Tenn. student indicted for hacking Palin's e-mail
David Kernell, the focus of intense Web sleuthing, faces 5 years in prison if convicted
October 8, 2008 12:00 PM ETPalin e-mail hack
- Kernell pleads innocent to Palin hack charge
- IT Blogwatch: Sarah Palin's alleged email hacker pleads, "Not guilty"
- Accused Palin hacker has a history of intrusion
- Scott McPherson: Throw the book at Palin's email hacker
- Tenn. student indicted for hacking Palin's e-mail
- Yahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack
- FBI searches Tenn. student's apartment in Palin hacking case
- IT Blogwatch: Sarah Palin e-mail hacker drops anchor, arrr!
- Security researchers ponder possible Palin hacks
- Sharon Machlis: Yahoo users: Like Sarah Palin, you may be vulnerable to an e-mail hack
Computerworld - David Kernell, the Tennessee college student who came under suspicion as the hacker who broke into the e-mail account of U.S. vice presidential candidate Sarah Palin, has been indicted by a federal grand jury, the U.S. Department of Justice announced today.
Kernell, 20, was indicted Tuesday on one count of accessing a computer without authorization by a grand jury in Knoxville, Tenn., and has turned himself in to the FBI, a DOJ spokeswoman said this morning. He will be arraigned later today and is currently in processing.
If convicted, Kernell faces up to five years in prison and a fine of $250,000.
Kernell, a student at the University of Tennessee at Knoxville, was the focus early on in the investigation of the hacking of Palin's Yahoo Mail account. Although initially a loose group of activists was blamed for the break-in -- which resulted in the public posting of several messages from her account -- Internet sleuths quickly assembled clues left online by a hacker identified as "rubico," who admitted to the break-in.
On Sept. 17, rubico posted a message to a popular message board claiming to have gained access to Palin's e-mail by using Yahoo's password reset feature. Others then quickly linked the rubico handle to the e-mail address "rubico10@yahoo.com," which was in turn linked to Kernell through Internet searches that uncovered connections between him, the username and the e-mail address on such sites as YouTube.
Within days, Gabriel Ramuglia, the webmaster of Ctunnel, a proxy service used by rubico, had traced the hacker's IP address to an Illinois company that provides Internet service to the Knoxville apartment complex where Kernell lives. The FBI searched Kernell's apartment on Sept. 21.
Claims made in the three-page indictment were in line with other details of the case. According to the grand jury, Kernell hacked into the Alaska governor's "gov.palin@yahoo.com" account on or about Sept. 16 by using the Webmail service's password reset mechanism.
"Specifically, he reset the password to 'popcorn' by researching and correctly answering a series of personal security questions," the indictment read.
Rubico had bragged that it took just 45 minutes to do the online research needed to reset Palin's password, while others had remarked on the use of the "popcorn" password and its obvious link to Kernell's last name.
The three largest Web mail services, Google Inc.'s Gmail, Microsoft Corp.'s Windows Live Hotmail and Yahoo Inc.'s Mail, all rely on automated password-reset mechanisms that can be abused by anyone who knows the username associated with an account and an answer to a single security question.
The indictment alleges that Kernell took screenshots of several of Palin's messages, which he then posted on the 4chan.org site, which hosts the message board where rubico talked about the hack. Those screenshots were later published on the Wikileaks.org Web site. The indictment did not say how the images got from 4chan to Wikileaks.
"Defendant Kernell posted the reset password, thus providing the means of access to the e-mail account for others," the indicted stated, and noted that at least one other person used the reset password to access Palin's account.
Kernell also tried to hide his track by deleting and concealing files on his notebook computer, the indictment said.
Kernell is the son of Mike Kernell, a longtime Democratic state representative from Memphis.
Read more about networking and internet in Computerworld's Networking and Internet Knowledge Center.
Kernell
Additional Resources



White Papers & Webcasts
Death to PST Files
Download Now
Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!
A Green Architectural Strategy That Puts IT in the Black
Levergage green computing across your data center. Read more now.
Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.
Quantifying the Business Value of VMware View
Learn why you should invest in a centralized virtual desktop.
WAN Optimization as a Managed Service: More than Network Cost Savings
View this Webcast Now!
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
Asia-Pacific Enterprise Network Solutions
Learn through this Webcast how your business can achieve reliability, performance and value in hard-to-reach locations within the Asia-Pacific region.
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Mainsoft Webcast w/ Forrester Research: Drive SharePoint Adoption in Lotus Notes Shops
How can you drive mainstream user adoption of Microsoft SharePoint when your users rely on Lotus Notes?
Computerworld Reports
Disaster Recovery & Cost Savings Zone
Thousands of customers world-wide have turned to virtualization solutions from Riverbed as a way to reduce costs.

