Revenge is a powerful motivator for hacking. Take, for example, the case of Barry Ardolf of Minnesota. Trouble started when Mr. Ardolf was accused by a neighbor of kissing their 4-year boy on the lips. When the parents confronted Mr. Ardolf, he confessed that the accusation was true. Naturally, the parents of the 4-year old contacted the police. This made Mr. Ardolf angry and he decided to seek revenge.
As part of his revenge, court documents indicate that Mr. Ardolf used aircrack, a freely available wireless security tool, to discover the Wired Enhanced Privacy (WEP ) password for his neighbor’s network. With the neighbor’s WEP password, Mr. Ardolf could use his own computer to connect to the neighbor’s wireless network. Once connected to the wireless network, Mr. Ardolf would be able to access the Internet using the neighbor’s IP address. Thus, any activity performed by Mr. Ardolf on the Internet would be tracked back to his neighbor’s residence. This provided the opportunity for Mr. Ardolf to take revenge by taking actions that would appear to be done by his neighbor.
Meanwhile, the “hacked” neighbor had been getting reports that coworkers were receiving bizarre email messages that could not be explained. The neighbor had taken the step of bringing in a security consultant to monitor activity on his network. During the time that the monitor was active, the Secret Service investigated an email threat that was found to have been sent from Mr. Ardolf through the neighbor’s wireless network. Since it was sent from “hacked” network, the IP address of the email message came back to the neighbor, not Mr. Ardolf. This lead the Secret Service to visit the neighbor, who turnover over the information from the monitor. In the monitor logs was Mr. Ardolf’s POP3 username and password, presumably known only to Mr. Ardolf. This piece of incriminating information cause the government to turn its attention toward Mr. Ardolf.
The username and password found in the monitor log gave the government probable cause to obtain a search warrant for Mr. Ardolf’s residence. Examination of his computers revealed that he had sent the threatening email, as well as created false email addresses and MySpace accounts designed to appear to be the neighbor.
Further, evidence was uncovered that Mr. Ardolf had in his possession underage illicit images. He appears to have sent these images from the fake accounts that he created, apparently to “frame” his neighbor.
There are a few lessons that show up from this case. One is that revenge is a powerful and dangerous motivation, one that I covered in my book from a few years ago, High Tech Crimes Revealed. Revenges is a dangerous motivation since the goal is to damage or hurt another.
Another lesson is that security weaknesses can be used to attack home networks as well as business networks. While WEP encryption is better that no encryption, it suffers from security flaws that can be easily exploited using freely available tools.
In this case, the use of improved WiFi Protect Access (WPA) encryption would have made it more difficult for Mr. Ardolf to break into the neighbor’s wireless network.