A Blaine, Minnesota, man has pleaded guilty to charges that he hacked into his neighbor’s Wi-Fi connection to e-mail death threats and child pornography, apparently with the intention of causing trouble for the unsuspecting neighbor.
Barry Vincent Ardolf, 45, pleaded guilty last week to charges of hacking, identity theft, possession of child pornography and making threats to U.S. Vice President Joe Biden. According to prosecutors, he used the Aircrack Wi-Fi cracking software to gain access to his neighbor’s WEP-encrypted network. He then created Yahoo and MySpace accounts in his victim’s name and launched a campaign to embarrass and cause legal troubles for the neighbor.
He used the Yahoo account to mail child pornography to his neighbor’s co-workers, writing “Check it out. New family pic,” in one Feb. 22 e-mail. Several such e-mails were sent to co-workers at the large Minneapolis law firm where the neighbor worked, according to court filings.
Ardolf also posted child pornography to the fake MySpace page. “I bet my co-worker that since I’m a lawyer and a darn great one that I could get away with putting up porn on my site here,” he wrote on the page. “I bet that all I have to do is say there is plausible deniability since anybody could have put this up on my site.”
Ardolf had been upset with the lawyer since 2008, when he filed a police report against Ardolf saying he allegedly “inappropriately touched and kissed the next-door neighbor’s toddler on the mouth,” court records state.
Again using the hacked wireless connection and a fake e-mail address, Ardolf also sent out death threats to Biden, Minnesota Governor Tim Pawlenty and an unnamed Minnesota Senator. “You guys better start watching your back,” he wrote in the May 6 e-mail. “I’m coming for you all. I swear to God I’m going to kill you.”
After the pornographic e-mails were sent, the law firm hired a security consultant, who put a packet-capture device on the lawyer’s network and found evidence that Ardolf was logging in, according to court filings.
Both the WEP (Wired Equivalent Privacy) and older WPA (Wi-Fi Protected Access) systems suffer from known cryptographic weaknesses. By sniffing network traffic, tools such as Aircrack can quickly figure out passwords on WEP networks. They can also break encryption on WPA-PSK networks that use simple passwords. Security experts recommend that home users go with the newer WPA-2 encryption, but this can be tricky, because it isn’t supported on older routers and wireless cards.
In interviews with law enforcement, Ardolf claimed to not know the difference between WEP and WPA. But he owned a copy of Aircrack and had hacking books in his house and an “ethical hacker” bumper sticker on his bathroom mirror, according to investigators.
Ardolf pleaded guilty on Friday — two days into his trial — in U.S. District Court for the District of Minnesota. He faces 40 years in prison on the charges. A sentencing date has not been set. Ardolf’s lawyer could not immediately be reached for comment.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com