The OC Blog Back Issues Our Mission Contact Us Masthead
Sudsy Wants You to Join the Oregon Commentator
 

Some Thoughts on the Palin E-Mail Debacle [update 09/19]

No doubt that by now everyone has heard that Republican VP nominee Sarah Palin’s Yahoo e-mail account(s) were cracked and the contents thereof distributed on the Internet. The whole imbroglio has got both Team Red and Team Blue riled up, and I’ve got a few thoughts on the affair.

1) A lot of people seem to be saying “Wow, she’s so stupid that even a teenager could outsmart her.” I don’t think this is a fair criticism. As I understand it, Yahoo has a number of security questions that you have to answer in order to reset the password on the account, which is what the intruder did. Oftentimes, these questions are on the order of “what zip code were you born in” or “what was your maternal grandmother’s maiden name?”

If you’re trying to crack some nobody’s account, this information might be kind of hard to dig up. For a public figure, especially one like Palin, whose life has been gone through with a fine-toothed comb and published in recent weeks, this kind of info is much easier to locate. This was, in fact, the method used by the persion who cracked Palin’s e-mail account, by his own admission.

The problem, in this case, was not Palin’s “stupidity”, but rather a fundamental flaw in the security system that Yahoo uses to protect against illegitimate password change requests.

2) A lot has been said about whether or not it was appropriate for Palin to even be using a Yahoo account. Many are arguing (mostly in the comments sections of blogs) that the fact that she might’ve been using the Yahoo account for official business justifies the intrusion. This is obviously a specious argument.

While I’m not an authority on the applicable laws, it doesn’t seem that there was really much of anything of substance to be found on the e-mail accounts. Much has been made of the fact that, since the attack, the e-mail addresses have been deleted. It’s been suggested that this is because Palin is trying to “destroy evidence” or some such thing.

Nonsense. Locking or deleting an account after a known intrusion (rather than simply changing a the password) is standard procedure just about anywhere, including here at the University of Oregon.

By the cracker’s own admission, he found nothing incriminating. Of course, he’s not a legal authority either, so maybe there’s a case to be made. I don’t know. What I do know, however, is that what he did is illegal and the fact that some people think there might have been inappropriate use of the Yahoo accounts absolutely does not excuse his actions.

There was a lot of uproar on the part of both conservatives and liberals about Bush’s wiretapping schemes and how they infringed upon civil liberties and the right to privacy. Anyone who was upset about the wiretapping but finds no problems with this invasion (and visa-versa) is engaging in very, very selective outrage, as far as I can see.

3) This appears to have been a politically motivated attack, though let me state up front that I think that any suggestion that the Obama campaign — or any prominent Democrat — condoned this, or even knew about it until the story broke, is absolutely absurd.

Nevertheless, the intruder stated outright that he broke in with the intention of finding incriminating e-mails — and, in fact, totally expected to find them — that he could post online and derail the McCain campaign. There’s also this preliminary report that the culprit may have been the son of a Democratic Tennessee Representative.

A few days ago I posted a quote from Nick Cohen, who wrote:

In an age when politics is choreographed, voters watch out for the moments when the public-relations facade breaks down and venom pours through the cracks. Their judgment is rarely favourable when it does. Barack Obama knows it. All last week, he was warning American liberals to stay away from the Palin family. He understands better than his supporters that it is not a politician’s enemies who lose elections, but his friends.

I think that’s especially apropos in this case. Whether or not the attack was committed by the legislator’s son, it is, as I said, a pretty clearly partisan attack, and could very well have some negative consequences for Obama, even though he had nothing to do with it.

[update 09/19/08]

The BBC has a round-up of what’s known so far:

First, it looks like Yahoo has basically admitted that its password-reset system was the weak link here:

It is thought the attackers exploited the password resetting system of Yahoo’s e-mail service.

Details about Mrs Palin’s life pulled from public sources reportedly helped defeat security questions.


Information from Wikipedia and other online databases helped to establish Mrs Palin’s date of birth, zip code and other personal information.

Armed with this, the attackers convinced the Yahoo password re-setting system they warranted access and allowed them to re-set the password and then get at the account.

 .

In an official statement Yahoo said: “Yahoo treats issues of security and privacy very seriously.”

It added: “To protect the privacy of our users, we are not able to comment on the details of a specific user account.”

“Generally, if Yahoo! receives reports that an account has been compromised, we investigate for suspicious activity and take appropriate action,” the company said.

It also looks like the FBI has identified how the intruder masked their IP address:

The hackers used the CTunnel proxy service which routes web browsing through an intermediary to obscure where the attackers were based.

However, the screenshots for the attack reveal the original web address used by the proxy which may help investigators track down the miscreants.

No information, however, on whether or not David Kernell is considered a suspect. I reckon if the FBI gets a hold of CTunnel’s logs that they’ll know soon enough.

[update]

Geez, it looks like Barack Obama’s email has been hacked too. Screenshot here. Looks like Dick Cheney is pissed.

(Hat tip: Instapundit)

  1. Sakaki says:

    Yes, people still read Ace of Spades. And “The Jawa Report”. And others like them. The blogfathers, as I like to call them.

  2. Timothy says:

    Wait, people still read Ace of Spades? I’m confused.

  3. Sakaki says:

    Vincent:

    Point taken. Though you can find out a lot about the Astroturfing business over at AoSHQ. It’ll give you an idea of what to look out for and what to expect.

    Then, when you find someone who is an astroturfer, you can make fun of them and pour cheap malt beverages on them.

  4. Vincent says:

    That video is the Alpha and the Omega.

  5. Chris says:

    “Attorney Generals”

    Should be Attorneys General.

    That is all. I know…I just can’t help it though. Sorry.

  6. Vincent says:

    Well, there were “family pictures”…

  7. Timothy says:

    Unless there were naked pictures of her, I’m not particularly interested.

  8. Vincent says:

    I think it’s more a case of psychosis, Sakaki.

  9. Sakaki says:

    Vincent,

    What you have above is a case of “Astroturfing”. People, seemingly grassroots with no possible reason for doubting things, essentially putting up lies and smears with no proof. Kinda like that Jackson character.

    If you need more info on it, Ace of Spades discusses it over on his blog.

  10. Vincent says:

    Shockingly enough, this Washington Post article presents the whole affair as being substantially less cut-and-dried than you present it.

    Are you seriously arguing that the kid who may or may not have cracked Palin’s e-mail (we don’t know if it was him yet, as far as I know) is actually innocent; that some evil, shadowy Republican operative (“operative” sounds so scary, doesn’t it?) Back Orficed his machine and used to it to conduct the attack?

    Get back on your meds, chum.

    (Oh, and “go back to sleep America” was a nice touch, incidentally.)

  11. name says:

    She refused to turn over 1100 emails in a F.O.I.A. stating they are of a personal nature, when they are not. That’s a federal crime. It’s a pre-meditated crime,which to commit the crime of illegally shielding government documents is why she was using the account in the first place. Moreover the Attorney Generals Office of the great state of Alaska just issued an opinion that if government documents are in a private e-mail account,the State has the right to review them, that they must be saved for three years, and that to destroy (delete) them is a crime.In my opinion, Palin or someone in her employment (McCorkell? Having a P.I. background & couldn’t resist giving herself 2 min. of fame)done this as an excuse to delete and/or discredit the account.I believe the trail will lead back to them if it’s followed in a prudent manner. Do we have a sloppy hacker or a smart and devious hacker. If the I.P. addy matches the kid in question yet it doesn’t add up a program like netbus or back orifice with a built in wiping routine should be considered. These are common names for a trojan jacker that a hacker can take over your computer use it without you knowing it,then attack others with your computer address.It turns your computer into a proxy..after the deed is done it can erase itself and fill in where it was with random bytes. Anyone can download these programs off the net in a matter of three minutes..Remember M.O.M. (means,opportunity,& motive)Who really has all three? Palin…Let us not forget the bug Karl Rove found in his Texas office and the WHOLE story behind that!! What, you don’t know what I’m talking about? Well then just shut-up and go back to sleep America.

  12. Chris says:

    Interesting. So this is the e-mails that people were upset were deleted, allegedly a la Rove-style deletion? Pretty messed up, but I think it would be weird if she were conducting state business via Yahoo. Not that she was or anything. I think another thing that would be weird is that Yahoo would, I think, have some sort of legal claim to the material stored on its servers. Getting really wacky here, but I know there was a story on legal claims to internet-based materials not on your own server.

Leave a Reply

You must be logged in to post a comment.