Kid in Palin hack fuss gets a digital hit-and-run
The still-hazy story of the hacker who broke into Sarah Palin’s e-mail account is an excellent case study in the powers and perils of digital communities and why it can be hard to tell them apart. I for one got caught up in the whirl of hype and slippery half-truths that surrounded this story, so I’m counting it as a teachable moment.
Much of what we know — or think we know — about this story comes to us from its only primary source: a semi-anonymous written confession the hacker may have posted on an underground Web bulletin board. I say “may” because the note is long gone. 4chan.org, the hormonal birthplace of Web pranks designed to get a rise out normal Web folks, conveniently drops all discussion threads older than a few minutes.
But in the case of the Palin-hacking confession, someone appears to have rescued it before it was pushed off the plank. An anonymous source forwarded the message to conservative blogger Michelle Malkin, who posted it for all the blogosphere to see. Among the most intriguing parts of the message was the writer’s explanation of how he unlocked the Alaska governor’s account by using the “password recover” feature — which allows users who have lost their password to create a new one if they can answer a few “security questions”:
“It took seriously 45 mins on wikipedia and google to find the info,” read the statement. “Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes.
“The second was somewhat harder, the question was ‘where did you meet your spouse?’” wrote the culprit. “I found out later though [sic] more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower ... ”
And just like that, the world discovers that a vice presidential nominee’s standards for data security are no more canny than hiding a key under a doormat. (Moreover, anyone who’s created much of a biographical footprint online ought to realize that they’re not much safer.)
But it appears that Palin’s lack of security awareness was equaled by that of the supposed hacker, who left an e-mail address on his mea culpa that crafty bloggers quickly connected to various social networking profiles of a University of Tennessee student named David Kernell — who also happened to be the son of a Tennessee Democratic legislator. Web sleuths built a profile of Kernell based on online clues — a 20-year-old avid chess player, and self-described “Obamacrat.”
Well, with a name, a political affiliation, and a connection to a Democratic politican, conservative bloggers had enough fuel to light their torches and begin a trial by firelight. It wasn’t long before the conviction was handed down in headlines: “FATHER OF HACKER Is Tennessee Dem State Rep!!!!!” screamed a blog post at Gateway Pundit. “Student claims responsibility for Palin e-mail hack,” declared a British technology magazine called PC Pro, which seemed to think the Kernell had himself admitted guilt. Even the New York Post got in on the action when it concluded, “Dem Pol’s son was ‘hacker.’”
“Your name is Mudd,” wrote the Ace of Spades HQ blog. “And every derogatory tip I get about your background, I will publish.” He finished with a request for anyone who’d been in a relationship with Kernell to contact him.
Personally, I was more than a little irked that a few connected dots arising from an unverifiable confession e-mail had been enough not only to convict Kernell in the court of blogger opinion, but to instantly begin handing down his sentence -- all before the FBI or Department of Justice had named a suspect (they still haven’t).
“Can someone please arrest the blogosphere and put them all away?” I wrote on the Web Scout blog. “Don’t worry about gathering evidence or building a case, just lock them up and throw away the key — they’d do the same to you.”
“There’s not one verifiable truth in this story,” I added hot-bloodedly.
Since then (cough), information has emerged that connects activity on 4chan and Yahoo.com (Palin’s e-mail site) to an Internet service provider that supplies a Knoxville residential complex where Kernell lives. Federal investigators reportedly served a warrant on the complex on Sunday, though the DOJ would not confirm their involvement in the search when I called them, saying only that “investigatory activity took place in Knoxville” that was related to the hacking complaint.
With a few days of retrospect, I’ve decided to back away some from my original stance. Not because I was wrong for defending the kid, per se, but because I see now that I was lumping together two independent phenomena of the social Web: On one side, you had bloggers in a reasonable collaborative search to follow up on clues and attempt to identify the hacker. That’s journalism, and even if major questions remain (e.g. was it Kernell who actually wrote the confession?), there can be nothing wrong with trying to find the truth. One of the great features of the Web is its ability to tap into group intelligence —the wisdom of the crowd — in order to solve problems that individuals couldn’t. And now that people can help solve crimes with nothing more than a keyboard and some common sense, this kind of open source forensics may actually be a boon to law enforcement.
But look at a few of the angry threats and accusatory headlines and you get the sense that as wise as the crowd may sometimes be, it’s still only a couple of pitchforks away from a mob. The unfettered collectivism that allows Web denizens to quickly gather the clues and information can be intoxicatingly effective. But being intoxicated is not so great when it comes to the slow, painstaking business of piecing reality together. Jumping to conclusions can satisfy a lot faster.
In the case of the Palin hacker, we saw the intelligent lynch mob in action. It’s worth taking note that this many-headed entity appears to be officially charged with solving mysteries on the Web now. Truth may emerge, but so can character assasination. Telling the difference between the two, well, that’s the challenge.
| Bookmark it: |
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c630a53ef010534d0827a970c
Listed below are links to weblogs that reference Kid in Palin hack fuss gets a digital hit-and-run:
Well, it takes a lot to admit when you are wrong. I give you credit for coming forward and saying this. Still, it doesn't excuse the massive underplaying of this story by the liberal media. If this was reverse, a liberal politician being hacked by a conservative or libertarian, the media would be up in arms: We'd get daily wall-to-wall coverage of every tiny little detail on the front page of the LA Times and other publications. As it is, the hacking was done by a liberal against a libertarian-conservative Sarah Palin. So, we're stuck with Blog reports from the LA Times, and short blurbs relegated to page A23.
Eric Dondero, Publisher
Libertarian Republican
(The Very First Political Blog to break this Story!)
Posted by: Eric Dondero | September 23, 2008 at 04:32 PM
"Telling the difference between [truth and character assasination], well, that’s the challenge."
Maybe this will help you tell the difference. The following is an example of character assasination "And just like that, the world discovers that a vice presidential nominee’s standards for data security are no more canny than hiding a key under a doormat."
There is no reason to blame Gov. Palin for Yahoo's method of securing email passwords. It adds nothing to your article except a chance for you to take a cheap shot at her.
Posted by: Dave | September 23, 2008 at 04:44 PM
First of all, the title you gave this irks me! A college student is not a 'kid"! He is old enough to vote, go to war, get married, drive--all the privileges of adulthood. I wonder why you decided to try to slant the article to make people think what he was a child doing a harmless prank? What he did is a criminal act and I am positive he knew that. He is almost certain to have computer labs where there are University paid employees supervising and if not, he could read, presumably, being a college student. The cybercrime laws have been around for some time. And of course the US Constitution and the Amendments to it, to not be subjected to unreasonable searches and seizures of private 'effects' is even longer in use.
Could a college student be so stupid as to think hacking into breaking into the private email of a GOVERNOR is no big deal? I do not think so. It is a very big deal and he should be punished as an adult for cybercrime and violation of Civil liberties of Gov Sarah Palin, and for exposing the state of Alaska's business to other thieves and hackers by making her password known. He's a jerk, not a 'kid'. Get a life!
/s/ gloria poole,
Posted by: Gloria Poole | September 23, 2008 at 04:48 PM
@Dave: Curious, why do you think pointing out that Palin was unconcerned with email security is a cheap shot or an example of character assassination? It's not like she's some lady in the supermarket -- she's a vice presidential candidate whose strengths and weaknesses don't just deserve--they demand to be scrutinized.
Part of this whole webocracy trend is that everyone is so quick to attribute any criticism to political bias. But I can assure you that if any of the four ticket-topping candidates used their high school as the answer to a security question, they would get the same treatment from me and probably a lot of other people. What would a democracy look like where the citizens didn't looks closely at their potential leaders? Not like a democracy, I can assure you.
Posted by: David Sarno | September 23, 2008 at 04:49 PM
Most people don't have a clue how easy it is to "hack" your way into a Gmail, Hotmail, or Yahoo account. At my company, if you enter your password wrong 5 times, your account is locked and you have to call IT to get it unlocked. There's no automated password reset process either - you call IT and have it reset. That's real security, not some "what's your dog's name?" BS.
This is why companies or orgranizations with a clue forbid using these accounts for anything that qualifies as official business. It's just too easy for a determined individual to bust in, particularly when the target is a public figure with lots of personal information freely available online.
One more time: these accounts have N-O S-E-C-U-R-I-T-Y. Zero, zip, nada, none. You use them to sign up for stuff on websites so you don't get spam at your primary address, not for anything imporant. Only a complete idiot uses a Yahoo account for anything confidential.
Posted by: Realist | September 23, 2008 at 04:50 PM
Let's set the record straight.
This kid is no hacker. No hack was required to break into the account.
And from the blog:
And just like that, the world discovers that a vice presidential nominee’s standards for data security are no more canny than hiding a key under a doormat. (Moreover, anyone who’s created much of a biographical footprint online ought to realize that they’re not much safer.)
Palin did not choose the method of security. It is a free PERSONAL Yahoo email account. Security is that of which would be expected for any free email service. Also, she did not conduct official business using this email service! The criticism is unfounded; the world found out Palin uses Yahoo like millions of others.
So in all reality, some stupid kid was caught accessing personal email that was not his.
Nothing to see here. Lets focus on more important issues in the world please.
