Tenn. student indicted for hacking Palin's e-mail
David Kernell, the focus of intense Web sleuthing, faces 5 years in prison if convicted
Computerworld - David Kernell, the Tennessee college student who came under suspicion as the hacker who broke into the e-mail account of U.S. vice presidential candidate Sarah Palin, has been indicted by a federal grand jury, the U.S. Department of Justice announced today.
Kernell, 20, was indicted Tuesday on one count of accessing a computer without authorization by a grand jury in Knoxville, Tenn., and has turned himself in to the FBI, a DOJ spokeswoman said this morning. He will be arraigned later today and is currently in processing.
If convicted, Kernell faces up to five years in prison and a fine of $250,000.
Kernell, a student at the University of Tennessee at Knoxville, was the focus early on in the investigation of the hacking of Palin's Yahoo Mail account. Although initially a loose group of activists was blamed for the break-in -- which resulted in the public posting of several messages from her account -- Internet sleuths quickly assembled clues left online by a hacker identified as "rubico," who admitted to the break-in.
On Sept. 17, rubico posted a message to a popular message board claiming to have gained access to Palin's e-mail by using Yahoo's password reset feature. Others then quickly linked the rubico handle to the e-mail address "firstname.lastname@example.org," which was in turn linked to Kernell through Internet searches that uncovered connections between him, the username and the e-mail address on such sites as YouTube.
Within days, Gabriel Ramuglia, the webmaster of Ctunnel, a proxy service used by rubico, had traced the hacker's IP address to an Illinois company that provides Internet service to the Knoxville apartment complex where Kernell lives. The FBI searched Kernell's apartment on Sept. 21.
Claims made in the three-page indictment were in line with other details of the case. According to the grand jury, Kernell hacked into the Alaska governor's "email@example.com" account on or about Sept. 16 by using the Webmail service's password reset mechanism.
"Specifically, he reset the password to 'popcorn' by researching and correctly answering a series of personal security questions," the indictment read.
Rubico had bragged that it took just 45 minutes to do the online research needed to reset Palin's password, while others had remarked on the use of the "popcorn" password and its obvious link to Kernell's last name.
The three largest Web mail services, Google Inc.'s Gmail, Microsoft Corp.'s Windows Live Hotmail and Yahoo Inc.'s Mail, all rely on automated password-reset mechanisms that can be abused by anyone who knows the username associated with an account and an answer to a single security question.
The indictment alleges that Kernell took screenshots of several of Palin's messages, which he then posted on the 4chan.org site, which hosts the message board where rubico talked about the hack. Those screenshots were later published on the Wikileaks.org Web site. The indictment did not say how the images got from 4chan to Wikileaks.
"Defendant Kernell posted the reset password, thus providing the means of access to the e-mail account for others," the indicted stated, and noted that at least one other person used the reset password to access Palin's account.
Kernell also tried to hide his track by deleting and concealing files on his notebook computer, the indictment said.
Kernell is the son of Mike Kernell, a longtime Democratic state representative from Memphis.
Palin e-mail hack
- Kernell pleads innocent to Palin hack charge
- IT Blogwatch: Sarah Palin's alleged email hacker pleads, "Not guilty"
- Accused Palin hacker has a history of intrusion
- Scott McPherson: Throw the book at Palin's email hacker
- Tenn. student indicted for hacking Palin's e-mail
- Yahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack
- FBI searches Tenn. student's apartment in Palin hacking case
- IT Blogwatch: Sarah Palin e-mail hacker drops anchor, arrr!
- Security researchers ponder possible Palin hacks
- Sharon Machlis: Yahoo users: Like Sarah Palin, you may be vulnerable to an e-mail hack
Read more about Networking in Computerworld's Networking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts