Tenn. student indicted for hacking Palin's e-mail
David Kernell, the focus of intense Web sleuthing, faces 5 years in prison if convicted
Computerworld - David Kernell, the Tennessee college student who came under suspicion as the hacker who broke into the e-mail account of U.S. vice presidential candidate Sarah Palin, has been indicted by a federal grand jury, the U.S. Department of Justice announced today.
Kernell, 20, was indicted Tuesday on one count of accessing a computer without authorization by a grand jury in Knoxville, Tenn., and has turned himself in to the FBI, a DOJ spokeswoman said this morning. He will be arraigned later today and is currently in processing.
If convicted, Kernell faces up to five years in prison and a fine of $250,000.
Kernell, a student at the University of Tennessee at Knoxville, was the focus early on in the investigation of the hacking of Palin's Yahoo Mail account. Although initially a loose group of activists was blamed for the break-in -- which resulted in the public posting of several messages from her account -- Internet sleuths quickly assembled clues left online by a hacker identified as "rubico," who admitted to the break-in.
On Sept. 17, rubico posted a message to a popular message board claiming to have gained access to Palin's e-mail by using Yahoo's password reset feature. Others then quickly linked the rubico handle to the e-mail address "firstname.lastname@example.org," which was in turn linked to Kernell through Internet searches that uncovered connections between him, the username and the e-mail address on such sites as YouTube.
Within days, Gabriel Ramuglia, the webmaster of Ctunnel, a proxy service used by rubico, had traced the hacker's IP address to an Illinois company that provides Internet service to the Knoxville apartment complex where Kernell lives. The FBI searched Kernell's apartment on Sept. 21.
Claims made in the three-page indictment were in line with other details of the case. According to the grand jury, Kernell hacked into the Alaska governor's "email@example.com" account on or about Sept. 16 by using the Webmail service's password reset mechanism.
"Specifically, he reset the password to 'popcorn' by researching and correctly answering a series of personal security questions," the indictment read.
Rubico had bragged that it took just 45 minutes to do the online research needed to reset Palin's password, while others had remarked on the use of the "popcorn" password and its obvious link to Kernell's last name.
The three largest Web mail services, Google Inc.'s Gmail, Microsoft Corp.'s Windows Live Hotmail and Yahoo Inc.'s Mail, all rely on automated password-reset mechanisms that can be abused by anyone who knows the username associated with an account and an answer to a single security question.
The indictment alleges that Kernell took screenshots of several of Palin's messages, which he then posted on the 4chan.org site, which hosts the message board where rubico talked about the hack. Those screenshots were later published on the Wikileaks.org Web site. The indictment did not say how the images got from 4chan to Wikileaks.
"Defendant Kernell posted the reset password, thus providing the means of access to the e-mail account for others," the indicted stated, and noted that at least one other person used the reset password to access Palin's account.
Kernell also tried to hide his track by deleting and concealing files on his notebook computer, the indictment said.
Kernell is the son of Mike Kernell, a longtime Democratic state representative from Memphis.
Palin e-mail hack
- Kernell pleads innocent to Palin hack charge
- IT Blogwatch: Sarah Palin's alleged email hacker pleads, "Not guilty"
- Accused Palin hacker has a history of intrusion
- Scott McPherson: Throw the book at Palin's email hacker
- Tenn. student indicted for hacking Palin's e-mail
- Yahoo, Hotmail, Gmail all vulnerable to Palin-style password-reset hack
- FBI searches Tenn. student's apartment in Palin hacking case
- IT Blogwatch: Sarah Palin e-mail hacker drops anchor, arrr!
- Security researchers ponder possible Palin hacks
- Sharon Machlis: Yahoo users: Like Sarah Palin, you may be vulnerable to an e-mail hack
Read more about Networking in Computerworld's Networking Topic Center.
- Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions IT security decision-makers from companies with 100 to 5,000 employees evaluates the current endpoint security solution market based on Forrester's own market data,...
- Case Study: Intuit Turns to Self-Service IT Intuit empowered its users to resolve their own IT issues with a consumer-like experience to free IT to focus on more strategic initiatives....
- Automation for a Better Tomorrow Check out the five most common annoyances facing enterprise IT service desks today, and how automation can resolve all of them. Download the...
- Beyond the Enterprise App Store Leverage proactive, secure and automated IT Service delivery to move beyond the traditional App Store and empower your users. Read the white paper...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!