Wednesday, September 17, 2008

Sarah Palin's Email HAX0R3D!!1!

Friggin' figures. The day I decide to take a breather from politics, somebody hacks Sarah Palin's email account. This is a big deal.

If you want an easier to understand version, try Gawker.

Here's the story so far (fairly nitty-gritty):

THE INCIDENT

WHAT WE KNOW SO FAR:

- Very recently an anonymous poster on /b/ claimed to have hacked Sarah Palin's Yahoo e-mail account.

- Sarah Palin used the e-mail address gov.sarah@yahoo.com for public communication. Several media outlets have confirmed this fact prior to this "incident".

SOURCE: http://thinkprogress.org/2008/09/10/palin-email-privilege/
SOURCE: http://www.commondreams.org/headline/2008/09/15-7

- The e-mail address that the poster hacked was gov.palin@yahoo.com. This second e-mail address, previously unknown publicly, was used for private communcations.

- Yahoo e-mail addresses, unlike .gov e-mail addresses, are not subject to archiving and oversight. This fact has led to controversy from several sources, including fellow Republicans, asking her to release e-mails from her Yahoo account.

- The anonymous poster apparently panicked, and released the password onto /b/.

- Several other posters on /b/ took screenshots of the Inbox and various e-mails.

- Some of the screenshots reference several people in Alaska state government. One of these people is Sean Parnell, Lieutenant Governor of Alaska. Parnell mentions KFQD Radio's Dan Fagan, to whom he gave an interview about Palin's ACES initiative. Lt. Gov. Parnell's e-mail address is verified via an Alaska Republican Central Committee contact listing.

SOURCE: http://gov.state.ak.us/aces/
SOURCE: http://www.alaskarepublicans.com/centralcommittee.aspx

- One of the screenshots references the Yahoo account fek9wnr, Todd Palin, Sarah's husband who is at the heart of the controversy over her use of Yahoo e-mail for public dealings. The fek9wnr account was verified as being Todd Palin via a public posting to an automotive enthusiast BBS from August 2006.

SOURCE: http://autos.groups.yahoo.com/group/centurionconversions/message/2309

- Several photographs of her family were allegedly downloaded from the e-mail account.

- A scan of profiles.yahoo.com put gov.palin@yahoo.com's profile update date at 04/05/2008, long before any VP nod was apparent. If this were a fake, the perpetrator would've had to travel into the past and create an account or be very good at guessing who the VP candidate would be 5+ months later, not to mention faking an overwhelming amount of e-mails, photographs, verified private cellphone numbers, and other information.

- A good samaritan in the /b/ thread reset the password account with the intention of handing it over to Palin, a process known on /b/ as "white knighting". This locked everyone else out of the account. The "white knight" posted a screenshot to /b/ of his pending message to one of Palin's contacts about how to recover the account, but made the critical mistake of not blanking out the new password he set.

- Several other people in the /b/ thread then apparently logged in using this new password, and they all attempted to reset the password at once, causing a security trap at Yahoo to automatically put a 24-hour lockout on the account.


THE AFTERMATH:

- Sarah Palin was likely notified of the breach by morning, as she had then deleted both the gov.sarah@yahoo.com address (the one subject to the disclosure controversy in the media) as well as the gov.palin@yahoo.com address (the one that was hacked).

- The outright deletion of the accounts can be verified by attempting to pull up the public profile on both addresses, which both existed during the incident.

SOURCE: http://profiles.yahoo.com/gov.palin
SOURCE: http://profiles.yahoo.com/gov.sarah

- Both accounts were deleted simultaneously, thus linking the publicly-known e-mail address "gov.sarah" and the private e-mail address "gov.palin".

- This outright deletion may have the potential to be viewed as destruction of evidence, considering that the e-mails in the now-deleted accounts are the subject of several legal controversies.

SOURCE: http://www.washingtonpost.com/wp-dyn/content/article/2008/09/03/AR2008090303210_pf.html

- Several ZIP, RAR, and 7Z compilations of the downloaded screenshots, contacts, and photos were made available by anonymous individuals.

- 4chan is actively (some say over-actively) banning and deleting any posts of the screenshots of Palin's account, contacts, or family photos.

- An anonymous poster to 420chan, using information from the e-mail account's contact list, attempted to call Bristol Palin's cellphone number using the AT&T phone relay service. Several others allegedly called the cellphone number itself and got Bristol's voicemail. These posts were quickly deleted by 420chan moderators.

- A poster on /b/ did a lookup on the cellphone number which returned this information:

Type: Cell Phone
Provider: Dobson Cellular Systems
Location: Palmer, AK

- An anonymous individual has uploaded some of the screenshots to a photobucket account.

SOURCE: http://s405.photobucket.com/albums/pp134/anoncrack/

- A poster in /r9k/ e-mailed the compilations to ABC News producer Eamon McNiff who he/she claims is a personal contact of his/hers.

- Someone submitted a summary to Digg. As of this writing it has only 12 diggs.

SOURCE: http://digg.com/2008_us_elections/The_Incident_Did_4Chan_Anon_Hack_Palin_s_Yahoo_Email

- As of right now the media related to the incident sits mostly confined to 4chan and rapidshare, and thus either deleted, censored or under the radar.


For all the Obamatons saying she broke the law by using a personal email account to send gov't emails, here's a pro-tip: It isn't illegal under Alaska law. There's no law that was broken, no evidence of a cover up, nothing other than personal emails and draft documents that would be perfectly discoverable on the receiving end.

The idiots who did this are the ones who committed a crime - they violated federal law - the Computer Fraud and Abuse Act, 18 U.S.C. § 1030. That means that the Secret Service has jurisdiction here. That means prison time on conviction. That means that these morons are going to be in a world of hurt. Messing with Scientology is one thing. Invasion of privacy and CFAA charges are another.

Apparently, Bristol Palin keeps getting phone calls, too. Will watch with much interest.

UPDATE: Looks like WikiLeaks has a ton of corroborating evidence (if you can get it to load).

UPDATE II: Drudge, Foxnews, and CNN have it on thier sites.

McCain Camp responds:

"This is a shocking invasion of the Governor's privacy and a violation of law," campaign manager Rick Davis said in a statement. "The matter has been turned over to the appropriate authorities and we hope that anyone in possession of these emails will destroy them. We will have no further comment."

5 comments:

JTapp said...

A lot of the sites above are either crashed or were taken offline. I don't know if there's been a comparable celebrity to Sarah Palin in the history of America. And that's all she is right now-- a celebrity.

JTapp said...

And our whole country is a bunch of voyeurs.

JTapp said...

None of this was on the evening news, including NewsHour, tonight.

Greatmoose said...

CNN and Fox both have it, and the McCain campaign has issued a statement (sort of). This is going to be interesting.

Chus said...

This is what I think: Sarah Palin's E-Mail Hacked