This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American
On supporting science journalism
If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
Details (as well as plenty of rumor and speculation) continue to emerge about how messages and images from Republican vice presidential nominee Sarah Palin's Yahoo! e-mail account were made public earlier this week. The FBI and U.S. Secret Service are investigating the incident, but several news outlets and blogs report the attack was a multi-step process made possible by weaknesses in the password reset feature (found on many Web sites—not just Yahoo!) as well as proxy servers that allow people to cover their tracks as they navigate the Web.
The hackers may have exploited the password resetting system of Yahoo's e-mail service using details about Palin's life—her birth date and zip code, for example—pulled from sources freely available on the Web, BBC News reported today.
A story by ComputerWorld's Gregg Keizer provided a bit more detail, reporting that on Wednesday, someone identified only as "rubico" claimed on the 4chan.org message board to have gained access to Palin's e-mail by using Yahoo's password reset feature. Keizer also reports that the FBI has contacted the operator of the Ctunnel proxy service (which serves primarily students or workers who want to access sites that are normally blocked by their network administrators), because the person (or persons) who accessed Palin's e-mail account did so through Ctunnel (a move intended to keep law enforcement from tracking illegal activity back to the culprit's IP address).
Perhaps the best blow-by-blow description of what may have happened is provided on the blog of conservative syndicated columnist Michelle Malkin by one of her readers.
In a case of self-scrutiny, bloggers and other Web users searching for the culprit have linked the handle "rubico" to the 20-year-old son of Tennessee Democratic State Rep. Mike Kernell. The Tennessean Thursday reported that Mike Kernell confirmed that his son, David, a University of Tennessee-Knoxville student, is at the center of an Internet discussion into the hacking of the personal e-mail of vice presidential candidate Sarah Palin. The article, however, does not say—despite reports on several Web sites, including here—that David Kernell admitted to hacking Palin's e-mail or that Mike Kernell named his son as the culprit.
(Image courtesy of iStockphoto; Copyright: Alex Slobodkin)