Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Government Security United States Politics

Palin Email Hacker Found 767

mortonda writes to tell us that the person responsible for breaching Sarah Palin's private email account has been found. We discussed the breach last Wednesday, shortly before the hacker, a University of Tennessee-Knoxville student, posted a message detailing his methods. Wired has a story examining the potential legal consequences for the hacker.
This discussion has been archived. No new comments can be posted.

Palin Email Hacker Found

Comments Filter:
  • This Just In (Score:5, Insightful)

    by TheSpoom ( 715771 ) * <slashdot@@@uberm00...net> on Sunday September 21, 2008 @12:02PM (#25094011) Homepage Journal

    Cracker is an idiot. Ever hear of Tor [wikipedia.org]? Or better yet, post the information on something like Freenet [wikipedia.org] and just advertise it on Freenet somehow and let other people get the information out to the main web.

    Of course, the fact that he posted his nick on /b/ when it's usually forced-anon anyway means he basically confessed. Not to mention that he said which proxy service he used -- note to criminals: if you want to get away with something, don't brag about how you did it!

    • by Anonymous Coward on Sunday September 21, 2008 @12:07PM (#25094087)

      The cracker is a /b/tard, don't think that you need to go into it any deeper than that.

      I'm happy that some of that information came out. If it came down to it, I'd put in 10bux for his legal defense.

      • Re:This Just In (Score:5, Insightful)

        by billcopc ( 196330 ) <vrillco@yahoo.com> on Sunday September 21, 2008 @01:43PM (#25095177) Homepage

        Nah, he's far below /b/tard level. /b/tards at least know to post Anon.

        This kid is your typical attention-whoring suburban fuckup. He's probably going to grow up to be a nice little volvo-driving banker.

      • Re: (Score:3, Interesting)

        by Tubal-Cain ( 1289912 )

        If it came down to it, I'd put in 10bux for his legal defense.

        Why? Whether or not you approve of what he did, the most expensive lawyers in the world can't change the fact that he did something illegal.

      • Re:This Just In (Score:5, Interesting)

        by QuickSilver_999 ( 166186 ) on Sunday September 21, 2008 @11:45PM (#25099971)

        I'd put in 10bux for his legal defense.

        Good to know that you don't care about people doing illegal things just to TRY to get some dirt (even if they fail). So when we send covert operatives in to dumpster dive and hack into bank records to find out how Joe Biden is owned by the credit card companies (As one of my friends puts it, "You mean the Senator from MBNA?") Or when we dig to find out exactly HOW his house was paid for? Or perhaps dig into personal emails and such to find out exactly how linked Obama and Ayers are? Or Rezko? Will you put some cash in for those operatives as well?
        You like this guy because he tried to "get" Sarah Palin. And as I have noted further down, didn't. If this would have been the other way around, you would have been bleating bloody murder about how horrible it was that a Republican would stoop to doing something illegal. Why you might even call it a Watergate! Perhaps this should be called YahooGate? After all, breaking in to email is to me the equivalent of breaking into a private office in a hotel.

    • by Anonymous Coward on Sunday September 21, 2008 @12:07PM (#25094091)

      Unless someone just compromised that forum account and framed him.

    • Re:This Just In (Score:5, Insightful)

      by Elektroschock ( 659467 ) on Sunday September 21, 2008 @12:09PM (#25094107)

      Let's say it like this: He or she is no hacker or cracker. It is just a usual internet user who did not obtain great skill.

      Lessons:

      * government users should not take yahoo (who ever came to that idea?)

      * Anonymous communication matters

      * Activities of governments should be transparent.

      * It may help a person to become vice president who appears to be a nightmare and encourage anti-hacking regulations. Fortunately S. Palin has close affiliations with witch hunters. [youtube.com]

      • Re:This Just In (Score:5, Insightful)

        by Hadlock ( 143607 ) on Sunday September 21, 2008 @12:12PM (#25094157) Homepage Journal

        The whole reason Palin is using Yahoo instead of government sponsored email is that any email sent through those channels is archived for a Very Long Time as a matter of public record. Wondering what the clerk at the DMV is REALLY emailing about? Put in a freedom of information act request and it's all yours.
         
