Thursday, September 18, 2008

Alleged 1st-person Details Of Palin Password Cracking Emerge

First let me begin by stating the obvious, the term hacking is clearly being used in the wrong sense as it relates to this story. The anonymous person that gained access to Sarah Palin's alleged email account yesterday used common password cracking methods. Even calling this password cracking isn't entirely correct as the user allegedly used commonly known information to reset the password on the account.

In a post on the 4chan boards a user now know as "rubico" ( - see note below) stated the exploit took no more than 45 minutes and simply required searching the Internet for basic personal information, such as Palin's zip code, birth date, and where she had met her husband. The purported cracker said he had hoped to break in and find something incriminating in the wake of media coverage debating Palin's use of a Yahoo account for state business, but claims to have come up blank.

The problem with "rubico's" statement is that Yahoo password resets are typically e-mailed to an alternate account. Not to say that it might not have work as a user can say his or her alternate e-mail address is unavailable, then password may be reset. Basically everything had to be just perfect for this would be "cracker" to have achieved his goal, a very unlikely scenario but still possible.

Personally I'd be leaning towards a brute force attack, where the would be attacker simply tries the most likely passwords. It seems like a more likely scenario, but again I still think the entire deal is BS (see previous post).

From the alleged details that emerged, if they are true, we can tell the attacker definitely wasn't a highly skilled hacker. He claims to have been sitting behind only one proxy, and that he panicked "posted the pass on /b/, and then promptly deleted everything, and unplugged my internet and just sat there in a comatose state."

Simply put once you've gained access to a webmail account it is yours until the user tries to gain access again. You log in, your IP is logged (or the IP of the proxy) and you are there just like any other user. Yahoo would have been none the wiser had he stayed on for hrs, days even weeks. Therefore there was no real reason to panic.

Using Ctunnel and posting full screen shots of the URLs might have been his greatest mistake. Gabriel Ramuglia, Webmaster of Ctunnel, said today that URLs in screenshots of Palin's e-mail photos posted online yesterday showed that whoever accessed her Yahoo! account did indeed use his proxy service and the fact that they showed so much of the url that he could easily track down the IP address of the computer used to gain access.

"Usually, this sort of thing would be hard to track down because it's Yahoo email, and a lot of people use my service for that," he told El Reg in a phone interview. "Since they were dumb enough to post a full screen shot that showed most of the [] URL, I should be able to find that in my log."

My Final Thoughts:

Again I want to reiterate a few things; Appscout among other sites have been incorrectly stating that the break in was was perpetrated by 4Chan, a group of hackers or the collective of like-minded individuals considered to be "Anonymous". Other than the "Rubico" character no one else has come forth to claim any involvement, so as far as we know it was a solo attack. 4chan just happened to be the BBS that used to relay the information and details.

I'd also like to state, we still have no know confirmation that this was indeed Sarah Palin's email address. I have yet to see any information that related this address to her in anyway. As I stated yesterday as far as I know this email address was previously unknow to the public, so how are we now associating it with Palin?

**Note - Federal authorities have now contacted the alleged father of the hacker, Democratic Rep. Mike Kernell. The alleged hacker’s name is David Kernell, who uses the username “rubico10″.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you