Palin E-Mail Hacker Sentenced to More than a Year

David Kernell was sentenced to more than a year for hacking the e-mail of former VP candidate Sarah Palin in an incident that highlighted abuse of e-mail password recovery systems.

The man convicted of breaking into former Alaska Gov. Sarah Palin's person e-mail account was sentenced Nov. 12 to serve a year and a day in either a federal prison or a halfway house.

Twenty-three-year-old David Kernell, son of Tennessee state representative and Democrat Mike Kernell, was convicted of hacking into Palin's Yahoo account in 2008 during the presidential election campaign, when Palin was running for vice president on the Republican ticket.

U.S. District Court Judge Thomas W. Phillips recommended the younger Kernell serve his sentence at the Midway Sanction Center in Tennessee, but the final decision will be up to the U.S. Federal Bureau of Prisons, federal authorities said.

Kernell was found guilty April 30 after a weeklong trial of one count of misdemeanor unauthorized access to obtain information from a computer and one count of obstruction of justice. The jury acquitted him of wire fraud, and deadlocked on an identity theft charge.

The hack into Palin's account was cited by many as a classic example of abuse of the password recovery system used by e-mail services. According to evidence presented at trial, Kernell, a resident of Knoxville, Tenn., accessed Palin's account by resetting the password. He did this by after answering security questions associated with the account. Afterwards, he posted screenshots of her account to a 4chan message board.

The security questions on Palin's Yahoo account required the user know Palin's birthday, zip code and where she met her husband. The information was discovered through a combination of Wikipedia and Google.

"I found out later through more research that they met at high school, so I did variations of that, high, high school, eventually hit on "Wasilla high," Kernell wrote on the 4chan message board in the aftermath of the attack. "I promptly changed the password to 'popcorn' and took a cold shower..."

His recounting of the event was later taken down from the site. However, in addition to screenshots, Kernell also had posted the new e-mail password he had created, thereby providing others with the opportunity to access Palin's account. According to authorities, when Kernell became aware of a possible FBI investigation into the situation, he began to delete records and documents to impede any case against him.

Kernell has since apologized to the Palin family for the incident, which came at a time when Palin was battling accusations she used her personal e-mail to conduct Alaska state business. In a note on her Facebook page after Kernell was convicted, Palin wrote that she was "thankful that the jury thoroughly and carefully weighed the evidence and issued a just verdict."