jump to navigation

Sarah Palin’s e-mail hacker refutes ‘hacker’ term November 15, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, cybercrime, Hacking.
Tags: , ,
2 comments

Straight.com, 14 November 2008

David Kernell, the 20-year-old University of Tennessee student who accessed Sarah Palin’s personal e-mail account, insists that what he did should not be considered “hacking”.

According to Wired.com, Kernell’s lawyer has filed a motion that would prevent prosecutors and witnesses from classifying what Kernell’s actions as “hacking” and from calling Kernell a “hacker”.

Apparently, the only thing that Kernell did was correctly guess Palin’s security questions by using Google searches to guide him.

All Kernell needed was Palin’s date of birth, ZIP code, and the knowledge of where she met her husband—information that’s available online for anyone to view.

After resetting Palin’s password to “popcorn”, Kernell posted the Alaskan governor’s e-mail and password on the 4chan forums—a large Internet discussion board that ranges in topics from Japanese culture to video games and sports.

Kernell’s lawyer is arguing that hacking usually involves some sort of advanced computer skills to get past security codes and that guessing a password shouldn’t be counted as such.

Advertisements

Tennessee College Students Indicted In Palin Hacking October 11, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, cybercrime, Hacking.
Tags:
2 comments

eCanada now

Washington (ECN) – 20-year old David Kernell has been indicted for hacking into the e-mail account of Republican vice presidential candidate Sarah Palin.

The U.S. Justice Department announced on Wednesday that the 20-year old has been indicted, and has since turned himself into authorities.

He is now set to appear before a U.S. judge, where he faces a $250,000 fine, as well as 5 years in prison if convicted.

The indictment states that Kernell hacked into the e-mail account of Palin back on September 16th.

He used the password reset feature to gain access to the Yahoo e-mail account.

He then posted some of the contents of the account, along with the password on an online message board.

The information was published on the site 4chan.org, according to the indictment.

The 20-year old is the son of Democratic state legislator Mike Kernell, and went by the online name rubico.

Gov. Palin’s Alleged Hacker Indicted October 8, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, cybercrime, Hacking.
Tags: , ,
add a comment

Washington Post, 8 October 2008

A 20-year-old student at the University of Tennessee has been indicted for breaking into one of the email accounts of Gov. Sarah Palin and then posting screenshots of personal information obtained there to a public Web-site.

David Kernell, the son of a Democratic state lawmaker, was led into a Knoxville federal court wearing handcuffs and shackles on his ankles today and was released without posting bond, according to the Associated Press.

According to the indictment, Kernell broke into the account, gov.palin@yahoo.com, by using Yahoo’s password recovery tool. After researching and correctly answering a series of personal questions from Yahoo, Kernell was allowed to reset the password. He chose ‘popcorn,’ according to the indictment.

The personal information he discovered there included the email addresses of family members, pictures of family members and Gov. Palin’s address book for her Yahoo email account. It was posted on http://www.4CHAN.org.

Learning of an investigation, Kernell “removed, altered, concealed and covered up files on his laptop computer,” the indictment says.

Trial is set for Dec. 16. He faces a maximum of five years in prison, a $250,000 fine and three years of supervised release.

Tennessee: Grand jury doesn’t indict student in Palin e-mail case September 25, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, Hacking.
Tags: , ,
add a comment

Chattanooga Times Free Press 24 September 2008

A federal grand jury in Chattanooga ended its session Tuesday without indicting a University of Tennessee student who authorities believe may have hacked into vice presidential candidate Sarah Palin’s personal e-mail account.

The FBI’s investigation into David Kernell’s activities, however, is ongoing, according to the U.S. Department of Justice.

The U.S. attorney’s office in Knoxville is overseeing the case, but U.S. Attorney Russ Dedrick declined to comment Tuesday on when, or if, another grand jury will resume hearing evidence from the FBI’s investigation.

“Grand juries can pursue investigations for many sessions,” Mr. Dedrick said.

The U.S. attorney’s office in Chattanooga confirmed Monday that the local federal grand jury would be evaluating the case Tuesday. Grand juries are responsible for hearing basic evidence in a case and then deciding whether to indict a suspect for a specific crime.

