"Depraved" Wi-Fi hacker gets 18 years in prison

A Minnesota man has been sentenced to 18 years in prison after he hacked a neighbor's Wi-Fi router and then launched a vengeful two-year campaign to frame them with child pornography and threats to government officials, including Vice President Joe Biden.

More on Wi-Fi: 2011 tech priorities: How to take your enterprise Wi-Fi network to the next level

Called a "depraved criminal" by prosecutors, Barry Ardolf, a 46-year-old father of two, was sentenced this week, not for Wi-Fi hacking but for the threats, identify theft and child pornography that followed in its wake, all directed against a young couple, Matt and Bethany Kostolnik of Blaine, Minnesota, and their children.

"My husband and I had to explain to our young, innocent children way too early that there are evil people in the world -- and to never go in Barry Ardolf's yard," Bethany Kostelnik told U.S. District Judge Donovan Frank, according to the Minneapolis Star-Tribune.

The ordeal began just two days after the Kostolniks moved into their new house, in August 2008. The couple called Blaine police to say that Ardolf had picked up their 4-year-old son and kissed him on the mouth. Ardolf decided to take revenge against them with what prosecutors called a "bizarre and calculated campaign of terror."

Wired's story on the case, by David Kravets, includes a link to the sentencing memo, which gives details of the case.

In early 2009, Ardolf began a systematic and eventually successful effort to crack the admittedly weak WEP security of the Kostolnik's Wi-Fi router. According to prosecutors, he spent nearly two weeks researching it, downloading tools like Aircrack, and running the attack. But once he succeeded, he had full access to the family's computers, data and both personal and work-related email accounts.

Among other things, Kravets reports that Ardolf emailed child porn to a co-worker of Matt Kostolnik, a lawyer with a local law office, and sent flirtatious emails, from Kostolnik's real email account, to women in the firm.

That triggered an inquiry by Kostolnik's superiors. When he told them he had no idea what was happening, they hired investigators to examine the Kostolniks' computers and network. They concluded that an unknown device had access and with the family's permission installed a packet sniffer to trace the intruder.

In May 2009, Kravets reports, "the Secret Service showed up at Kostolnik's office to ask about several threatening e-mails sent from his Yahoo account, and traced to his IP address, that were addressed to Biden and other politicians.: Part of the message to Biden read: "I swear to God I'm going to kill you!"

The packet logs finally bore fruit. A forensics computer investigator found the e-mail sessions sending the threats and in the associated packet information discovered Ardolf's name and his Comcast account.

That was enough for search warrant of Ardolf's home in the summer of 2009, which apparently confiscated over a dozen computers and dozens more storage devices. Investigators eventually found a vast amount of damning evidence, "including copies of data swiped from the Kostolniks' computer, and hacking manuals with titles such as "Cracking WEP Using Backtrack: A Beginner's Guide;" "Tutorial: Simple WEP Crack Aircrack-ng" and "Cracking WEP with BackTrack 3 - Step by Step instructions," Wired reports. "They also found handwritten notes laying out Ardolf's revenge plans, and a cache of snail mail that Ardolf had apparently stolen from the Kostolniks' mail box and stashed under his bed."

One of the manuals had Ardolf's handwritten notes; another had the unique ID for the Kostolnik's router.

Investigators and Assistant U.S. Attorney Tim Rank confronted Ardolf with that evidence in the summer of 2010. Ardolf agreed to a plea bargain, to serve two to five years in prison. But he later rejected it, fired his lawyer and hired another to take the case to trial. Two days after that trial started, on Dec. 17, 2010, Ardolf suddenly decided to plead guilty. In May, his motion to withdraw the guilty plea was rejected.

The Star-Tribune reported this week's sentencing: "On Tuesday, the hacker whom Rank called "angry and arrogant" finally appeared to acknowledge his guilt, tearfully apologizing to the Kostolniks and his own family -- before complaining about jail food and the hardness of his bed."

John Cox covers wireless networking and mobile computing for Network World.

Twitter: http://twitter.com/johnwcoxnww

Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed

Read more about anti-malware in Network World's Anti-malware section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Wi-FiNetworkingsecurityWi-Fi Securitymobile securitywirelessWLANs / Wi-Fi

More about Comcast CableYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John Cox

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts