The ease with which Republican vice presidential candidate Sarah Palin's e-mail was hacked is striking and underscores the importance of improving privacy questions for password recovery. A person claiming responsibility for the hack posted details of what he did Wednesday on a 4chan.org message board. The handle of the poster has been linked to the 20-year-old son of Tennessee Democrat Mike Kernell.Perhaps the most unsettling thing about the hack on Republican vice presidential candidate Sarah Palin’s Yahoo e-mail account was the way it happened.
Rather than some automated tool or complex virus, Google and Wikipedia searches appear to have been the weapons used to knock down the walls guarding her e-mail.
When news of the hack first circulated Wednesday, it was reported that screenshots of Palin’s account had been passed on to Wikileaks by hackers linked to "Anonymous," a name given to the collection of anonymous posters on 4chan.org's message boards.
However, there are indications now that the attack may have originated with a single hacker identified by the handle “Rubico.” The name has since been linked to the 20-year-old son of Tennessee State Rep. Mike Kernell, a Democrat.
Wednesday, Rubico posted details of the incident on 4chan.org’s popular /b/ board, claiming he was behind the attack. His account of the event has since been removed, but can be viewed here (warning – profanity is used).
As it turns out, his methods of gaining entry were not all that complex. According to his account, he used personal information about Palin obtained through simple Web searches to get around Yahoo’s password recovery feature.
Yahoo required the user provide Palin’s birthday and zip code, which the hacker said he found through Wikipedia and Google. The final security measure required him to answer a question regarding where Palin met her spouse; another Google search turned up the answer.
"I found out later through more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high," the hacker wrote on Wednesday. “I promptly changed the password to 'popcorn' and took a cold shower..."
The incident remains under investigation by the FBI and Secret Service. In the meantime, it might be good for Yahoo to consider giving users the ability to create their own security questions, as Gmail does.
| | Reader Comments: Sarah Palin Hack an Example of Password Recovery Backfire | | >>> Post your comment now!
| | not the pointI hope that the likes of the FBI and CIA are continually trying to break into the account of government officials. At least it they break in first... Posted At: 09-27-08
By: imidge | | | | | | A user comment on this articleNothing was hacked. Her password was reset using "socially engineered" access through research.
A warning to all of us to obfuscate our answers in... Posted At: 09-26-08
By: Anonymous | | | | | | A user comment on this articleOne of my pet peeves is banking sites that practice the same methodology, canned questions, like who was your 6th grade teacher or some other... Posted At: 09-26-08
By: Anonymous | | | | | | ...and by the way...to get back to the original article! Whenever you get questions like this, you need to "alter" the answer to something very familiar. Let's say... Posted At: 09-26-08
By: Anonymous | | | | | | Get realIf Barack had this happen to him, there would have been nothing but outcry over how his privacy had been compromised by an evil source. And the... Posted At: 09-26-08
By: Brian N | | | | | | Politically motivated?Oh please, there were twice as many Republicans voted for the investigation which started before she was the VP pick. Get your facts straight.
In... Posted At: 09-22-08
By: Keith Stone | | | | | | Password recoveryDoes Yahoo password recovery not send back to another eMail account or a minimum change the password to a random sequencing that can later be... Posted At: 09-22-08
By: Groove | | | | | | >>> Post your comment now! | | | | | |
|
 |
Security Hardware & IT Security Software 