        By Palin using yahoo, it's not closely watched and she can conduct official business off the record. It's very poor form to do so and is the real story here.

        • Re:This Just In (Score:5, Insightful)

          by Greyfox ( 87712 ) on Sunday September 21, 2008 @12:15PM (#25094201) Homepage Journal
          I have yet to see anyone ask Cheney or Palin if they feel they are above the law. Their actions seem to indicate they do.

          I have trouble understanding why we put people with such obvious contempt for the law in positions that are in charge of it.

          • Re:This Just In (Score:5, Insightful)

            by Hadlock ( 143607 ) on Sunday September 21, 2008 @12:25PM (#25094289) Homepage Journal

            I have trouble understanding why we put people with such obvious contempt for the law in positions that are in charge of it.
             
            Brilliant marketing, and the general public's desire to believe what they're told in hopes that it will come true. If the general public were half as smart as we give them credit for the world would have never seen Napoleian, Cesar (well actually the Romans solved that problem on their own), Castro, Hugo Chavez and more. But as the protestants like to point out, people are like sheep and will head in whatever direction the man who speaks softly but carries a big stick says.

            • Re: (Score:3, Funny)

              by MagdJTK ( 1275470 )

              If the general public were half as smart as we give them credit for the world would have never seen Napoleian, Cesar (well actually the Romans solved that problem on their own), Castro, Hugo Chavez and more.

              The others are fair enough, but what's dog food got to do with it?

            • Re: (Score:3, Insightful)

              by BenoitRen ( 998927 )

              Napoleon wasn't all bad, though. Thanks to him our Belgian courts (among others) don't suck as bad as the Americans'!

              • Re:This Just In (Score:5, Informative)

                by jabithew ( 1340853 ) on Sunday September 21, 2008 @02:27PM (#25095667)

                Ever heard of Hans-Martin Tillack? His office was raided and his equipment seized by Belgian police because he had the audacity to protect a whistle-blower in a fraud case. He eventually got compensation, but as far as I'm aware he hasn't re-gained his possessions. I would bet money on the whistle-blower having been sacked by now. The whole sorry saga is here [euobserver.com]. In the mean time the accounts have not been signed off for the thirteenth year running [bbc.co.uk] (the Tories are reporting a fourteenth).

                I hate it when we Europeans pretend to be so vastly superior to those ghastly Americans out of sheer ignorance.

                p.s. I am a Europhile, I just don't think this kind of thing should be covered up out of misguided solidarity with the European Project.

          • Re: (Score:3, Interesting)

            by Score Whore ( 32328 )

            I have yet to see anyone ask Cheney or Palin if they feel they are above the law.

            While they may both feel that way, Gov. Palin's use of yahoo email provides zero insight regarding that mentality. No one has identified a single email from her yahoo account that was of an official nature. Yes, there were plenty of emails to officials, but merely talking to a public office holder doesn't make the communication official and a matter of public record. In fact there were a number of emails of a political nature w

          • Re: (Score:3, Insightful)

            by coaxial ( 28297 )

            All you need to know, is that Cheney, Rumsfield, and whole lot are throwbacks from the Nixon administration, and want to "restore" the presidency to Nixon level. Now this would all seem relatively innocuous, or at least inane, until remember Nixon's famous quote from his Robert Frost interview:

            "When the president does it, that means it's not illegal."

            Interestingly enough, the Republicans like to talk big about the rule of law, but then turn around and have no problem with, and in fact argue that they are d

          • Re:This Just In (Score:5, Insightful)

            by daemonenwind ( 178848 ) on Sunday September 21, 2008 @03:57PM (#25096537)

            Absolute tripe.

