You've probably heard by now that Vice Presidential candidate Sarah Palin's Yahoo account got hacked. According to Wired Magazine the story was briefly posted Wednesday to the 4chan forum where the hack first surfaced. Bloggers have connected the handle of the poster, "Rubico," to an e-mail address, and tentatively identified the owner as a college student in Tennessee. You've probably also heard that FBI agents served a federal search warrant to 20-year-old University of Tennessee student David Kernell on Sunday. David is the son of Democratic Tennessee State Representative Mike Kernell.
According to an MTV post, a Department of Justice spokesperson confirmed some "investigatory activity" in the Knoxville area related to the Palin case, but said no charges have been filed.
What I find most interesting is the ease at which the hacker got access to her account. I think most of us have forgotten a password or two and have had to click on "Forgot my password" to answer a few questions to reset it. This is exactly what the hacker did. The questions were pretty easy to research and answer on the web and, according to the hacker, it only took about 45 minutes. Here's how the hacker (referred to as Rubico) did it:
Rubico had made an attempt to hide behind a proxy service to anonymize his IP address but.... that was not enough. According to Wired he realized how vulnerable he was to being caught since he only used a single proxy service. Here's part of the message he posted Wednesday to the 4chan forum:
After Rubico posted the information on the 4chan forum, a white hat hacker tried to protect Palin by resetting the password and sending an email to Palin aide Ivy Frye. The white hat then posted a screen shot of the Frye email on the 4chan forum - that screen shot included the new password. Other 4chan readers (referred to as b/tards) jumped in and tried to access Palin's account with the frenzy causing the account to be locked for 24 hours.yes I was behind a proxy, only one, if this s*** ever got to the FBI I was f*****, I panicked, i still wanted the stuff out there but I didn’t know how to rapids*** all that stuff, so I posted the pass on /b/, and then promptly deleted everything, and unplugged my internet and just sat there in a comatose state
No comments:
Post a Comment