September 24, 2008
The Sarah Palin Email Hack: or Why politicians need to stay away from computers. (UPDATED)
You must have heard about it over the weekend: An “Anonymous” hacker (now known, or suspected to be University of Tennessee student David Kernell, son of representative Mike Kernell, D-TN) gained access to Palin’s Yahoo! email account and posted screencaps of her inbox, emails, etc. to 4chan. Those pics have since been removed, and Palin’s Yahoo email has been deleted, but you can still get a lookee at the booty on Gawker or download a zip from WikiLeaks. Even now, there are still events unfolding around the hack, along with some “collateral damage.”
How the hack went down. Whether one can call this an actual “hack” may be questioned. In actuality, the “hack” was not much more than gaming Yahoo’s password recovery:
after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)
the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits [sic] that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs.
I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…
That’s it. No buffer overflows, no stealth virus bombardment, no password cracking, not even any social engineering. Just some basic Google research to find answers that only Palin herself should know.
Was it worth the effort? After looking at what was posted, there’s really nothing earth-shattering to behold; It’s just basic family-and-business yakking. Hardly worth the effort, right? Obviously, idle chatter was not what the hacker was looking for. He must have been looking for some dirt regarding Palin’s Troopergate scandal, only to leave with the screenshots to prove he was there.
The FBI was able to trace the hack through a proxy that was used, and got a search warrant (yes, the FBI actually bothered to get a warrant!) to search Kernell’s apartment. Today (September 23, 2008), a grand jury convened to examine the evidence, but no indictment was made as yet. There may be future sessions to hear more evidence if it becomes available.
Collateral Damage. Fox News windbag William “ORLY?” O’Rilley mouthed off about the screenshot postings, referring to the act as “trafficking in stolen merchandise” and “despicable, slimy, scummy.”
His website was hacked shortly afterwords and posted to WikiLeaks. Memo to all NeoCons: DO NOT DIS HACKERS. THEY WILL PWN ALL YOUR ASS.
Big Brother Goes Both Ways. (Not like that!) Anthony Taurus perhaps put it best in his blog, The United States of Anthony, on why hackers are more important today than ever before:
We live in a true Matrix and we’ve got to be able to fight back digitally. We, the people, need hackers as the government has hackers and as corporations have hackers that can be, will be, and have been used against us. This hacking lets me know that not even government officials are safe from the system they’ve developed. There is always someone out there watching and listening. And, those kinds of individuals exist on both teams.
There’s also a comment posted by “Anonymous” (no relation to the Palin hacker, maybe) that points out the difference between real hackers and the Palin hacker.
As always, stay tuned as more (leaked) data becomes available…
UPDATE 08-Oct-08: Wired reports that David Kernell has turned himself in after being officially indicted for the access. He was released without bond and is waiting trial set for December 16.
Meanwhile, Palin is said to have another email system setup outside official channels. The system was setup for her run for Alaska’s governor, but has been shut down since the Yahoo account breach. It is believed the system may have been used like the Yahoo account was; To bypass official channels and possibly hide evidence of ethics violations.