            Do you have a job?

            Do you have an e-mail account you use which is not associated with your job?

            All these assumptions about what goes on in private e-mail accounts have not been substantiated. In fact, the cracker responsible said he went through Palin's e-mail, and found absolutely nothing.

            Furthermore, since this cracker is the son of a Democrat, he would have known what to look for. Instead, he freely admits it's just stuff like communications with friends, casual conversations with other Republicans, and pictures of her kids.

            There's nothing there - as the opposition party fully admits - but it sure doesn't stop the idiot conspiracy theorists from foaming at the mouth.

            And one last thing: if you consider this to be a politically-used account, then what _exactly_ is the difference between this and Watergate?

            Answer: nothing.

        • By Palin using yahoo, it's not closely watched and she can conduct official business off the record.

          Or you know, she could in fact SEND PERSONAL EMAIL. Are you saying that no government employee should be able to have a personal email account? Then I guess you're OK with AT&T recording phone conversations without a warrant, because if government employees should not be able to have any private life why should you?

          The kid even said there were NO incriminating emails in the account (see: Wired story).

          • Re: (Score:3, Interesting)

            by Hadlock ( 143607 )

            I haven't read her email, but what I've heard was she was corresponding with heir aides about how to handle PR on several negative issues. It's a blurry line but I suppose that could be considered personal. Probably best to have made a phone call instead.

            • Re: (Score:3, Insightful)

              by Keebler71 ( 520908 )
              Wait a second.. it depends on what the "negative issues" were. If these were issues relevant to Alaskan politics and she was discussing them with her aides, then maybe this could be problematic for her. But if this was about the PR handling of issues related to her VP campaign then she would be wrong to use her official account and by all means she should be using a personal (or republican party) account. You can't use state resources (i.e. email accounts, office time, phone charges) to advance your poli
          • by drerwk ( 695572 ) on Sunday September 21, 2008 @01:19PM (#25094869) Homepage
            Do you know that she seems to have been using the account for gov business? No matter what the kid said or saw there is more to it than you seem to know.

            http://voices.washingtonpost.com/the-trail/2008/09/17/palins_yahoo_account_hacked.html [washingtonpost.com]

            Among the e-mails released as part of the records request in June were several from Frye asking a state official whether private e-mail accounts and messages sent to BlackBerry devices are immune to subpoena, then reporting the answer to the governor and her husband, Todd, who also uses a Yahoo! mail address.

            Asking if Yahoo accounts are subject to subpoena and relaying the answer to the governor suggests to me that the accounts were not simple private email accounts.

        • Re: (Score:3, Interesting)

          By Palin using yahoo, it's not closely watched and she can conduct official business off the record. It's very poor form to do so and is the real story here.

          OR, she could be obeying a governmental policy that says government accounts are not to be used for personal or campaign purposes. Did any of sample emails that were posted fall into the category of official business?

        • Re: (Score:3, Insightful)

          by jadavis ( 473492 )

          The whole reason Palin is using Yahoo instead of government sponsored email...

          Do you have any evidence of this, other than a few isolated emails?

          People use a variety of communication systems. They talk on the phone, talk in person, email from various accounts, etc.

          Most people make some attempt to organize this: a work phone number, a work email address, etc., but there is almost always some spillover. People socialize with other people they work with, and so there is bound to be some mixing among all of the

        • Re: (Score:3, Informative)

          by cmacb ( 547347 )

          The whole reason Palin is using Yahoo instead of government sponsored email is that any email sent through those channels is archived for a Very Long Time as a matter of public record.

          Oh, you mean like the White House e-mails?

          Now, before I get anyone confused, let me point out that White House e-mails were lost during the Clinton administration too. (People just seem to have conveniently forgotten about that one).

          Is the issue one of "Open Government"? Fine, I believe in that too.

          Sorry, but I don't buy the

      • Re:This Just In (Score:5, Insightful)

        by L0rdJedi ( 65690 ) on Sunday September 21, 2008 @01:02PM (#25094683)

        Let's say it like this: He or she is no hacker or cracker. It is just a usual internet user who did not obtain great skill.

        Lessons:

        * government users should not take yahoo (who ever came to that idea?)

        * Anonymous communication matters

        * Activities of governments should be transparent.

        * It may help a person to become vice president who appears to be a nightmare and encourage anti-hacking regulations. Fortunately S. Palin has close affiliations with witch hunters. [youtube.com]

        Oh please. Here's the real lessons learned:

        1. Don't make your security question anything that can be found online or don't discuss anything about it online (hers was where she and her husband met).

        2. Don't enter your real birthdate anywhere online. Again, what places really need this for an online account except "social networking" sites? Even then, anyone you know is probably going to know when your birthday is anyway.

        3. Don't use your real zip code.

        All of the above would have completely prevented this "hack". It's not difficult to make up a birth date and use that instead. Same goes for a zip code (12345 anyone?).

      • by Joce640k ( 829181 ) on Sunday September 21, 2008 @01:12PM (#25094791) Homepage

        If somebody hacked my email would they start a huge investigation or is justice only for the privileged few.

  • "Hacker" (Score:3, Insightful)

    by Verteiron ( 224042 ) on Sunday September 21, 2008 @12:02PM (#25094019) Homepage

    So "hacking" now includes password guessing?

    • Re:"Hacker" (Score:5, Insightful)

      by Helios1182 ( 629010 ) on Sunday September 21, 2008 @12:08PM (#25094105)

      It is usually the easiest way for a lot of systems; that, or just ask the user and they will tell you.

    • Re:"Hacker" (Score:5, Informative)

      by swabeui ( 1291044 ) on Sunday September 21, 2008 @12:10PM (#25094125)

      If you have followed the story, he didn't guess the password. He used publicly available information to fool Yahoo's password recovery tool to give it up.

      As simple as it may sound, it is a bit more involved than 'guessing' a password.

    • Re:"Hacker" (Score:5, Interesting)

      by Ritchie70 ( 860516 ) on Sunday September 21, 2008 @12:13PM (#25094161) Journal

      Not even password guessing. He apparently took public information about her and reset the password.

      If anyone wondered if demanding date of birth, home town, etc. was a BAD way of determining identity, this should resolve that for them.

      • Re: (Score:3, Insightful)

        by colfer ( 619105 )

        Yahoo lets you answer the backup questions and then reset the password to one of your choice? I didn't know it was that insecure. Normally a system would email you a reset link, but I guess Yahoo users might not have another email address. Sounds like Y should give you the option of disabling this cracking feature. Either you have a it send the reset link to a backup email or to a registered phone number for SMS text. How does Gmail do it?

    • Re:"Hacker" (Score:5, Insightful)

      by Shihar ( 153932 ) on Sunday September 21, 2008 @12:44PM (#25094487)

      First, it wasn't password guessing. He exploited Yahoo's password recovery system to get it to reset her password. He basically used public information to pose as Palin and convince Yahoo's password recovery system that he needed the password reset. Exploiting such a weakness in the system is, by any standards, "hacking".

      Second, after he got in, he than went through all of her e-mail. Breaking into a system, even if it had been a password guess, and then going through its contents is again, by any standard standard, hacking.

      I loath Palin, but this guy is going to get what he has coming. Even shitty and crazy humans who think the world is a few thousand years old and much to my horror might be president one day, get legal protection. It isn't like the police can go, "Yeah, he hacked in, but Palin kinda sucks, so I think we will let this one slide".

  • by Anonymous Coward on Sunday September 21, 2008 @12:05PM (#25094057)

    There's no evidence that we know of that this kid was indeed the hacker other than a post on /b/. And accepting a post on /b/ to be reliable information is like... trusting /.'s front page.

  • Equal punishment? (Score:3, Interesting)

    by tooyoung ( 853621 ) on Sunday September 21, 2008 @12:07PM (#25094093)
    I would hope that the punishment would be the same as would be handed out to someone that hacked my hotmail count.

    Not that, you know, I have a hotmail account...
  • Important (Score:3, Insightful)

    by jav1231 ( 539129 ) on Sunday September 21, 2008 @12:16PM (#25094219)
    The important thing is that prosecution comes. Regardless of the politics involved, if there's no charges then any online email service is essentially useless for private communication. Not to mention the law on such matters doesn't "matter."
    • Re:Important (Score:5, Insightful)

      by zippthorne ( 748122 ) on Sunday September 21, 2008 @12:28PM (#25094309) Journal

      If he's a student, I hope Palin opts not to press charges, or pushes for a slap-on-the-wrist. Some kind of punishment that will sting, but won't be career ending.

      Regardless of the politics involved, if there's no charges then any online email service is essentially useless for private communication.

      No, they are *already* useless for private communication. Email is sent in plaintext across networks, and regardless of prosecution, the attack vector used here is a pretty easy one. If your email is unencrypted, or you're using easily looked-up information as passwords or recovery questions, then it's not private. period.

      It would almost be better not to prosecute at all, if it has the effect of making people aware of, and take precautions against, the complete lack of privacy already extant.

  • Not much of a "hack" (Score:3, Informative)

    by Irongeek_ADC ( 903018 ) on Sunday September 21, 2008 @12:36PM (#25094389) Homepage
    Calling this guy a hacker is a wee bit of an overstatement. Here is a video reconstruction of what he did: http://www.irongeek.com/i.php?page=videos/how-sarah-palin-email-got-hacked [irongeek.com] Not really a "Hack", just using the password recovery process.
  • by sam_paris ( 919837 ) on Sunday September 21, 2008 @12:44PM (#25094481)
    1) Buy cheap pc using cash (OLPC or similar)
    2) Find open wifi network, choose a place far from where you live
    3) Connect to TOR and do your dirty deeds
    4) Clean finger prints from PC and trash it, far from where you live

    OR

    1) Goto internet cafe, ensure cafe has no security cameras
    2) Pay with cash
    3) Connect to TOR and do your dirty deeds
    4) Clean finger prints from computer

    Profit?
    • by Anonymous Coward on Sunday September 21, 2008 @01:25PM (#25094935)

      Trashing the PC is absurdly paranoid. This would be more than sufficient:
      1) Live in a large-ish city. Go to a popular cafe with free wifi and find a corner where nobody can see your screen.
      2) Reset your MAC address to something random and connect. Bonus points for hacking into a WEP network accessible from the cafe.
      3) Tunnel through Tor and do exactly what you need to do and nothing else.
      4) Disconnect, reset your MAC. Stay a little while, finish your drink, and leave.

      Even that's a little overly careful. Do that and there's no conceivable way to be caught. In this age of ubiquitous wireless networks, anyone who hacks from their own account richly deserves to be caught.

    • Even easier (Score:4, Informative)

      by Quiet_Desperation ( 858215 ) on Sunday September 21, 2008 @04:26PM (#25096849)
      1. Don't post a message anywhere describing what you did
  • Hacker (Score:3, Insightful)

    by Phroggy ( 441 ) <slashdot3@NOsPaM.phroggy.com> on Sunday September 21, 2008 @12:47PM (#25094519) Homepage

    Using this label gives this guy far too much credit.

  • by jesdynf ( 42915 ) on Sunday September 21, 2008 @02:30PM (#25095697) Homepage

    I believe this man, who has illegally spied on a member of the government, should face the full and certain penalty that those who illegal spy at the /behest/ of the government should face.

    No penalty for this unconscionable breach of privacy is too harsh or severe, no fine too large, no jail term too great. He should face them---

    Oh? Really? I guess that does change things, doesn't it.

No spitting on the Bus! Thank you, The Mgt.

Working...