Skip the navigation

Report: Tenn. legislator confirms son is at center of Palin hack chatter

Blogs, message boards link college student to e-mail address reportedly used by hacker

September 19, 2008 12:00 PM ET

Computerworld - A Tennessee state legislator has confirmed that his son, a 20-year-old student at the University of Tennessee-Knoxville, is the person being named on blogs and message boards in connection with the hacking of Alaska Gov. Sarah Palin's e-mail account, a Nashville paper reported late yesterday.

State Rep. Mike Kernell told the Tennessean that his son, David Kernell, is at the center of speculation about the identity of the hacker who gained access to Palin's account.

Kernell, a Democrat, represents District 93, which encompasses the University of Memphis and other parts of southwest Memphis. He declined additional comment to the Tennessean.

On Wednesday, someone identified only as "rubico" posted a message to 4chan.org's popular /b/ board claiming to have gained access to Palin's e-mail by using Yahoo's password reset feature. Although the post was deleted from 4chan.org, a copy was sent to conservative syndicated columnist Michelle Malkin, who published it on her blog Wednesday.

Others linked the rubico handle on 4chan.org to the e-mail address "rubico10@yahoo.com," which was in turn linked to David Kernell through Internet searches that uncovered connections between him, the username and the e-mail address on such sites as YouTube. Kernell's YouTube page has since been closed. The rubico10@yahoo.com address was marked as "temporarily locked because of security concerns" by Yahoo early today.

In a blog that Kernell began in 2003 -- and which holds only three entries -- he identified himself as "rubicox," a variation of rubico10. Kernell also used the rubicox handle on a chess site linked from his blog.

Others made more unusual connections between the hacker dubbed rubico10 and Kernell.

In the posting to 4chan.org's /b/ board, rubico10 said that after gaining access to Palin's account, "I promptly changed the password to popcorn and took a cold shower."

"Just dawned on me why he used the password 'popcorn'," said a user going by the name "akgoldrush" on the blog littlegreenfootballs.com. "Duh. Getting a little slow in my old age."

Gabriel Ramuglia, the webmaster of an Athens, Ga.-based proxy service, may be able to shed light on the identity of the hacker as early as today. On Thursday, Ramuglia said that the FBI had contacted both him and Yahoo the day before, asking for server logs to determine who had accessed Palin's account.

Ramuglia operates Ctunnel, an ad-supported proxy service targeted primarily at users in schools or businesses who want to access sites that are normally blocked by network administrators. Screenshots of several messages from Palin's account showed that the hacker had used Ramuglia's proxy service in an attempt to hide his or her tracks.

Ramuglia was in the middle of transferring about 80GB of log file data yesterday and hoped to start searching through it sometime today. "The FBI told me that they had asked for information by tomorrow [Friday] from Yahoo," Ramuglia said. "That's about the time frame I'll be able to search my logs."

He was also confident he would be able to pinpoint the person who used his proxy service to access Palin's account. "I should be able to track it down to their original ISP, and then the IP address of the person who did it," Ramuglia said. "Who did this abused my service and broke the law."

Both the FBI and Secret Service have opened investigations, but neither agency has made any public announcements of suspects or arrests.

Read more about Networking in Computerworld's Networking Topic Center.