Saturday, November 13, 2010

David Kernell, the "Sarah Palin Hacker" is Sentenced to 1 Year and 1 Month

Yesterday, November 12th, David Kernell, the former UT student was sentenced to 1 year and 1 day for 
breaking into Sarah Palin's email account by guessing the answers to her personal information and performing a password reset (to popcorn) of her Yahoo! mail account (gov.palin@yahoo.com). According to CBS News, "he had to correctly answer the question, "Where did you meet your spouse?" The correct answer was: "Wasilla High.""1


After gaining access to her account, he posted screen shots of his activity to 4chan.


Notable quotes from this and a related article...

  • "...has been sentenced to a year and a day with the judge recommending the term be served in a halfway house, not prison. "2

  • "In breaking into Palin's account, the F.B.I. said at the time that Kernell left an easy trail to follow." 3

  • Asked outside court if she thought the charges against Kernell were excessive, Palin said, "I don't know, but I do think there should be consequences for bad behavior." 4
Now, obviously, the legality of Mr. Kernell's actions aren't a subject for debate, but I would like to bring up a few interesting thoughts.

First, the prevalence of sites asking for personal information is pretty pervasive. Many sites will ask you  "What is your mother's maiden name?", "Where did you meet your spouse?" or "Who was your second grade teacher?" While the first question is pretty easy to find, people tend to overlook the plethora of information that is available on the Internet about themselves and tend to think that their favorite ice cream flavor or some other "personal" question is hard to "guess". Browsing through Tweets or Facebook posts would probaly provide the needed information for the attacker to be able to reset the target's password or at least obtain more information.

The second fact that I wanted to point out was from the audit trail left behind by Mr. Kernell posted evidence of  his exploits on 4chan's website. This seems to be typical for the "hacker" who's motivation is for the thrill of the conquest. The need for recognition points to this person committing this act for notoriety rather than financial gain or for political espionage.

Remember, "Loose lips, sink ships!" wasn't just a truism for World War II. A person shouldn't be the source of his opponent finding out information about him.


Sources:
1 http://www.cbsnews.com/stories/2010/11/12/national/main7047981.shtml
2 Ibid
3 Ibid
4 http://www.cbsnews.com/stories/2010/04/23/politics/main6425263.shtml?source=related_story

No comments:

Post a Comment