Government // Cybersecurity
News
9/17/2008
04:56 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Sarah Palin's Yahoo Mail Account Hacked

The summary lists five screenshots of Palin's Yahoo Mail account, three text files with contact information and related data culled from the account, and two photos of Palin's family.

Republican Vice Presidential candidate Sarah Palin's Yahoo Mail account has been hacked and selected information from the account has been posted on Wikileaks, an online repository for documents.

The summary posted on Wikileaks reads thus: "Circa midnight Tuesday the 16th of September (EST) activists loosely affiliated with the group 'anonymous' gained access to U.S. Republican Party Vice-presidential candidate Sarah Palin's Yahoo e-mail account gov.palin@yahoo.com and passed information to Wikileaks. Governor Palin has come under criticism for using private e-mail accounts to conduct government business and in the process avoid transparency laws."

The summary lists five screenshots of Palin's Yahoo Mail account, three text files with contact information and related data culled from the account, and two photos of Palin's family.

It concludes, "The list of correspondence, together with the account name, appears to re-enforce the criticism. Wikileaks may release additional emails should they be of political substance."

A spokesperson at the McCain Palin Campaign press office said the reported breach was still being looked into and that campaign officials didn't have any immediate comment.

Brian Hale, a spokesperson for the FBI in Washington, said that he could confirm the FBI was aware of the alleged hack but couldn't comment further.

Yahoo did not immediately respond to a request for comment.

"Anonymous" is a name that has been used by an online group opposed to the Church of Scientology. The name has also reportedly been employed by Internet griefers. Based on the information provided on the Wikileaks site, there is no way to determine whether those who hacked Governor Palin's account are affiliated with others using the name "Anonymous."

One of the posted screenshots is an e-mail to Palin aide Ivy Frye. It says: "Dear Ivy, You don't know me, but I am part of an Internet group. We call ourselves anonymous. This e-mail was hacked by anonymous, but I took no part in that. I simply got the password back and changed it so no further damage could be done."

The e-mail concludes by asking Frye to contact Palin and inform her of the new password, which (hopefully) has been changed again.

Adam O'Donnell, director of emerging technologies at Cloudmark, said that the hackers might have compromised Palin's account in a variety of ways. He said they could have reset her password if they could answer the challenge questions. Or, he said, they could have used brute force password cracking software or a Web-based password cracking service. He also suggested that Palin's laptop or desktop computer could have been compromised or that she could have fallen victim to a sophisticated Web attack that relied on cookie theft or cross-site scripting.

The vulnerability of Web mail accounts isn't only an issue for nonexperts. Two computer security researchers, Alan Schimel, chief strategy officer for security firm StillSecure, and Petro D. Petkov, founder of security consultancy GNUCitizen, have also had their e-mail accounts hijacked recently.

O'Donnell recommends only connecting to your Web mailboxes from computers you trust, and advises the use of complex and difficult-to-guess passwords. He said that the FBI is likely to investigate and that the agency has a fair chance of catching the hackers. "People talk," he said. "That's usually how hackers get busted. Someone will roll."

Even so, O'Donnell said he believes that this won't be the last such incident.

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.