Hackers Break Into Virginia Health Professions Database, Demand Ransom

May 5, 2009 by Jeff · Leave a Comment
Filed under: Health Care, Politics 

Hackers apparently broke into Virginia’s Health Professions Database last week and stole data on more than 8 million patients and replaced the site’s homepage  with ransom note demanding $10 million.

Brian Krebs has the details:

Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site’s homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents.

Wikileaks reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file.

Wikileaks has published a copy of the ransom note left in place of the PMP home page, a message that claims the state of Virginia would need to pay the demand in order to gain access to a password needed to unlock those records:

“I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :( For $10 million, I will gladly send along the password.”

The site, along with a number of other Web pages related to Virginia Department of Health Professions, remains unreachable at this time. Sandra Whitley Ryals, director of Virginia’s Department of Health Professions, declined to discuss details of the hacker’s claims, and referred inquires to the FBI.

This the principle reason why I am oppposed to on-line medical records, the risk that someone could break into the system and steal private information is simply to great.

Tags: , ,

Palin E-mail Hacker Hit With Additional Charges

March 9, 2009 by Jeff · Leave a Comment
Filed under: Crime, Internet, Politics 

David Kernell, the son of a Democratic Tennessee legislator, who was indicted for hacking into Gov. Sarah Palin’s personal e-mail account during the last year’s Presidential campaign has been hit with additional charges.

The new charges are fraud, unlawful electronic transmission of material outside Tennessee and attempts to conceal records to impede an FBI investigation.

Three more federal charges have been filed against a University of Tennessee student charged with hacking into the personal e-mail account of Sarah Palin, the Alaska governor and former Republican vice presidential nominee.David Kernell, the son of a Democratic Tennessee legislator, pleaded not guilty to all charges Monday, and a magistrate agreed to push back his trial from May to October.

Kernell allegedly gained access to Palin’s account in September by correctly answering a series of personal security questions.

The new counts are fraud, unlawful electronic transmission of material outside Tennessee and attempts to conceal records to impede an FBI investigation.

H/T: Michelle Malkin.

Previous:

Tags: , ,

Newsflash: Palin E-mail Hacker Indicted

October 8, 2008 by Jeff · 6 Comments
Filed under: Crime, Internet, Politics, Security 

Fox News is reporting that 20-year-old David Kernell of Knoxville, Tenn., has been indicted by a federal grand jury in Knoxville for intentionally accessing without authorization the private e-mail account of Alaska governor Sarah Palin.

Kernell is the son of Tenn. democratic state Rep. Mike Kernell of Memphis, he turned himself in to federal authorities for arrest today.

Michelle Malkin has more here.

Update: Allahpundit asks:

“Any legal eagles (or techies, I guess) want to speculate on why it took the grand jury an extra three weeks to return the indictment? The last time I wrote about this, the FBI reportedly already had the IP logs in hand and had searched his dorm for corroborating evidence. What extra evidence would they have needed to produce to nudge the case over the line of probable cause?”

As a former cop and a techie there’s several reasons, first this is a high profile case that involves a vice presidential candidate… You can not make mistakes, everything has to be done “by the book”, all the T’s crossed and I’s dotted. Second the server logs and IP adresses can get you to the suspects front door but it’s forensic analysis of his or her computer that will established his or her guilt or innocence. Finally, cyber forensics is time consuming process.

The FBI and Secret Service more then likely had a short list of suspects within a day or two… Connecting the all the dots to identify a “prime suspect” and establish probable cause for a search warrant takes days or even weeks. Ditto for conducting a proper forensic analysis of the suspects computer(s) and writing all the reports. All in all I think the FBI and Secret Service handled this case pretty well.

Previous:

Tags: , , ,

A Quick Update on the Palin E-mail Hacking Case

October 6, 2008 by Jeff · 2 Comments
Filed under: Crime, Politics, Technology 

It’s been a few weeks since Sarah Palin’s private e-mail account was broken into and I’m sure many of you are curious about what’s happening with the case.

Unfortunately, I don’t have any new information on the investigation or suspects… Michelle Malkin has confirmed the investigation is ongoing though:

I talked to Justice Department spokeswoman Laura Sweeney today for a follow-up. She says the “inquiry is ongoing.” She couldn’t comment on any federal grand jury activity that might be taking place related to the case.

SecurityFocus columnist Mark Rasch’s latest column examines the relevant federal statutes and how it might apply to the Palin case:

The Vice of Vice Presidential E-Mail
Mark Rasch, SecurityFocus, October 6, 2008

Is it a crime to read someone else’s e-mail without their consent?

Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle “Rubico” claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business. (Editor’s note: Reports have linked David Kernell, a 20 year old undergraduate at the University of Tennessee, with the intrusion, but Kernell has not been charged nor indicted.)

To break into Palin’s account, Rubico had to figure out the personal details that the governor used as security questions. From behind a single proxy server, Rubico used a form of social engineering to change Palin’s password to “popcorn” and then posted both the technique he used and a few of the e-mails he observed. The technique was relatively simple and took less that 45 minutes, because much of Palin’s information was public. Read the rest…

Update (Tuesday, October 7, 2008 @ 10:05 a.m.): I originally wrote this post a little after 11:00 p.m. last night and after rereading it this morning I decide to change the title and rewrite parts of it. The most significant change is quote from Michelle Malkin’s article.

Update: Palin E-mail Hacker Indicted

Previous:

Tags: , ,

Sarah Palin’s Private E-mail Account Hacked – Updated

September 17, 2008 by Jeff · 11 Comments
Filed under: Crime, Internet, Politics, Security, Technology 

Scroll For Updates…

Network World and Wired are reporting that Sarah Palin’s private Yahoo mail account has been hacked and that screenshots of messages have been posted on various web sites.

From Wired:

Vice-presidential candidate Sarah Palin’s private Yahoo e-mail account was hacked, and some of its contents posted on the internet Wednesday.

The internet griefers known as Anonymous took credit for the intrusion, and screenshots of e-mail messages and photos belonging to the Alaska governor have been published by WikiLeaks. Threat Level has confirmed the authenticity of at least one of the e-mails.

The cache of stolen data contains five screenshots from Palin’s account, including the text of an e-mail exchange with Alaska Lt. Gov. Sean Parnell about his campaign for Congress.

Another screenshot shows Palin’s inbox and a third shows the text of an e-mail from Amy McCorkell, whom Palin appointed to the Governor’s Advisory Board on Alcoholism and Drug Abuse in 2007.

Hacking into someones e-mail is a federal crime punishable by up to five years in prison and it appears that the FBI in coordination with the Secret Service has begun an investigation into this incident. I’m a little fuzzy on the law here but I’m reasonably certain that sites like WikiLeaks and Gawker that published the stolen information could face prosecution along with the hackers.

Update: The McCain Campaign has released the following statement:

“This is a shocking invasion of the Governor’s privacy and a violation of law, the matter has been turned over to the appropriate authorities and we hope that anyone in possession of these e-mails will destroy them. We will have no further comment.”

Update: The FBI has confirmed that an investigation is underway. From CNN’s Political Tracker Blog:

FBI Spokesman Eric Gonzalez in Anchorage, Alaska confirms to CNN an investigation is underway.

“We are aware of the allegations and we are coordinating with Secret Service as far as the allegation that someone has hacked into Governor Palin’s personal e-mail account,” he said. “We are going to be working a joint investigation with Secret Service on this.”

Brian Hale, an FBI spokesman in Washington, also confirms the FBI has been contacted about the incident. Two federal law enforcement sources say the FBI and Secret Service would have concurrent jurisdiction normally on a matter such as this, but it remains to be seen if the Secret Service will take the lead on the investigation because Palin is a protectee.

Update: The always indispensable Michelle Malkin has the story behind the story:

This afternoon, I mentioned an infamous group of hackers whose Internet bulletin board was the gathering place for those who bragged about and publicized the Sarah Palin private e-mail hacking.

A tech-savvy reader who monitors the hackers’ site e-mailed me a detailed explanation of how it went down, who was responsible, and how someone with a conscience warned a friend of the Palin family of the crime (language warning):

As an aside… This would be a good time to change your passwords. A strong password should be at least 8 characters and include letters, numbers, and at least one special character. It should also be easy to remember but not easily guessed.

Hat Tip: Michelle Malkin & Ace.

For Additional Updates see:

Tags: , ,