Grand jury proceedings are not open to the public, and it is not known what evidence the grand jury here might have heard Tuesday in relation to the case against Mr. Kernell.

Three students arrived at the federal courthouse on Georgia Avenue about 8:45 a.m. Tuesday to testify about Mr. Kernell, the son of state Rep. Michael Kernell, D-Memphis. The students did not provide their names and did not answer questions about the case. An attorney with them from Maryville, Tenn., declined comment, as well.

The students were allowed to leave the courthouse through the back door, where members of the public generally are not allowed.

FBI agents from Knoxville exited the front doors of the courthouse about 10 a.m., also declining to comment on any aspect of the case.

A hacker last week broke into one of the Yahoo Inc. e-mail accounts used by Alaska Gov. Palin, the running mate of presidential candidate Sen. John McCain, R-Ariz. The McCain campaign acknowledged the act, calling it illegal and an invasion of her privacy.

The FBI began investigating Mr. Kernell over the weekend, according to the Justice Department. Investigators searched his apartment in Knoxville, but they did not file any criminal charges immediately.

Mr. Kernell, 20, is an economics major at UT. Kernell family attorney Wade V. Davies wrote in a letter Monday that “the Kernell family wants to do the right thing, and they want what is best for their son.”

The Associated Press contributed to this story.

Web proxy firm working with FBI to trace Palin e-mail hacker September 18, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, cyberbullying, cybercrime, Cybercrime groups, cyberterrorism, Hacking, stalking.
Tags: , , ,
2 comments

IDG, 18 Sept, 2008

The Webmaster of a proxy service called Ctunnel.com, which may have been used by a hacker to illegally access the e-mail account of Republican vice presidential candidate Sarah Palin, is working with law enforcement authorities to track down the person behind the break-in.

Gabriel Ramuglia, the Athens, Ga.-based Webmaster of Ctunnel, said Thursday that URLs in screenshots of Palin’s e-mail — photos were posted online Wednesday on 4chan.org and other sites — suggested that whoever accessed her Yahoo! account had used his proxy service.

Ramuglia said in an interview that he was contacted by FBI officials last night and asked to retain computer logs of the last few days’ activity on his service and make sure nothing is deleted. Ramuglia, who normally stores only a week’s worth of log data, said he would not have deleted anything anyway because of the illegal nature of what had happened.

Ramuglia is now in the process of importing more than 80GB worth of log data into a database for analysis. He said he’s reasonably confident he can help authorities sift through the logs and trace access back to the originating IP address — especially because the self-professed hacker has admitted using just one proxy service to access Palin’s account.

Notorious board user

The alleged hacker said in an online posting that he gained access by simply resetting the password to Palin’s Yahoo! e-mail account using its password recovery service. That’s according to a description of events posted on a blog site run by conservative syndicated columnist Michelle Malkin.

The first-person account was originally posted on a Web site called 4chan.org by a poster identified only as “Rubico.” That post, along with a related thread, was later deleted from that site — but not before a reader of Malkin’s blog apparently snagged a copy of it and sent it along to Malkin. Rubico’s claims could not be verified and security analysts have been skeptical of the claims.

According to the Malkin blog reader, 4chan.org hosts multiple boards, each of which is dedicated to specific subjects. The individual who first broke into Palin’s e-mail account apparently belonged to a group called /b/, which the reader described as the “most notorious” of the boards on 4chan.org.. /b/tards, as its denizens are called, are interested only in their own amusement,” the reader claimed.

Reset the password

Rubico allegedly became interested in Palin’s e-mail after reading media reports of her using a Yahoo! e-mail account and decided to try and access it by resetting her password. “It took seriously 45 mins on wikipedia and google to find the info” needed, Rubico claimed. “Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)”

Rubico said it was harder to find the answer to one of the other questions needed for a password recovery: Where had Palin met her husband? After some digging, Rubico determined that the couple first met at Wasilla High School.

He said he used the information to reset Palin’s password and go through her e-mail to see for anything incriminating that might “derail her campaign.”

It was only after finding nothing that the hacker realized how easily he could be caught, since he had used only one proxy to access the account. So he decided to make access to it available to others on the /b/ board by posting Palin’s recently reset password. Rubico claimed he “then promptly deleted everything, and unplugged my Internet and just sat there in a comatose state.”

However, one of the other members of the bulletin board who Rubico described as a “White knight f..,” saw the thread and used the new password to go back into Palin’s account and reset it. That person then sent an e-mail to a “friend of Palin’s” informing her of the new password and what had happened, Rubico claimed.

Alaska Governor Palin’s email account hacked via social engineering September 18, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, cyberbullying, cybercrime, Cybercrime groups, cyberterrorism, Hacking, stalking.
Tags: , ,
add a comment

ZDNet, 19 September 2008

Details describing how someone hacked into the Yahoo Mail account of Republican vice presidential candidate Sarah Palin (pictured) emerged on Thursday.

The hack appears to have been accomplished through little more than social engineering, the process of acquiring personal information through social manipulation. The hackers exploited known weaknesses in Yahoo Mail’s password-recovery feature.

The Knoxville News Sentinel reported that a 20-year-old University of Tennessee student has been contacted in connection to the federal investigation of the break-in.

Since Tuesday, anonymous posters using a forum on the 4chan.org website have been circulating password-protected zip files containing the contents of the now-deleted email account once belonging to Palin. Various posts to the /b/ board have also provided insight into how the hack was carried out.

Like most web account services, Yahoo Mail provides an option to reset or recover one’s user name and password. What is unclear is how the account recovery was rerouted from the alternative email address chosen by Palin to a secondary email address.

One poster said it took only 15 seconds on Wikipedia to answer Yahoo Mail’s prompt for Palin’s birthday.

As regards the prompt for a ZIP code, Wasilla, Alaska, has only two ZIP codes.

However, Palin’s personal security question — ‘Where did you meet your spouse?’ — did slow the process down. The poster claimed it took several tries before they eventually hit upon the correct answer: Wasilla High School.

Webmail accounts are not alone in using online security questions.

In May, Acxiom, a Little Rock, Arkansas-based data-warehouse company, announced it was introducing a biographical authentication service that asks users of online banking and e-commerce sites random questions based on their personal lives, such as “How many fireplaces are in your current residence?”. The answer can be obtained from any US real-estate website.

Palin’s e-mail account plundered September 18, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, cyberbullying, cybercrime, cyberterrorism, Hacking.
Tags: ,
add a comment

BBC, 18 Sept 2008

Anonymous hackers have gained access to the personal e-mail account of US vice-presidential candidate Sarah Palin.

Those behind the hack put screenshots of messages in Ms Palin’s Yahoo inbox on the whistle-blowing site Wikileaks.

In a statement the McCain campaign said: “This is a shocking invasion of the governor’s privacy and a violation of law.”

It said it had handed investigation of the matter over to US law enforcement authorities.

Deleted messages

The documents posted to Wikileaks were from Ms Palin’s gov.palin@yahoo.com e-mail account and included five screenshots, two digital photos of her family and an address book.

The McCain campaign urged those in possession of the documents to destroy them.

The attack was carried out by a loose coalition of hackers which calls itself “Anonymous”.

The attack comes as Ms Palin falls under scrutiny for the way that she used personal e-mail accounts to conduct state business as governor of Alaska. US law dictates that all messages connected to official business as state governor must be preserved.

By contrast, personal messages can be deleted.

Ms Palin is being investigated for abuse of power by attempting to sack a state trooper who had recently been divorced from Ms Palin’s sister.

Subsequent investigation has shown that the gov.palin@yahoo.com account has been shut down along with another, gov.sarah@yahoo.com, also owned by Ms Palin.

It is not clear yet what methods the hacking group used to access to the e-mail account. The screenshots posted by the hackers reveal that they carried out the attack via a so-called proxy service to hide their tracks and limit the chance that they would be traced.

Earlier in 2008 the Anonymous group launched several online assaults against the Church of Scientology.