Sarah Palin's Yahoo Mail Account Hacked - InformationWeek
IoT
IoT
Government // Cybersecurity
News
9/17/2008
04:56 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Sarah Palin's Yahoo Mail Account Hacked

The summary lists five screenshots of Palin's Yahoo Mail account, three text files with contact information and related data culled from the account, and two photos of Palin's family.

Republican Vice Presidential candidate Sarah Palin's Yahoo Mail account has been hacked and selected information from the account has been posted on Wikileaks, an online repository for documents.

The summary posted on Wikileaks reads thus: "Circa midnight Tuesday the 16th of September (EST) activists loosely affiliated with the group 'anonymous' gained access to U.S. Republican Party Vice-presidential candidate Sarah Palin's Yahoo e-mail account gov.palin@yahoo.com and passed information to Wikileaks. Governor Palin has come under criticism for using private e-mail accounts to conduct government business and in the process avoid transparency laws."

The summary lists five screenshots of Palin's Yahoo Mail account, three text files with contact information and related data culled from the account, and two photos of Palin's family.

It concludes, "The list of correspondence, together with the account name, appears to re-enforce the criticism. Wikileaks may release additional emails should they be of political substance."

A spokesperson at the McCain Palin Campaign press office said the reported breach was still being looked into and that campaign officials didn't have any immediate comment.

Brian Hale, a spokesperson for the FBI in Washington, said that he could confirm the FBI was aware of the alleged hack but couldn't comment further.

Yahoo did not immediately respond to a request for comment.

"Anonymous" is a name that has been used by an online group opposed to the Church of Scientology. The name has also reportedly been employed by Internet griefers. Based on the information provided on the Wikileaks site, there is no way to determine whether those who hacked Governor Palin's account are affiliated with others using the name "Anonymous."

One of the posted screenshots is an e-mail to Palin aide Ivy Frye. It says: "Dear Ivy, You don't know me, but I am part of an Internet group. We call ourselves anonymous. This e-mail was hacked by anonymous, but I took no part in that. I simply got the password back and changed it so no further damage could be done."

The e-mail concludes by asking Frye to contact Palin and inform her of the new password, which (hopefully) has been changed again.

Adam O'Donnell, director of emerging technologies at Cloudmark, said that the hackers might have compromised Palin's account in a variety of ways. He said they could have reset her password if they could answer the challenge questions. Or, he said, they could have used brute force password cracking software or a Web-based password cracking service. He also suggested that Palin's laptop or desktop computer could have been compromised or that she could have fallen victim to a sophisticated Web attack that relied on cookie theft or cross-site scripting.

The vulnerability of Web mail accounts isn't only an issue for nonexperts. Two computer security researchers, Alan Schimel, chief strategy officer for security firm StillSecure, and Petro D. Petkov, founder of security consultancy GNUCitizen, have also had their e-mail accounts hijacked recently.

O'Donnell recommends only connecting to your Web mailboxes from computers you trust, and advises the use of complex and difficult-to-guess passwords. He said that the FBI is likely to investigate and that the agency has a fair chance of catching the hackers. "People talk," he said. "That's usually how hackers get busted. Someone will roll."

Even so, O'Donnell said he believes that this won't be the last such incident.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll