?q=WEP+insecure+site%3Aslashdot.org [lmgtfy.com]

Move away from WEP (its been known for 5 years to be easily hacked).

WPA2 is where you want to be.
I had a laptop with a mini-pci network adapter built in that was old enough that it didn't support anything but WEP. 8 bucks got me a replacement card from Amazon, which did WPA2.

Computers are easy to upgrade. Some stuff is harder.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Idbar]

I certainly read quite often about that. I had an old windows smartphone with no WPA support (I recently changed my phone so I was able to upgrade my security).

My point is, does that mean that if I get to crack the WPA security of my neighbors, I should just do whatever I want on their network, including illegal attacks and downloading illegal content, and well "Bad luck I manage to crack your security and screwup your life"?

Re:

[icebike]

WPA2 with AES usually has an AES encryption engine built into hardware. Its so much faster that way.

I'm not absolutely positive that there are no software drivers to do the encrypting, but every reference I've seen says its done in hardware.

Nobody writes drivers for those older cards.

For 8-15 bucks you can swap those wifi cards out [amazon.com] of most lap tops. They are simple drop in replacements in most cases. Drivers freely found on the web.

Even 802.11N cards can be had for about $25.

Re:

[Idbar]

That's exactly my point. You think you're the smartest guy because you're stealing your neighbor's BW? You can be as smart as you want, but if you pick my lock, and try to get into my place when I'm in, in my defense I can shoot your head with my gun.

Then again, I check my network and see something abusive. I don't care if a person uses my network (I used to leave it open - as a grad student you realize that some people just don't have the money to pay for a freaking network connection). What I don't like

Re:

[Anonymous Coward]

MAC filtering is a waste of time. MAC addresses can easily be changed to match one of your exciting addresses. And you're already broadcasting your existing devices. Guess what one of the first things attack tools do when they're having trouble getting a response from the AP?

Re:

[gnasher719]

MAC filtering is a waste of time. MAC addresses can easily be changed to match one of your exciting addresses. And you're already broadcasting your existing devices. Guess what one of the first things attack tools do when they're having trouble getting a response from the AP?

Changing the MAC address of a device means you give up any excuse that you got onto someone's WiFi connection by accident. So when I call the cops, you are in serious trouble. The good thing about WiFi hacking is that you have to be nearby. Which means I'll find you. And I'm not mad enough to knock on your door myself.

Re:

[SuricouRaven]

Not quite a waste of time. It'll slow attackers down by perhaps five minutes.

Re:

[Pseudonym Authority]

He was originally pissed at his neighbors for calling the cops on him when he got caught kissing their son. I wouldn't be so sure of his motives.
Also, you should have wrote RTFA rather than just TFA.

Re:

[Opportunist]

What I wonder: How does someone who is not actively looking for it get CP? It's not like you could "stumble upon" it while browsing...

changed the word

[mapkinase]

I know you are joking, but you are only half-joking.

Seriously, is /. a high school male locker room where everybody is obligated to use profanities, or abbreviations of them?

Re:

[Stregano]

You think that the dude hit Google to find what he considerred good child porn. I have no clue what that would be since I consider it all to be bad. Also, CP is such a common thing to plant these days. He needs to step up his game.

Also, did the guy hack it, or just get access to it since it was left without proper security, as I would not consider it "hacking" to access the neighbor's wireless.

Furthermore, I am one of the people that believe that people should understand the technology they use, or

Re:

[account_deleted]

Comment removed based on user account deletion

Re:What's not to like?

[Capsaicin]

Unsecured doesn't imply incompetent - there are people who happily leave a public WiFi connection to the net which is securely isolated from their internal network.

In fact, if you intend doing anything online which might raise the ire of authorities, "securing" your WiFi is actually quite foolish. What you are effectively doing is removing a reasonable doubt that activity over the connection is your activity.

plausible deniability via TOR

[SethJohnson]

Install TOR on your computer [wordpress.com]. Then you can have all kinds of random illegal traffic going through your net connection and blame (most of) it on strangers.

Seth

Re:

[westlake]

In fact, if you intend doing anything online which might raise the ire of authorities, "securing" your WiFi is actually quite foolish. What you are effectively doing is removing a reasonable doubt that activity over the connection is your activity.

The geek's notions of "reasonable doubt" will most likely land him in the slammer.

Re:What's not to like?

[Capsaicin]

The geek's notions of "reasonable doubt" will most likely land him in the slammer.

IAAL.

But do note, I'm not saying that simply leaving your connection unsecured will keep you out of the slammer. I'm saying that securing your connection will give us (lawyers) one less handle to work with.

Re:

[MillionthMonkey]

"Good child porn", if not oxymoronic, is probably not hard to find. Once I saw a Wikileaks story on the "secret" blacklist of websites that Norway was firewalling. Somehow the list got out to Wikileaks, and all the URLs were published there as links. I clicked on a random one from the list, thinking "he he he, this wouldn't work if I were in Norway." Except the site was kind of gross so I clicked Back and tried another one. That was gross too... I started to think, hmmm, I can see why these sites pissed off

Re:

[thePowerOfGrayskull]

Also, did the guy hack it, or just get access to it since it was left without proper security, as I would not consider it "hacking" to access the neighbor's wireless.

I wouldn't consider taking a car with the keys left in it "theft", but go figure - the law disagrees ;) Just because it's easy to attach to someone's unsecured network doesn't mean doing so is acceptable -- the wrongdoer is the one making the connection, not the one who fails to make such activity challenging enough to deter the would-be perpetrator.

Re:

[Belial6]

If leaving keys in your car was the local custom for implicitly letting people know that it was ok to use the car, then it would not be stealing. While some people don't expect someone else to connect to their router, leaving a router without a password IS the stand practice for telling people it is ok to use the router. Every router comes with a way to indicate that you don't want someone use it without permission.

If you want a car theft analogy, you would need to have a society where lots of people,

Re:

[benjamindees]

He worked for Medtronic [citypages.com], which is a huge recipient of healthcare funding for unnecessary surgeries for old people. So, in a sense, yes, he was being indirectly paid by the US government as he tried to frame his neighbor as being anti-government-spending. I'd say that qualifies as promoting a product.

Re:

[westlake]

Death threats against the vice president, breaking into his neighbor's wireless... But no, he didn't stop there. Child porn.

Read deeper.

Think before another knee-jerk mod-up:

It began in August 2008, when Ardolf's new neighbors called Blaine police to report a creepy encounter. Ardolf, they told police, had picked up their 4-year-old son and kissed him. After that, Matt and Bethany Kostolnik said, they intended to just keep their distance from him.

Unknown to them, he began moving to exact revenge.

He create

Re:

[Chapter80]

From the Summary:

Another good reason to make sure your wireless is secured!

Seems like just the opposite to me - a good reason to leave your wireless open. Plausible deniability.

"Would use of those Yahoo accounts be traceable through forensic analysis of the computer that accessed it?"
"yes"
"And was any found on my computer?"
"no"
"And were all computers that had access to this wireless router analyzed?"
"no"

Re:

[RsG]

I'm not convinced of that. You're correct if the end user is semi-competent, but incorrect if the end user is an idiot. After all, the security system likely has an "off" switch somewhere (physical or otherwise). A security system cannot "do its job despite the actions of the end user" if the action of the end user is to turn them damn thing off, because they can't figure out how to make it work.

In all fairness...

[DWMorse]

In all fairness, I live in Minnesota. I can vouch that there's just not much else to do around here in the winter.

Re:

[HornWumpus]

Trolling /. was likely not on DWMorse's agenda you nutjob.

MAC Address Spoofing

[nuckfuts]

Connecting to a wireless router usually means obtaining IP settings via DHCP. In the process, the MAC address of your network adapter (which is supposed to unique) will be recorded on the router, at least for some period of time. Therefore, if you want to connect without leaving an obvious fingerprint pointing back to your computer, first modify the MAC address that your network card is putting out. On Windows machines, drivers often provide a way to specify your MAC address under the "advanced properties" of the adapter. On my Intel network adapter, for example, the setting is listed as "Locally Administered Address", and is undefined by default.

You might even spoof a specific make of network adapter by choosing an "Organizationally Unique Identifier" from the OUI Public Listing [ieee.org].

Re:

[apoc.famine]

That only helps if you're religious about changing it back and removing all traces each time you connect for a brief bit of time. Stay connected for a few months doing something that will get you a visit by police/fbi/cia, etc, and you're no better off if they visit while you're still connected, still using the "spoofed" IP address. If you've got a "spoofed MAC address" file on your desktop and they come looking, I'm pretty sure that if that MAC address matches the ones they have logs of, you're still toast

This article has a lot of details...

[Anonymous Coward]

The neighbors suspected the guy right away. Fortunately, the investigators listened to the [innocent] neighbors and started looking at the real bad guy.

http://www.startribune.com/local/north/112080854.html?elr=KArks:DCiUHc3E7_V_nDaycUiD3aPc:_Yyc:aUoD3aPc:_2yc:a_ncyD_MDCiU [startribune.com]

Re:

[wiredmikey]

Good link and that does have lots more on the history prior to the pleading guilty. The article was updated to link to that story for more details.

My guess

[shoehornjob]

Is that this fool will be sucking some sausage sammich in prison before long. His lawyer may be able to plead out the pedo rap (honestly I just downloaded it from the internet so I could make my neighbor look bad)but I don't think they will ignore this in jail. Sucks to be him but that's what happens when you let your malice get the best of you.

Re:

[MightyMartian]

I imagine it's too late to try to plead down the child porn charges. He apparently already had his chance, and could have avoided prison entirely, but the guy, for all the claims of being technically-savvy, seems pretty awe-inspiringly dumb. I see no evidence that the prosecutor offered a new plea bargain, though maybe the judge will look somewhat more kindly on this incredibly nasty guy for having spared the court any further trouble. He'll see jail time, and of a significant variety, and will probably

Re:

[c0lo]

Sucks to be him but that's what happens when you let your malice get the best of you.

Agrravating circumstances... when what's the best of you isn't even remotely good enough.

Neighbor

[Sanat]

My neighbor on one side of me has an open WIFI connection (apparently) as the grandson of my other neighbor walks into my backyard to pickup the signal with his iPOD. Last night he was sitting in a plastic chair in the middle of my yard in six inches of snow and freezing cold out so he can acquire a connection and do whatever it is he is downloading/reading for hours at a time.

I have decided to stay out of the situation as my neighbor has the right to have a non-password protected access point if he desire

Peculiar Skew in Law

[Bob9113]

Ardolf faces a potential maximum penalty of 20 years in prison on the distribution of child pornography charge, ten years on the possession of child pornography charge, five years on both the unauthorized access to a computer and the threats to the Vice President charges, and a mandatory two-year minimum prison sentence on each count of aggravated identity theft.

Ardolf, they told police, had picked up their 4-year-old son and kissed him.

So let me see if I get this straight. The max penalty for child porn possession is 10 years, and picking up a 4 year old and kissing him (presumably without the parent's consent) isn't even in the charges? Given that child porn has been extended to include images of adults who are portrayed as children and that he had inappropriate contact with a real child, that seems out of whack to me. Distribution of child porn is easier for me to understand being in the same ball park as inappropriate contact, but possession? And not even including inappropriate contact in the charges?

Maybe there is a good reason in this specific case that the articles don't cover, but this seems like a solid red flag to analyze the laws and make sure they are coded properly. This sounds like a pretty serious bug to me.

I know; I was there...

[AntariMysteec]

I just got forwarded this link by an associate of mine. I was surprised to find out this made slashdot... I was the "private investigator" that was hired to originally absolve the neighbor from sending the original emails which included the child porn to the lawfirm's partners. After seeing the pattern I thought I had a good chance to catch the hacker and the firm retained my services to go after him. The reasoning was that if we were to lock things down (remove the wireless and hardwire) that the person trying to get at the neighbor would find other avenues to get at him. We had a very reasonable honey pot that could produce honey sitting in front of us. I'm independent not working for any one other than my own company/myself or subcontracted for numerous firms around. I used a combination of wireshark and a few self custom written utilities to go after this guy. And no, these utilities are mine and are not for sale; sorry. I'm an engineer/analyst, security specialist, and developer with about 24 years of paid professional experience which really helps when you need to understand something then write a utility to provide it. His wireless was installed by qwest and used WEP as the base configuration (GASP). Whether or not this encryption should have been used or not, the sheer nature that there was some form of encryption did matter in the end. It is easy to hack WEP (and not too hard for WPA/WPA2 either...) but it is illegal to do so. This is one of the six charges he was charged with. From what I understand, if there was no encryption then it would have been a completely different case... It took months of watching the traffic, sifting through gigabytes of PCAP logs, to find what I was looking for. Once I found the smoking gun it was provided back to the FBI that validated what I found then issued a search warrant to go after the guy. The fact was that a MAC address was impossible to use so the firewall log only showed that rogue connections were being made. A single IP address was also impossible to use since that IP address was being assigned by the neighbor's DHCP server (dsl router). The FBI and Secret Service was not involved with the initial technical search nor could they be due to federal laws. Barry was a "certified ethical hacker" (CEH) which means that he knew the process and has been trained to run the proper utilities to hack. Not that this is mandatory, any kiddie can search on youtube to find out how to do this and just how easy it is. But he at least understood the concept of IP addressing. It turns out that he understood MAC addresses as well since he was changing his computer's NIC's MAC address on a regular basis. I don't know exactly what was found on Barry's computers once the FBI took over or how much (if any) additional child porn was pulled. I do know he found the previous neighbors (from another city) SSNs, their tax returns, and also copies of the current threatening letters on his computers. The other neighbor's around Barry's house were also broken into which made the argument of using a YAGI antennae an almost impossible feat due to the physical locations of the houses. All I know is that this guy had some serious issues and became "bitter" at the world that seemed to have started when his wife suddenly died about 10 years ago. There was a LOT to this case and it wasn't a simple slam dunk. We had a mountain of evidence that was racked up over a period of time. Each piece was necessary to prove/disprove methods and ownership. The worst part was getting the information in a form that the jury would understand. I firmly believe that our federal prosecutor had a good understanding (and took the time to understand) the technology behind it and created a very easily understood case without losing the intrigrity of the technology. Point is, no matter how good you think you are; there is always someone better (and the same goes for me as well). Stay white; its just not worth it.... This guy is looking at a possible 44 years in fed. Barry was offered a plea of 2 y

Re:

[DJ Particle]

Addendum: How much legal headache did his neighbor go through before Ardolf was suspected? The article doesn't say

Re:

[Barny]

Likely all his computer equipment confiscated for evidence, some good ol' police questioning (think how bad you would be treated if the police know you were downloading child porn) and of course his local reputation tainted by association with the case.

Of course once forensics failed to find corroborating evidence on his PC that he did the crimes, they would have immediately gone into 'this is a frame up' mode, and he would have been questioned further in regards to who would have a motive to having him arr

Re:

[afxgrin]

I think it was pretty obvious when he was supposedly sending death threats to the vice-president's office using his full name...

or when his co-workers asked him "uh - why did you write that email to me last night?".

Re:

[MightyMartian]

I'm assuming a bit. He's going to get hauled in for questioning, his computer(s) forensically searched, and in general live under a cloud for at least a few weeks. My assumption is that the search found nothing, so the cops dug a little deeper. All they really need to do is sit there watching the WiFi router's registrations (pretty much every WiFi router I've seen released in the last decade shows DHCP and WiFi registrations), and then watch what the neighbor is up to. Still, the first assumption the co

Re:

[by (1706743)]

Likewise. Did he spoof his MAC address to match his neighbor's? Not doing so would certainly raise suspicions in the AP's log.

Re:

[binaryseraph]

The only thing I can think of is that the neighbor starts finding this suspicious stuff about them online. Calls the cops (or the cops call him) and then start pulling records off the wireless router.. Like you said the MAC address should be recorded. They may have been able to subpoena (or not, thanks patriot act) the local ISP's and start pulling mac addresses from the neighborhood.

lesson learned heh.

Re:

[Opportunist]

Maybe Mr. Bright didn't stop sending out threatening letters after the mark got arrested?

First rule when framing someone: Stop when he's behind bars.

Re:

[icebraining]

Most cheap routers I know have a "DHCP log page" in their administration area, no need to set anything up.
But your theory is valid too.

Re:Derangement

[Hatta]

What I don't get is why so many folks let themselves uniquely be turned into raving lunatics about politics - especially given how important the issues are to them.

Because the law is fucking insane. For instance, we live in a country where it's considered an appropriate and measured response to throw someone in prison, and confiscate their home, for growing a plant that's some people disapprove of. How do you deal with that rationally?

If you have a mission, and that mission is important - you need to focus. Turning explosive (figuratively, or literally when you mix in religion) might seem a good way to get attention on something that is overlooked - but if you pay any attention to how political events turn out, it rarely has a positive net effect.

The problem is, nothing really has a positive effect. It's been a steady slide down towards authoritarian corporatism for all of my 30 years in this country. Every last tiny shred of hope has been crushed out of me. There is no chance for change besides another American Revolution. Unfortunately, I don't see it coming in my lifetime. All I can do is keep my head down and try not to get caught up in the machine. If anything, I'm surprised we haven't seen more people flip out. The situation definitely calls for it.

Re:Politics

[TaoPhoenix]

Politics is Professional Deal Making, where the name of the game is getting your cut of the proceedings. Actual "fairness" is only used lately when it seems like a useful strategy, oherwise Big Money wins 1-0.

People get freaked about poitics because it's fuzzy judgement zone where the best sneak wins.

Re:

[east coast]

His threats against Biden had nothing to do with politics. Had it been McCain in office Palin would have gotten the death threat instead. It seems that he wanted revenge against his neighbors and was sane enough to understand that the local cops were worthless in matters of cyber crime and wanted to insure that semi-competent agents of the law got involved.

Re:

[MightyMartian]

I doubt the guy was concerned about that. Child porn trumps hate crime laws any day of the week.

Re:

[MightyMartian]

Biden (running into the Oval Office): Barry, look, I got mail!

Obama: Joe, I thought I told you to wipe your shoes before you came in the door.

Biden: Sorry, Barry. But look it's mail, and hate mail even! Someone out there cares! They really care!

Obama (picking up the phone): Could I get some Secret Service in here. Someone let the Gimp out of his cage again... Yeah, that's right. Put him in the Cheney Room this time... no need to remove the rack and the car battery.

Re:

[east coast]

He's getting jail time for unauthorized access, he used software to overcome the security of the router. I would agree with the media that it is close enough to hacking. Now had he stumbled on his neighbors' (open) wifi while trying to connect to his own and gotten busted for child porn I would say the term hacking is a bit much.

Re:

[east coast]

Find me a judge who'd consider this content secure and you might have a case. Sucks to be ignorant, doesn't it?

Re:

[east coast]

It wasn't an unsecured access point.

Re:

[Larryish]

I did not say that, and I do not believe that it was implied in my post.

Thank you.

Re:

[Sparx139]

Yeah because using a bunch of prewritten programs and a livecd made by someone else makes you a total 1337 h4x0r, right?

No, it just means that you're not a complete idiot, and you're aware of the basic steps that you should take if you don't want to be tracked down.

Re:

[Opportunist]

Effing kidding? You know who you're dealing with, right?

First, you're dealing with a police that can, with 2 weeks training, find the "on" button on a computer. They see:
1. Hate mail to prez.
2. ISP says it's him.
3. cuff him, seize everything and his dog and have the geeks in the basement of the office sieve it.
4. interrogate him 'til he cracks.

They have no idea what WiFi is and that it can actually be used by someone who isn't you. The computer freaks at the ISP said it's your computer that sent it, so it's