David Kernell was sentenced to more than a year for hacking the e-mail of former VP candidate Sarah Palin in an incident that highlighted abuse of e-mail password recovery systems.
The man convicted of breaking into former Alaska Gov. Sarah Palin's
person e-mail account was sentenced Nov. 12 to serve a year and a
day in either a federal prison or a halfway house.
Twenty-three-year-old David Kernell, son of Tennessee state
representative and Democrat Mike Kernell, was convicted of hacking into
Palin's Yahoo account in 2008 during the presidential election
campaign, when Palin was running for vice president on the Republican
U.S. District Court Judge Thomas W. Phillips recommended the younger
Kernell serve his sentence at the Midway Sanction Center in Tennessee,
but the final decision will be up to the U.S. Federal Bureau of
Prisons, federal authorities said.
Kernell was found guilty April 30
a weeklong trial of one count of misdemeanor unauthorized access to
obtain information from a computer and one count of obstruction of
justice. The jury acquitted him of wire fraud, and deadlocked on an
identity theft charge.
The hack into Palin's account was cited by many as a classic example of abuse of the password recovery system
by e-mail services. According to evidence presented at trial, Kernell,
a resident of Knoxville, Tenn., accessed Palin's account by resetting
the password. He did this by after answering security questions
associated with the account. Afterwards, he posted screenshots of her
account to a 4chan message board.
The security questions on Palin's Yahoo account required the user
know Palin's birthday, zip code and where she met her husband. The
information was discovered through a combination of Wikipedia and
"I found out later through more research that they met at high
school, so I did variations of that, high, high school, eventually hit
on "Wasilla high," Kernell wrote on the 4chan message board in the
aftermath of the attack. "I promptly changed the password to 'popcorn'
and took a cold shower..."
His recounting of the event was later taken down from the site.
However, in addition to screenshots, Kernell also had posted the new
e-mail password he had created, thereby providing others with the
opportunity to access Palin's account. According to authorities, when
Kernell became aware of a possible FBI investigation into the
situation, he began to delete records and documents to impede any case
Kernell has since apologized to the Palin family for the incident,
which came at a time when Palin was battling accusations she used her
personal e-mail to conduct Alaska state business. In a note on her
Facebook page after Kernell was convicted, Palin wrote that she was
"thankful that the jury thoroughly and carefully weighed the evidence
and issued a just verdict."