WEP cracker gets 18 years for campaign of malice

A man who broke into his neighbour's wireless network in order to conduct a campaign of harassment has been jailed for 18 years, in a six-and-a-half hour conclusion to a trial which has been ongoing since June 2010.

Barry Ardolf, a self-described 'ethical hacker', was reported by police by his neighbours Matt and Bethany Kostolnik after a bizarre incident involving their young son. Ardolf had reportedly found the Kostlnik's son wandering around his garden, and returned him to the couple. What would apparently have been a sensible act scared the pair when Ardolf concluded the incident by planting what the couple claimed was 'a wet kiss' on their son's lips.

Concerned by Ardolf's actions, the Kostolnik's reported him to the police. This, it is thought, triggered Ardolf's 707-day campaign of harassment against the couple.

The technician used a cracking tool to break the poor-quality WEP (Wired Equivalent Privacy, an outdated and insecure encryption method now replaced by WPA) security used to keep outsiders away from the Kostolnik's wireless network. Once in, Ardolf began his attempts to frame Kostolnik for a variety of crimes.

To begin with, Ardolf opened free webmail accounts in Kostolnik's name - using his IP address for added veracity - and used them to distribute child pornography to Kostolnik's colleagues. When this didn't result in Kostolnik's arrest, Ardolf upped the game by sending death threats to Joe Biden, the vice president.

That was enough to get Kostolnik a visit from the Secret Service, but it also prompted an investigation which revealed Ardolf's intrusion into the wireless network. Although he accepted a deal in return for a guilty plea in June 2010, he later changed his mind and decided to fight the charges.

A few days into the trial, Ardolf changed his plea to guilty, then waited until his planned sentencing in March to ask for the plea to be withdrawn and the trial restarted. Thankfully for the Kostolniks, the judge rejected the argument and sentenced the man to 18 years in a Federal prison, a $10,000 fine, and an entry on the Sex Offenders' Register.

According to coverage of the trial by the Pioneer Press, Judge Donovan Frank told Ardolf that he didn't fully understand what could have driven him to such a concerted campaign of malice. "I will probably never know whether it was an obsession or compulsion that blinded you to destroy two families," he proclaimed, before handing down the punishment.

The 18-year sentence is higher than the term of 15 years and 8 months set out by the points-based guideline system, but the judge told Ardolf that "anything any less than that would not serve the purposes of justice."

While Ardolf's actions are extreme - and, thankfully, extremely rare - the case helps to highlight the ease with which WEP security can be broken, and should come as a warning to any individual or business still using such to protect their network. WPA and its successor WPA-2 are built in to every wireless router on the market today - it's a requirement for certification from the Wi-Fi Alliance - and should be enabled as soon as possible.