Sarah Palin's Yahoo Mail Account Hacked

The summary lists five screenshots of Palin's Yahoo Mail account, three text files with contact information and related data culled from the account, and two photos of Palin's family.

Thomas Claburn, Editor at Large, Enterprise Mobility

September 17, 2008

3 Min Read
InformationWeek logo in a gray background | InformationWeek

Republican Vice Presidential candidate Sarah Palin's Yahoo Mail account has been hacked and selected information from the account has been posted on Wikileaks, an online repository for documents.

The summary posted on Wikileaks reads thus: "Circa midnight Tuesday the 16th of September (EST) activists loosely affiliated with the group 'anonymous' gained access to U.S. Republican Party Vice-presidential candidate Sarah Palin's Yahoo e-mail account [email protected] and passed information to Wikileaks. Governor Palin has come under criticism for using private e-mail accounts to conduct government business and in the process avoid transparency laws."

The summary lists five screenshots of Palin's Yahoo Mail account, three text files with contact information and related data culled from the account, and two photos of Palin's family.

It concludes, "The list of correspondence, together with the account name, appears to re-enforce the criticism. Wikileaks may release additional emails should they be of political substance."

A spokesperson at the McCain Palin Campaign press office said the reported breach was still being looked into and that campaign officials didn't have any immediate comment.

Brian Hale, a spokesperson for the FBI in Washington, said that he could confirm the FBI was aware of the alleged hack but couldn't comment further.

Yahoo did not immediately respond to a request for comment.

"Anonymous" is a name that has been used by an online group opposed to the Church of Scientology. The name has also reportedly been employed by Internet griefers. Based on the information provided on the Wikileaks site, there is no way to determine whether those who hacked Governor Palin's account are affiliated with others using the name "Anonymous."

One of the posted screenshots is an e-mail to Palin aide Ivy Frye. It says: "Dear Ivy, You don't know me, but I am part of an Internet group. We call ourselves anonymous. This e-mail was hacked by anonymous, but I took no part in that. I simply got the password back and changed it so no further damage could be done."

The e-mail concludes by asking Frye to contact Palin and inform her of the new password, which (hopefully) has been changed again.

Adam O'Donnell, director of emerging technologies at Cloudmark, said that the hackers might have compromised Palin's account in a variety of ways. He said they could have reset her password if they could answer the challenge questions. Or, he said, they could have used brute force password cracking software or a Web-based password cracking service. He also suggested that Palin's laptop or desktop computer could have been compromised or that she could have fallen victim to a sophisticated Web attack that relied on cookie theft or cross-site scripting.

The vulnerability of Web mail accounts isn't only an issue for nonexperts. Two computer security researchers, Alan Schimel, chief strategy officer for security firm StillSecure, and Petro D. Petkov, founder of security consultancy GNUCitizen, have also had their e-mail accounts hijacked recently.

O'Donnell recommends only connecting to your Web mailboxes from computers you trust, and advises the use of complex and difficult-to-guess passwords. He said that the FBI is likely to investigate and that the agency has a fair chance of catching the hackers. "People talk," he said. "That's usually how hackers get busted. Someone will roll."

Even so, O'Donnell said he believes that this won't be the last such incident.

About the Author

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights