Home > Security > Cybercrime and Hacking

Computerworld - The webmaster of a proxy service called Ctunnel.com, which may have been used by a hacker to illegally access the e-mail account of Republican vice presidential candidate Sarah Palin, is working with law enforcement authorities to track down the person behind the break-in.

Gabriel Ramuglia, the Athens, Ga.-based webmaster of Ctunnel, said today that URLs in screenshots of Palin's e-mail -- photos were posted online yesterday on 4chan.org and other sites -- suggested that whoever accessed her Yahoo Mail account had used his proxy service.

Ramuglia said in an interview that he was contacted by FBI officials last night and asked to retain computer logs of the past few days' activity on his service and to make sure nothing is deleted. Ramuglia, who normally stores only a week's worth of log data, said he would not have deleted anything anyway because of the illegal nature of what had happened.

Ramuglia is now in the process of importing more than 80GB worth of log data into a database for analysis. He said he's reasonably confident that he can help authorities sift through the logs and trace access back to the originating IP address -- especially because the self-professed hacker has admitted using just one proxy service to access Palin's account.

The alleged hacker said in an online posting that he gained access by simply resetting the password to the Alaska governor's Yahoo e-mail account using its password-recovery service. That's according to a description of events posted on a blog site run by conservative syndicated columnist Michelle Malkin.

The first-person account was originally posted on 4chan.org by a poster identified only as "Rubico." That post, along with a related thread, was later deleted from that site -- but not before a reader of Malkin's blog apparently snagged a copy of it and sent it along to Malkin. Rubico's claims could not be verified, and security analysts have been skeptical of the claims.

According to the Malkin blog reader, 4chan.org hosts multiple boards, each of which is dedicated to specific subjects. The individual who first broke into Palin's e-mail account apparently belonged to a group called "/b/," which the reader described as the "most notorious" of the boards on 4chan.org. "'/b/tards,' as its denizens are called, are interested only in their own amusement," the reader claimed.

Rubico allegedly became interested in Palin's e-mail after reading media reports of her using a Yahoo Mail account. He decided to try to access it by resetting her password. "It took seriously 45 minutes on Wikipedia and Google to find the info [needed]," Rubico claimed. "Birthday? 15 seconds on Wikipedia. ZIP code? Well, she had always been from Wasilla, [Alaska], and it only has two ZIP codes (thanks, online postal service!)."

Rubico said it was harder to find the answer to one of the other questions needed for a password recovery: Where had Palin met her husband? After some digging, Rubico determined that the couple first met at Wasilla High School.

He said he used the information to reset Palin's password and go through her e-mail to see for anything incriminating that might "derail her campaign."

It was only after finding nothing that the hacker realized how easily he could be caught, since he had used only one proxy to access the account. So he decided to make access to it available to others on the /b/ board by posting Palin's recently reset password. Rubico claimed that he "then promptly deleted everything and unplugged my Internet and just sat there in a comatose state."

However, one of the other members of the bulletin board whom Rubico described as a "White knight f...," saw the thread and used the new password to go back into Palin's account and reset it. That person then sent an e-mail to a "friend of Palin's" informing her of the new password and what had happened, Rubico claimed.

Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.