The former college student who guessed his way into Sarah Palin’s Yahoo e-mail account during the 2008 U.S. presidential election was sentenced to a year and a day in prison Friday.

David Kernell’s lawyers had been hoping for probation only; federal prosecutors had asked for an 18-month sentence.

The judge in the case recommended that Kernell serve his time at a halfway house rather than federal prison, but that decision is up to the U.S. Bureau of Prisons, the U.S. Department of Justice said. Following his one-year sentence, Kernell must serve three years’ probation.

Kernell, a 20-year-old college student at the time of the incident, got into Palin’s gov....@yahoo.com account by guessing answers to the security questions used by Yahoo to reset the account’s password. In chat logs, Kernell said he was hoping to find information that would “derail” her 2008 vice presidential election campaign.

Palin was then governor of Alaska, and her critics thought she may have been conducting state business via the Yahoo account, in order to sidestep Alaska’s open records law. Kernell found no such evidence after examining her Yahoo account.

Politics aside. one year in prison followed by three years probation seems reasonable. In her autobiography, “Going Rogue,” Ms. Palin describes the incident as  “the most disruptive” of the campaign because it cut off easy communication with her colleagues in Alaska.

Mr. Kernell, who went  by the internet handle “Rubico,” was able to gain access to Ms. Palin’s private Yahoo! mail account by correctly the answers to her “secret questions” — her date of birth, her postal code, and information about where she met her husband Todd and then resetting her password.

Mr. Kernell then posted examples of Ms. Palin’s private emails, the addresses of her friends & family, and family photos on Wikileaks. Mr. Kernell also bragged that hacking into the vice-presidential candidate’s Yahoo account was child’s play… and it was. Standard challenge questions like “What is you date of birth?”, “What is your home zip code” or “Where did you meet your spouse?” are marginally effective for Mr. and Mrs. Average, but for a public figure like Ms. Palin whose life is well documented they’re pretty much useless… The answers can found in a matter of minutes using public sources like Wikipedia.

Previous

• Sarah Palin’s Private E-mail Account Hacked
• Palin E-mail Hack Follow-up
• A Quick Update on the Palin E-mail Hacking Case
• Newsflash: Palin E-mail Hacker Indicted
• Palin E-mail Hacker Hit With Additional Charges
• Palin E-mail Hacker Convicted on Two Counts

(Reuters) – A college student who hacked into former Republican vice presidential candidate Sarah Palin’s e-mail account and posted some of its contents on the Internet was found guilty Friday.

After four days of deliberations, a federal jury found David Kernell, the 22-year-old son of a Democratic Tennessee state legislator, guilty of obstruction of justice, a felony, and unauthorized access of a computer, a misdemeanor.

Kernell was cleared of a wire fraud charge, and the jury could not agree on a verdict on a charge of identity theft.

Judge Thomas Phillips declared a mistrial on the identity theft charge but did not set a date for sentencing.

The obstruction charge alone carries a prison sentence of up to 20 years, while the misdemeanor count is punishable by up to one year in jail.

Ms. Palin issued a statement via her Facebook page, thanking the jury and prosecutors their efforts and explaining the case’s importance:

My family and I are thankful that the jury thoroughly and carefully weighed the evidence and issued a just verdict. Besides the obvious invasion of privacy and security concerns surrounding this issue, many of us are concerned about the integrity of our country’s political elections. America’s elections depend upon fair competition. Violating the law, or simply invading someone’s privacy for political gain, has long been repugnant to Americans’ sense of fair play. As Watergate taught us, we rightfully reject illegally breaking into candidates’ private communications for political intrigue in an attempt to derail an election.

I want to thank the public servants who worked so hard on this case, particularly the jurors who gave up precious time from their jobs and families to listen to the evidence and reach a decision.

My family and I appreciate the good people of Knoxville, Tennessee, who showed us true Southern hospitality. We can’t wait to visit again – but without having a subpoena in hand.

Although I expect Mr. Kernell will see some jail time it’ll be far less than the 20 year maximum, federal sentencing guidelines set a range of 15 to 21 months and allow for probation in cases like this. I do think prosecutors overreached a little in this case and as one witness said “put on a dog and pony show“. They had to though, never mind basic privacy considerations… Sarah Palin was a Vice Presidential candidate in the middle of hotly contested election, investigators and prosecutors had to aggressively pursue this case to send  a message that these types political dirty tricks won’t be tolerated.

Related

• Jury convicts Palin e-mail intruder on two counts; mistrial declared on ID theft – Knoxville News Sentinel
• Protecting Against Password Reset Attacks – Randy Abrams, Eset Software.

Previous

• Sarah Palin’s Private E-mail Account Hacked
• Palin E-mail Hack Follow-up
• A Quick Update on the Palin E-mail Hacking Case
• Newsflash: Palin E-mail Hacker Indicted
• Palin E-mail Hacker Hit With Additional Charges

The new charges are fraud, unlawful electronic transmission of material outside Tennessee and attempts to conceal records to impede an FBI investigation.

Three more federal charges have been filed against a University of Tennessee student charged with hacking into the personal e-mail account of Sarah Palin, the Alaska governor and former Republican vice presidential nominee.David Kernell, the son of a Democratic Tennessee legislator, pleaded not guilty to all charges Monday, and a magistrate agreed to push back his trial from May to October.

Kernell allegedly gained access to Palin’s account in September by correctly answering a series of personal security questions.

The new counts are fraud, unlawful electronic transmission of material outside Tennessee and attempts to conceal records to impede an FBI investigation.

H/T: Michelle Malkin.

Previous:

• Sarah Palin’s Private E-mail Account Hacked
• Palin E-mail Hack Follow-up
• A Quick Update on the Palin E-mail Hacking Case
• Newsflash: Palin E-mail Hacker Indicted

Computerworld has more on the story here.

On a related note Mozilla and Opera Software both released updates for their respective web browsers today.

Bad economy helping Web scammers recruit ‘mules’

By Jordan Robertson, The Associated Press, December 9, 2008

SAN JOSE, Calif. -

The worsening economy appears to be helping computer crooks with one of their toughest tasks: tricking people into opening their homes and bank accounts and becoming “mules” for laundering money or stolen goods.

The scams themselves aren’t new. They’re pitched in spam e-mails as “work-at-home” jobs that promise excellent part-time money for helping companies pay clients in other countries. The victims are asked to open new bank accounts in their names, agree to accept anonymous payments into those accounts, and forward those payments by way of money transfer, usually to locations in Eastern Europe.

The scam is classic money laundering with an Internet twist. The money is generally real, and the middle man is promised a cut. What those middle men may not know is they’re trafficking in ill-gotten gains and helping criminals pay each other while disguising the source. And the mules are often the ones at the greatest risk of arrest.

Savvy computer users usually identify this as a scam. But security researchers say more people are willing to take a risk on the come-ons as unemployment rises and the volume of the mule e-mails increases.

“When people are scared of a job going away, or they’re worried about having money to pay bills, they might look at something like this in a different light than when things are rosy and great,” said David Marcus, McAfee Inc.’s director of security research and communications. Read the rest…

As Robertson mentions this isn’t a new scam it been going for quite a while now. Unfortunately as the economy worsens more people a willing to respond to these types of come-ons.

The bottom line is pretty simple: if it sounds too good to be true it probably is.

For more information on internet fraud and scams check out Looks Too Good To Be True.com. They have a wealth of information on various types of fraud and alerts on new scams.

Other Resources:

• Internet Crime Complaint Center
• United States Postal Inspection Service
• Federal Trade Commission

After 4 years and 2 months, Julie Amero is now free.

You’ll recall that Julie Amero was convicted of 4 felony counts, each count carrying a maximum of 10 years, for exposing school children to pornography.

The reality is that Julie, a 40–year old, pregnant substitute teacher, found herself in a storm of popups and didn’t have any idea as to what was going on, or how to fix the situation.

There were numerous technical errors made during the trial, and I led a team of forensic investigators into analyzing a copy of the hard drive. We ultimately published a report which was used in Julie’s original conviction being overturned, for a new trial last June (I am seeing if I can get the report published).

This afternoon, at an empty Norwich Superior Court, Julie pled to the misdemeanor charge of disorderly conduct, in a deal negotiated by her pro-bono attorney, William Dow.

Her fine was a $100 charge, and her Connecticut teaching credentials are revoked (Julie told me she really doesn’t care, that she has no plans ever to teach in that state again).

Brain Krebs has background on Julie’s case here.

The fact the Julie was convicted of anything is sad testament to judicial system. She was put into a no win situation by a school system that failed to take the most basic risk mitigation steps and by investigators and prosecutors who don’t understand technology or malware. If not for the efforts of Mr. Eckelberry and others in the anti-malware industry Ms. Aremo would undoubtedly be in prison today.

Host of Internet Spam Groups is Cut Off

Spam Drops After Internet Providers Disconnect a California Hosting Firm

By Brian Krebs
washingtonpost.com Staff Writer
Wednesday, November 12, 2008; 7:16 PM

The volume of junk e-mail sent worldwide dropped drastically today after a Web hosting firm identified by the computer security community as a major host of organizations allegedy engaged in spam activity was taken offline, according to security firms that monitor spam distribution online.

While its gleaming, state-of-the-art, 30-story office tower in downtown San Jose, Calif., hardly looks like the staging ground for what could be called a full-scale cyber crime offensive, security experts have found that a relatively small firm at that location is home to servers that serve as a gateway for a significant portion of the world’s junk e-mail.

The servers are operated by McColo Corp., which these experts say has emerged as a major U.S. hosting service for international firms and syndicates that are involved in everything from the remote management of millions of compromised computers to the sale of counterfeit pharmaceuticals and designer goods, fake security products and child pornography via email.

But the company’s web site was not accessible today, when two Internet providers cut off MoColo’s connectivity to the Internet, security experts said. Immediately after McColo was unplugged, security companies charted a precipitous drop in spam volumes worldwide. E-mail security firm IronPort said spam levels fell by roughly 66 percent as of Tuesday evening.

Spamcop.net, another spam watch dog, found a similar decline, from about 40 spam e-mails per second to around 10 per second. Read the rest…

Score one for the good guys… Of course I’m sure we’ll all miss those ads for male enhancement products in our inbox…

Kernell is the son of Tenn. democratic state Rep. Mike Kernell of Memphis, he turned himself in to federal authorities for arrest today.

Michelle Malkin has more here.

Update: Allahpundit asks:

“Any legal eagles (or techies, I guess) want to speculate on why it took the grand jury an extra three weeks to return the indictment? The last time I wrote about this, the FBI reportedly already had the IP logs in hand and had searched his dorm for corroborating evidence. What extra evidence would they have needed to produce to nudge the case over the line of probable cause?”

As a former cop and a techie there’s several reasons, first this is a high profile case that involves a vice presidential candidate… You can not make mistakes, everything has to be done “by the book”, all the T’s crossed and I’s dotted. Second the server logs and IP adresses can get you to the suspects front door but it’s forensic analysis of his or her computer that will established his or her guilt or innocence. Finally, cyber forensics is time consuming process.

The FBI and Secret Service more then likely had a short list of suspects within a day or two… Connecting the all the dots to identify a “prime suspect” and establish probable cause for a search warrant takes days or even weeks. Ditto for conducting a proper forensic analysis of the suspects computer(s) and writing all the reports. All in all I think the FBI and Secret Service handled this case pretty well.

Previous:

• Sarah Palin’s Private E-mail Account Hacked
• Palin E-mail Hack Follow-up
• A Quick Update on the Palin E-mail Hacking Case

In a top-of-the-ticket comparison, spam using the name of Sen. Barack Obama easily topped the use of his opponent, Sen. John McCain, by 6 to 1.

I’m not sure this a race either candidate wants to win though. It just goes show that spammers are continuing to exploit current events to get their message out.

The full report titled “Major Spam Trends, October 2008″ is available from Secure Computing’s web site.

Gadi Evron has a post here. Brian Krebs has backgound here.