Hacking – The Dangers of Facebook, WiFis and Passwords

Found this article on the web today. I want to share it with all facebook users.

George Bronk, 23, was arrested in late October after police found evidence that he’d hacked into more than 3,200 e-mail accounts. He used the same technique that Sarah Palin hacker David Kernell used to break into the former U.S. vice presidential candidate’s Yahoo account: He scoured his victims’ Facebook accounts for answers to the security questions used by Web-based e-mail services such as Gmail and Yahoo Mail.

Then, posing as his victim, he would claim to have forgotten the account’s password and try to answer the security questions that would let him back in. Often, the security questions are easy to guess. The questions Bronk faced asked him things like, “What is your high school mascot?” and “What is your father’s middle name?”

Once in, he would change the account password — locking out his victim — and search for any racy photographs. If he found any, he posted them to the victim’s Facebook profile.

Of the 3,200 accounts he broke into, Bronk found nude or semi-nude photos in 172 of them, prosecutors said.

In one case he persuaded a victim to send him even more explicit photographs by threatening to post the ones he’d stolen if she didn’t.

Bronk faces six years in prison on felony hacking, child pornography and identity theft charges. He entered his plea Thursday in Sacramento Superior Court.

“This case highlights the fact that anyone with an email account is vulnerable to identity theft,”California Attorney General Kamala Harris said in a statement.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address isrobert_mcmillan@idg.com

Man Used Neighbor’s Wi-Fi to Threaten Vice President Biden

By Robert McMillanIDG News

A Blaine, Minnesota, man has pleaded guilty to charges that he hacked into his neighbor’s Wi-Fi connection to e-mail death threats and child pornography, apparently with the intention of causing trouble for the unsuspecting neighbor.

arry Vincent Ardolf, 45, pleaded guilty last week to charges of hacking, identity theft, possession of child pornography and making threats to U.S. Vice President Joe Biden. According to prosecutors, he used the Aircrack Wi-Fi cracking software to gain access to his neighbor’s WEP-encrypted network. He then created Yahoo and MySpace accounts in his victim’s name and launched a campaign to embarrass and cause legal troubles for the neighbor.

He used the Yahoo account to mail child pornography to his neighbor’s co-workers, writing “Check it out. New family pic,” in one Feb. 22 e-mail. Several such e-mails were sent to co-workers at the large Minneapolis law firm where the neighbor worked, according to court filings.

Ardolf also posted child pornography to the fake MySpace page. “I bet my co-worker that since I’m a lawyer and a darn great one that I could get away with putting up porn on my site here,” he wrote on the page. “I bet that all I have to do is say there is plausible deniability since anybody could have put this up on my site.”

Ardolf had been upset with the lawyer since 2008, when he filed a police report against Ardolf saying he allegedly “inappropriately touched and kissed the next-door neighbor’s toddler on the mouth,” court records state.

Again using the hacked wireless connection and a fake e-mail address, Ardolf also sent out death threats to Biden, Minnesota Governor Tim Pawlenty and an unnamed Minnesota Senator. “You guys better start watching your back,” he wrote in the May 6 e-mail. “I’m coming for you all. I swear to God I’m going to kill you.”

After the pornographic e-mails were sent, the law firm hired a security consultant, who put a packet-capture device on the lawyer’s network and found evidence that Ardolf was logging in, according to court filings.

Both the WEP (Wired Equivalent Privacy) and older WPA (Wi-Fi Protected Access) systems suffer from known cryptographic weaknesses. By sniffing network traffic, tools such as Aircrack can quickly figure out passwords on WEP networks. They can also break encryption on WPA-PSK networks that use simple passwords. Security experts recommend that home users go with the newer WPA-2 encryption, but this can be tricky, because it isn’t supported on older routers and wireless cards.

In interviews with law enforcement, Ardolf claimed to not know the difference between WEP and WPA. But he owned a copy of Aircrack and had hacking books in his house and an “ethical hacker” bumper sticker on his bathroom mirror, according to investigators.

Ardolf pleaded guilty on Friday — two days into his trial — in U.S. District Court for the District of Minnesota. He faces 40 years in prison on the charges. A sentencing date has not been set. Ardolf’s lawyer could not immediately be reached for comment.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address isrobert_mcmillan@idg.com

Palin E-Mail Hacker Imprisoned Against Judge’s Recommendation

By Sarah Jacobsson PurewalPCWorld Jan 14, 2011 4:57 AM

The former college student who was found guilty of hacking Sarah Palin’s personal e-mail account began his one-year sentence in a Kentucky prison January 10, despite the judge’s recommendation that he serve the time in a halfway house.

Twenty-three year old David Kernell, a former University of Tennessee student and the son of a senior Democrat politician in Tennessee, wasconvicted last May of felony destruction of records to hamper a federal investigation and of a misdemeanor charge for unlawfully accessing a protected computer. (Kernell was originally charged with four crimes, but was acquitted on a charge of federal wire fraud, and the jury on the case was unable to reach a decision on a charge of identity theft.)

Kernell, who goes by the internet handle of “rubico,” was sentenced last November to a year and a day in prison, though the judge on the case recommended that he serve his time at a halfway house instead of at a federal prison. Judge Thomas Phillips indicated Kernell’s serving time at the halfway house would reflect the case’s “unique circumstances,” according to BBC.

Unfortunately for Kernell, the judge doesn’t get the last word on matters such as this–if the judge recommends incarceration, it’s up to the state and the Bureau of Prisons to determine the nature of said incarceration.

Kernell “hacked” Palin’s Yahoo e-mail account in September 2008, back when Palin was running for Vice President of the United States. I say “hacked” because Kernell’s advanced technique involved guessing the correct answers to Palin’s password reset questions (utilizing the skills of internet research) and, um, changing the password. Kernell then posted the new password to the most respected message board on the internet–4chan.

Within days, the contents of the e-mail account were blasted across the online whistle-blowing website Wikileaks. Within a few more days, the FBI managed to track down and identify the anonymous hacker. Palin has suggested that this hacking incident was the reason she did not make it to the white house.

Kernell’s “advanced” technique alerted many to the dangers of Yahoo Mail’s (and other free, web-based e-mail service’s) “reset your password” feature. Kernell bragged that he was able to do the research necessary to find Palin’s password in just 45 minutes–when she’d met her husband, her birth date, and her home zip code. (Here’s how to protect your passwords so you don’t fall prey to such advanced techniques.)

For better or for worse, Kernell is now in prison–minimum security prison, but prison nonetheless. Perhaps this will serve as a warning to “anonymous” hackers out there who use such advanced methods as internet proxy websites in order to protect their identity.

Comments
2 Responses to “Hacking – The Dangers of Facebook, WiFis and Passwords”
  1. Zeme says:

    Good Bots Programs At low-cost Price : http://www.gamingbackmarket.com

  2. Edwin says:

    Hi, I do think this is a great website. I stumbledupon it ;) I am going to come back once again since i have book-marked it.
    Money and freedom is the greatest way to change, may you be rich and continue to help other
    people.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: