From vnunet.com 09/10/08:
The 20 year-old son of Democratic state legislator Mike Kernell has been indicted for hacking into the email account of Republican vice-presidential candidate Sarah Palin.
David Kernell was arrested after an FBI investigation into the incident in which the password of Palin's Yahoo account was changed and details of her emails posted online by an individual known as 'rubico'.
If found guilty, Kernell could face five years in prison and a fine of $250,000 (£145,000).
"Cyber-crime is the FBI's top criminal investigative priority," said Richard Lambert, special agent in charge, FBI Knoxville Field Division.
Kernell was released from court without bail but is banned from owning a computer and can only use the internet to check email and complete his class work.
This story has been well documented all over the net in the last few weeks and triggered a lot of debate about certain issues. First and foremost, of course, is the quite why someone like Sarah Palin was using Yahoo Mail in the first place, particularly for work purposes. Poor Sarah has taken a lot of flack recently and I guess the whole troopergate saga has left her with more pressing worries right now.
On last week’s edition of the TWiT podcast, the security measures that Yahoo Mail have in place for forgotten password retrieval were debated with the consensus of opinion being that the current system was sorely inadequate. I couldn't agree more. The method used by many other webmail providers requires, inter alia, a secondary email address to be registered when creating the account, allowing a forgotten password to be sent there. Yahoo use a different system whereby to reset the password, the 'user' needs to correctly answer 3 questions, the 'secret' answers to which were originally provided when creating the account. And the not-so-secret questions were: the account holder's Date of Birth, Zip Code and, a touch more tricky, ‘Where did you meet your spouse?’
That fact of the matter is that most high school kids with an ounce of intelligence and an internet connection could have done this; the email address was well known, as were the answers to the security questions to reset Palin’s password. Well, it took Kernell under an hour to gather all of the information from Wikipedia, Google and the US postal service website. In fact, it’s perhaps surprising why it wasn’t ‘hacked’ before.
No comments:
Post a Comment