Posted by: Matt | September 23, 2008 at 04:50 PM
Let me try to understand this article. My front door is locked, the lock on the front door comes from a very good company who has been in business for a long time. Many of my neighbors who are employed by the same govermental agency as myself have the same lock. They are very happy with their locks as am I. Someone decides they want to render my lock useless and break into my home. It takes 45 minutes for this determined person to break my lock and enter my home. According to this article I am at fault for not anticipating this persons determination and lock savvy. It's dirty politics plain and simple, Chicago Style
Posted by: County Boy | September 23, 2008 at 04:54 PM
Why have a "Preview Comment" button AND a "Submit Comment" button that both link to the same thing? There's no point to having a preview button that doesn't let you preview before submitting.
Posted by: Realist | September 23, 2008 at 04:54 PM
It's only a "fuss" when it's Palin, it would be an all out racial conspiracy if it were Obama.
The libs are bigger hypocrits than any old "church lady".
Posted by: Kara | September 23, 2008 at 04:54 PM
Oddly enough, no one on this comments sheet seems to have noted the fact that Ms. Palin and others may have been using a Yahoo account outside of the official governmental email accounts in, perhaps, an attempt to do an end-run around the requirements to keep all correspondence as a public record and available for public perusal. Ordinarily, her correspondence is a public record that this young man would have been legally able to look at. Just because she kept some of her governmental business in a Yahoo account doesn't all of a sudden make it a private communication. Remember, she did use the letters "gov" in her email address, which implies that this is a governmental email address, not a private individual one. And no, I don't think he should have hacked it from a legal standpoint, but he has certainly done everyone quite a service by pointing out how easy it is to do and how people should be more careful, whether they are governors or average citizens. And calling it a cheap shot that the original poster commented on her not appropriately guarding her email account, frankly this shows a lack of judgement on her part to have not been more proactive in considering that someone might, in fact, want access to her email and to have guarded it better.
Posted by: Alice | September 23, 2008 at 05:02 PM
Eric Dondero Above said: "If this was reverse, a liberal politician being hacked by a conservative or libertarian, the media would be up in arms..."
Yeah, like when the registered Republican Tharin Gartrell plotted to kill Obama in Denver, right? Oh wait, that's right, they ended up not even charging tharin or his accomplices with that.
Well , I gues you are sorta right, Palin must feel so bad being so violently hacked. I guess what you are saying is that it really is much worse than being assassinated.
You are an idiot Eric.
Here's a link so you can try to enlighten yourself, moron.
http://en.wikipedia.org/wiki/Nathan_Johnson
Posted by: repubodent | September 23, 2008 at 05:19 PM
This article was very good except for the cheap shot about the key under the doormat.
Public figures are entitled to personal lives as well, and public figures are NOT supposed to be using government resources for personal purposes. This means if she wants private email, she HAS to use a private email provider. The only choice then becomes which public provider to use, each of which would be equally easy to spoof in this manner. She had no control over Yahoo!'s password security scheme, and even if she did, she still wouldn't deserve the constant lambasting she's receiving on left wing blogs, who would be having hypocrotical field day if she'd been found to be using government email for personal use.
It's sickening, and it smacks of blaming rape victims for wearing outfits that "were asking for it".
Posted by: Captain Obvious | September 23, 2008 at 05:20 PM
Clearly the liberal media is out of touch with reality.
"Personally, I was more than a little irked that a few connected dots arising from an unverifiable confession e-mail had been enough not only to convict Kernell in the court of blogger opinion, but to instantly begin handing down his sentence -- all before the FBI or Department of Justice had named a suspect (they still haven’t)."
Really, and where is your outrage when a political candidate's account was hacked.
Posted by: GS | September 23, 2008 at 05:21 PM
Alice
If you'd bothered to read the linked material the "hacker" admitted that there was no such government business to be found in her personal account... he explicitly stated this because it was the reason for which he invaded the account in the first place.
But since when is such a suspicion enough reason for vigilante justice? If I suspect you of stuffing your mattress with cash that you haven't reported to the IRS, does this give me a right to rob your home because it's "less secure" than a bank?
Posted by: Captain Obvious | September 23, 2008 at 05:26 PM
Hitting "forgot your password?" and entering a publicly available birthday or maiden name isn't really hacking...
Posted by: Sketchee | September 23, 2008 at 05:28 PM
Also, this supposedly "underground" forum is one of the most popular forums in the US and on the internet...
Posted by: Sketchee | September 23, 2008 at 05:31 PM
He needs to get at least one year in jail.
Posted by: bfreeman | September 23, 2008 at 05:38 PM
This person is not some underaged teenager! He is an "adult"!
Sarah Palin is like any other person with a personal e mail account with varying degrees of security provided by the internet provider.
It is one thing to break into and "peek". But a whole different thing to maliciously spread her e mail notes and private family photos for the whole world to view when you couldn't find any "dirt" on her.
Where is the outrage by Barack and the local Democratic party on this invasion of privacy???
No, it is not just an "invasion of privacy issue". It is a low down below the belt way of taking down not only Sarah Palin but also members of her family!!!
Why is this coward of an "adult" trying to hide behind an attorney when the "electronic" tracks and fingerprints lead directly to his computer and e mail account? Why can't he face the music (justice)???
No, this is not a kid that is stupid with nothing to do except partying with friends and trying to run from the FBI. This is an adult with some serious ethical and moral issues that his parents failed to teach him when he was a "kid".
It is hoped that an example will be made of him with some serious legal consequences for his future career.
Also, what about the other websites on the internet that for whatever nefarious reasons decided to keep the posting on the internet and the news organizations that refused to cooperate with the FBI??? Are not they a party to the serious decline of ethics and morality that is facing this nation in all area of life---politics, education, religious life, corporate life, at the work place, and even in the news department??? Where are the authorities in charge of the participating websites????
We have come to a low level in our nation where nothing is sacred or off limits anymore. My God have mercy on this nation and on our people!
Posted by: ernestt | September 23, 2008 at 05:49 PM
The hacker should be sent to prison.
Posted by: joe | September 23, 2008 at 06:11 PM
"There is no reason to blame Gov. Palin for Yahoo's method of securing email passwords. It adds nothing to your article except a chance for you to take a cheap shot at her."
BS It's good to know that someone like Sarah Palin who wants to be connected to the highest office in the nation is a sloppy clutz when it comes to security. Anyone in the know, would not fill in the fields with easy to guess security questions. Yahoo as well as other sites like Google warn about this. Only a republican Palin supporter would have written something so stupid as to say it's only a cheap shot.
As for what the original poster said, he/she is right about hanging someone out to dry so easily. Sure people will say that it is so obvious that it is him, but it's sloppy investigative work when the articles don't even bother to admit they are only 90% sure. They just go full and out and say they have their man. For all they know a smart hacker picked an email address at random to throw people off and help frame someone else. Criminals do that sort of thing all the time. Make it look like someone else.
OR maybe that guys computer and posting accounts were being used by his friend or a cousin, or girl friend. Far fetched? Maybe, but guess what? In the past, things just like that have already happened and will continue to happen. That's why you should always at least say you are only 90% sure. Otherwise you loose credibility. This very fact is why some of those assumptive articles were sloppy and stupid and THAT's exactly what's wrong with todays media.
Posted by: sandstars | September 23, 2008 at 06:21 PM
what about the IP address traced to this kid? quit acting like it's just speculation on the internet only that lead the fbi to this kid, because it isn't. and yeah, where was your outrage over palin's privacy. i am going to laugh a whole lot in november when this has all backfired in your faces.
Posted by: natnat | September 23, 2008 at 06:25 PM
It is amazing that the the entire focus of this media is everything except the key event.
The college age son of a Democrat State Representative invaded the privacy of a Republican VP candidate.
If the parties involved were reversed you can bet the media would not be asking if Biden used his private email for government business. It would be all about intrusion of privacy, what did the RNC know, what did McCain and Bush know, and how deep does this conspiricy go.
Posted by: Standing here beside myself | September 23, 2008 at 06:34 PM
Hackers who steal other people's identity, copy their emails and post the personal passwords, photos and other information online to harass their victims are slimeballs. I'm apalled that just because this young man comes from a prominent family of democrats and is a supporter of Obama, there are people who will make excuses for his hacking and will and defend his execrable and possibly felonious behavior.
Posted by: Jim Bob | September 23, 2008 at 07:19 PM
Why can't Sarah Palin have a personal email account with low security? I do. I use it for informal communications to friends. If someone hacked my account, I would be slightly frustrated but I'm not willing to spend $$$ or a lot of time devising security questions that I would have to remember just to prevent someone from hacking my account. My guess is that Sarah Palin probably was thinking the same thing. Trying to compare her choice of email provider to her ability to lead is just silly. I bet she even leaves her bicycle on the front porch some times too. Obviously, she's not to be trusted, right?
Posted by: Jon | September 23, 2008 at 08:04 PM
Question: If the hacker's father was not a big wheel in the Democrat party, would this have been handled much differently? I personally believe so. It stinks to high heaven, and reminds me a certain politician having gotten off the hook when while drunk, he left the scene of the accident and made no attempt to help or rescue the woman that drowned and died inside the vehicle. It appeared the following day he had a bad case of memory loss. Political connections and money just seems to prevent the guilty person having to answer for the crime committed, and that also appears being predominant in the Democrat party.
Posted by: Richard | September 23, 2008 at 08:19 PM