Republican Vice Presidential candidate Sarah Palin's Yahoo Mail account has been hacked and selected information from the account has been posted on Wikileaks, an online repository for documents.
The summary posted on Wikileaks reads thus: "Circa midnight Tuesday the 16th of September (EST) activists loosely affiliated with the group 'anonymous' gained access to U.S. Republican Party Vice-presidential candidate Sarah Palin's Yahoo e-mail account [email protected] and passed information to Wikileaks. Governor Palin has come under criticism for using private e-mail accounts to conduct government business and in the process avoid transparency laws."
The summary lists five screenshots of Palin's Yahoo Mail account, three text files with contact information and related data culled from the account, and two photos of Palin's family.
It concludes, "The list of correspondence, together with the account name, appears to re-enforce the criticism. Wikileaks may release additional emails should they be of political substance."
A spokesperson at the McCain Palin Campaign press office said the reported breach was still being looked into and that campaign officials didn't have any immediate comment.
Brian Hale, a spokesperson for the FBI in Washington, said that he could confirm the FBI was aware of the alleged hack but couldn't comment further.
Yahoo did not immediately respond to a request for comment.
"Anonymous" is a name that has been used by an online group opposed to the Church of Scientology. The name has also reportedly been employed by Internet griefers. Based on the information provided on the Wikileaks site, there is no way to determine whether those who hacked Governor Palin's account are affiliated with others using the name "Anonymous."
One of the posted screenshots is an e-mail to Palin aide Ivy Frye. It says: "Dear Ivy, You don't know me, but I am part of an Internet group. We call ourselves anonymous. This e-mail was hacked by anonymous, but I took no part in that. I simply got the password back and changed it so no further damage could be done."
The e-mail concludes by asking Frye to contact Palin and inform her of the new password, which (hopefully) has been changed again.
Adam O'Donnell, director of emerging technologies at Cloudmark, said that the hackers might have compromised Palin's account in a variety of ways. He said they could have reset her password if they could answer the challenge questions. Or, he said, they could have used brute force password cracking software or a Web-based password cracking service. He also suggested that Palin's laptop or desktop computer could have been compromised or that she could have fallen victim to a sophisticated Web attack that relied on cookie theft or cross-site scripting.
The vulnerability of Web mail accounts isn't only an issue for nonexperts. Two computer security researchers, Alan Schimel, chief strategy officer for security firm StillSecure, and Petro D. Petkov, founder of security consultancy GNUCitizen, have also had their e-mail accounts hijacked recently.
O'Donnell recommends only connecting to your Web mailboxes from computers you trust, and advises the use of complex and difficult-to-guess passwords. He said that the FBI is likely to investigate and that the agency has a fair chance of catching the hackers. "People talk," he said. "That's usually how hackers get busted. Someone will roll."
Even so, O'Donnell said he believes that this won't be the last such incident.