Newsflash: Palin E-mail Hacker Indicted
Fox News is reporting that 20-year-old David Kernell of Knoxville, Tenn., has been indicted by a federal grand jury in Knoxville for intentionally accessing without authorization the private e-mail account of Alaska governor Sarah Palin.
Kernell is the son of Tenn. democratic state Rep. Mike Kernell of Memphis, he turned himself in to federal authorities for arrest today.
Michelle Malkin has more here.
Update: Allahpundit asks:
“Any legal eagles (or techies, I guess) want to speculate on why it took the grand jury an extra three weeks to return the indictment? The last time I wrote about this, the FBI reportedly already had the IP logs in hand and had searched his dorm for corroborating evidence. What extra evidence would they have needed to produce to nudge the case over the line of probable cause?”
As a former cop and a techie there’s several reasons, first this is a high profile case that involves a vice presidential candidate… You can not make mistakes, everything has to be done “by the book”, all the T’s crossed and I’s dotted. Second the server logs and IP adresses can get you to the suspects front door but it’s forensic analysis of his or her computer that will established his or her guilt or innocence. Finally, cyber forensics is time consuming process.
The FBI and Secret Service more then likely had a short list of suspects within a day or two… Connecting the all the dots to identify a “prime suspect” and establish probable cause for a search warrant takes days or even weeks. Ditto for conducting a proper forensic analysis of the suspects computer(s) and writing all the reports. All in all I think the FBI and Secret Service handled this case pretty well.
Previous:
- Sarah Palin’s Private E-mail Account Hacked
- Palin E-mail Hack Follow-up
- A Quick Update on the Palin E-mail Hacking Case
A Quick Update on the Palin E-mail Hacking Case
t’s been a few weeks since Sarah Palin’s private e-mail account was broken into and I’m sure many of you are curious what happening with the case.
Unfortunately, I don’t have any new information on the investigation or suspects… Michelle Malkin has confirmed the investigation is ongoing though:
I talked to Justice Department spokeswoman Laura Sweeney today for a follow-up. She says the “inquiry is ongoing.” She couldn’t comment on any federal grand jury activity that might be taking place related to the case.
SecurityFocus columnist Mark Rasch’s latest column examines the relevant federal statutes and how it might apply to the Palin case:
The Vice of Vice Presidential E-Mail
Mark Rasch, SecurityFocus, October 6, 2008Is it a crime to read someone else’s e-mail without their consent?
Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle “Rubico” claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business. (Editor’s note: Reports have linked David Kernell, a 20 year old undergraduate at the University of Tennessee, with the intrusion, but Kernell has not been charged nor indicted.)
To break into Palin’s account, Rubico had to figure out the personal details that the governor used as security questions. From behind a single proxy server, Rubico used a form of social engineering to change Palin’s password to “popcorn” and then posted both the technique he used and a few of the e-mails he observed. The technique was relatively simple and took less that 45 minutes, because much of Palin’s information was public. Read the rest…
Update (Tuesday, October 7, 2008 @ 10:05 a.m.): I originally wrote this post a little after 11:00 p.m. last night and after rereading it this morning I decide to change the title and rewrite parts of it. The most significant change is quote from Michelle Malkin’s article.
Update: Palin E-mail Hacker Indicted
Previous:
Atrivo/Intercage Down For The Count?
Being in the technology business this is something near and dear to my heart… It appears that Atrivo, also know as Intercage is finally down for the count.
Gadi Evron has a post here. Brian Krebs has backgound here.
Palin E-mail Hack Follow-up - Updated
Updates Below the Fold…
As I mentioned yesterday the FBI and Secret Service have opened a criminal investigation into the unauthorized access of Sarah Palin’s private e-mail account. That investigation is undoubtedly progressing quietly outside the public view.
According to media reports the Associated Press has refused a Secret Service request for copies of the stolen e-mails. Smooth move AP, I can understand your desire to protect your sources, but the theft of those e-mails represent a gross violation of Sarah Palin’s privacy. You can either be part of problem or part of the solution.
On the bright side the operator of the proxy service used by the hacker is ready and willing to cooperate with investigators. From The Register:
Memo to US Secret Service: Net proxy may pinpoint Palin email hackers
Not quite Anonymous
By Dan Goodin in San Francisco
Posted in Security, 18th September 2008 01:22 GMTMemo to law enforcement investigators tracking down who broke into Sarah Palin’s Yahoo email account: Gabriel Ramuglia might be a good place to start.
The 25-year-old webmaster and entrepreneur is the operator of Ctunnel.com, the browsing proxy service used by the group that hacked into the vice presidential candidate’s personal email account and exposed its contents to the world. While he has yet to examine his logs, he says there’s a good chance they will lead to those responsible, thanks to some carelessness on their part.
“Usually, this sort of thing would be hard to track down because it’s Yahoo email, and a lot of people use my service for that,” he told El Reg in a phone interview. “Since they were dumb enough to post a full screenshot that showed most of the [Ctunnel.com] URL, I should be able to find that in my log.”
Ramuglia got into the proxy business a few years ago, after schools began blocking access to an online game site he used to co-own. Pretty soon, people began using the proxy service to access YouTube, Gmail, MySpace, and dozens of other sites that are routinely blocked by IT departments.
As an aside… I used to carry a badge, criminal investigations happen at their own pace. I wouldn’t expect to hear much, if anything, about the progress of this investigation for several days.
Sarah Palin’s Private E-mail Account Hacked - Updated
Scroll For Updates…
Network World and Wired are reporting that Sarah Palin’s private Yahoo mail account has been hacked and that screenshots of messages have been posted on various web sites.
From Wired:
Vice-presidential candidate Sarah Palin’s private Yahoo e-mail account was hacked, and some of its contents posted on the internet Wednesday.
The internet griefers known as Anonymous took credit for the intrusion, and screenshots of e-mail messages and photos belonging to the Alaska governor have been published by WikiLeaks. Threat Level has confirmed the authenticity of at least one of the e-mails.
The cache of stolen data contains five screenshots from Palin’s account, including the text of an e-mail exchange with Alaska Lt. Gov. Sean Parnell about his campaign for Congress.
Another screenshot shows Palin’s inbox and a third shows the text of an e-mail from Amy McCorkell, whom Palin appointed to the Governor’s Advisory Board on Alcoholism and Drug Abuse in 2007.
Hacking into someones e-mail is a federal crime punishable by up to five years in prison and it appears that the FBI in coordination with the Secret Service has begun an investigation into this incident. I’m a little fuzzy on the law here but I’m reasonably certain that sites like WikiLeaks and Gawker that published the stolen information could face prosecution along with the hackers.
Update: The McCain Campaign has released the following statement:
“This is a shocking invasion of the Governor’s privacy and a violation of law, the matter has been turned over to the appropriate authorities and we hope that anyone in possession of these e-mails will destroy them. We will have no further comment.”
Update: The FBI has confirmed that an investigation is underway. From CNN’s Political Tracker Blog:
FBI Spokesman Eric Gonzalez in Anchorage, Alaska confirms to CNN an investigation is underway.
“We are aware of the allegations and we are coordinating with Secret Service as far as the allegation that someone has hacked into Governor Palin’s personal e-mail account,” he said. “We are going to be working a joint investigation with Secret Service on this.”
Brian Hale, an FBI spokesman in Washington, also confirms the FBI has been contacted about the incident. Two federal law enforcement sources say the FBI and Secret Service would have concurrent jurisdiction normally on a matter such as this, but it remains to be seen if the Secret Service will take the lead on the investigation because Palin is a protectee.
Update: The always indispensable Michelle Malkin has the story behind the story:
This afternoon, I mentioned an infamous group of hackers whose Internet bulletin board was the gathering place for those who bragged about and publicized the Sarah Palin private e-mail hacking.
A tech-savvy reader who monitors the hackers’ site e-mailed me a detailed explanation of how it went down, who was responsible, and how someone with a conscience warned a friend of the Palin family of the crime (language warning):
As an aside… This would be a good time to change your passwords. A strong password should be at least 8 characters and include letters, numbers, and at least one special character. It should also be easy to remember but not easily guessed.
Hat Tip: Michelle Malkin & Ace.
For Additional Updates see:
- Palin E-mail Hack Follow-up
- A Quick Update on the Palin E-mail Hacking Case
- Newsflash: Palin E-mail Hacker Indicted
Computer Crime…
Here an interesting video from Mikko Hyppönen at F-Secure that talks about one of the common misconceptions about computer crime and viruses. A lot of people think that since we haven’t had a major virus outbreak like the Melissa or Sasser worms in quite awhile the situation is getting better… As Mikko points out it’s not, it’s getting worse.