Sarah Palin email hack

Last updated
David Kernell David Kernell mug shot.jpg
David Kernell

The Sarah Palin email hack occurred on September 16, 2008, during the 2008 United States presidential election campaign when vice presidential candidate Sarah Palin's personal Yahoo! email account was subjected to unauthorized access. The hacker, David Kernell, obtained access to Palin's account by looking up biographical details, such as her high school and birthdate, and using Yahoo!'s account recovery for forgotten passwords. [1] Kernell then posted several pages of Palin's email on 4chan's /b/ board. Kernell, who at the time of the offense was a 20-year-old college student, was the son of longtime Democratic state representative Mike Kernell of Memphis.

Contents

Kernell was charged in October 2008 in federal court. After he was led into the court in leg irons and handcuffs, the judge released him on his own recognizance, pending trial. [2] [3] The incident was ultimately prosecuted in a U.S. federal court as four felony crimes punishable by up to 50 years in federal prison. [4] [5] The charges were three felonies: identity theft, wire fraud, and anticipatory obstruction of justice; and one optional as felony or misdemeanor: intentionally accessing an account without authorization. Kernell pleaded not guilty to all counts.

A jury trial, featuring testimony of Sarah and Bristol Palin, as well as of 4chan founder Christopher Poole, [6] began on April 20, 2010. [4] The jury found Kernell guilty on two counts: the felony of anticipatory obstruction of justice and the misdemeanor of unauthorized access to a computer. [7] [8] On her Facebook page, Sarah Palin stated that she and her family were thankful the jury had rendered a just verdict. [9]

Kernell was sentenced on November 12, 2010, to one year plus a day in federal custody, [10] followed by three years of supervised release. [10] The sentencing judge recommended that the custody be served in a halfway house, [10] but the Federal Bureau of Prisons sent him instead to a minimum security prison. [11] [12] He was released on November 23, 2011. [13] In January 2012, the United States Court of Appeals for the Sixth Circuit found Kernell's awareness of a possible future FBI investigation was enough to uphold a conviction on obstruction of justice. [14]

Incident

Shortly after midnight on September 16, 2008, [5] the private Yahoo! Mail account of Sarah Palin was cracked by a 4chan user. [5] The hacker, known as "Rubico", claimed he had read Palin's personal e-mails because he was looking for something that "would derail her campaign." [5] [15]

After reading through Palin's emails, Rubico wrote, "There was nothing there, nothing incriminating — all I saw was personal stuff, some clerical stuff from when she was governor." [5] [15] Rubico wrote that he used the Sarah Palin Wikipedia article to find Palin's birth date (one of the standard security questions used by Yahoo! [16] ) in "15 seconds." The hacker posted the account's password on /b/, an image board on 4chan, and screenshots from within the account to WikiLeaks. [17] A /b/ user then logged in and changed the password, posting a screenshot of his sending an email to a friend of Palin's informing her of the new password on the /b/ thread. This man was criticized heavily by the /b/ community, for being a "white knight". However, he did not blank out the password in the screenshot. [18] A multitude of /b/ users then attempted to log in with the new password, and the account was automatically locked out by Yahoo!. The incident was criticized by some /b/ users, one of whom complained that "seriously, /b/. We could have changed history and failed, epically." [19] The hacker admitted he was worried about being caught, writing "Yes I was behind a proxy, only one, if this sh*t ever got to the FBI I was f**ked, I panicked, I still wanted the stuff out there ... so I posted the [information] ... and then promptly deleted everything, and unplugged my internet and just sat there in a comatose state." [16]

The hacker left behind traces of his activity. His IP address was logged at the proxy he used, CTunnel.com, and he also left his email address rubico10@yahoo.com when he posted at 4chan. Furthermore, the attacker revealed the original web address used by the proxy [20] by leaving this information in the screenshot which according to experts can also help the investigation. [20] 4chan's /b/ board is not archived, and posts are only retained for a short time. However, with the great interest surrounding the posts of Rubico, many, including the magazine Wired, archived the original posts. [21] The email address left behind was then connected to David Kernell through various social networking profiles where it was used, [22] though no official investigation took place at this time.

Campaign response

John McCain's campaign condemned the incident, saying it was a "shocking invasion of the governor's privacy and a violation of law". [20] Barack Obama's spokesman Bill Burton called the hacking "outrageous". [16]

Federal investigation

The FBI and Secret Service began investigating the incident and on September 20, it was revealed that they were questioning David Kernell, a 20-year-old economics student at the University of Tennessee and the son of Democratic Tennessee State Representative Mike Kernell from Memphis. [23] [24] [25] [26] The handle used by the hacker when making his post at 4chan pointed to him, although this evidence was inconclusive because of the frequent pranks pulled at that board. [27] The hacker's proxy service provided its logs, which pointed to Kernell's residence. [24] [27]

FBI agents served a federal search warrant at David Kernell's apartment in Knoxville. [28] Agents spent two hours taking pictures of everything inside his apartment. [28] Kernell's three roommates were also subpoenaed and expected to testify the following week in Chattanooga. [29] The obstruction of justice charge stems from an allegation by the FBI that Kernell attempted to erase evidence of the crime from his hard drive. [30] Kernell's father told Wired that he was aware that his son was a suspect, but he did not ask him anything about it over concerns that he may have to testify in court. [31]

Indictment

A second federal grand jury in Knoxville returned an indictment of Kernell on October 7, 2008. [32] He was charged with violating 18 U.S.C.   § 1030(a)(2)(C) and § 2701, or unlawful access to stored communications and intentionally accessing a computer without authorization across state lines, respectively. [33] Kernell turned himself in the next day. [34] Kernell pleaded not guilty. [35] The court released Kernell on his own recognizance. [36] Kernell's attorney claimed that using "an e-mail address and a birth date does not constitute identity theft"; however, the court rejected that argument saying "once Governor Palin chose the Yahoo! ID gov.palin@yahoo.com, that became her unique address, and no one else could choose it."[ citation needed ] [37]

Trial

In October 2008, Kernell was brought into court in handcuffs and ankle shackles to plead not guilty to the hacking and was released on bond. The case went to trial eighteen months later, on April 20, 2010. On April 23, Sarah Palin testified for 44 minutes. Her daughter, Bristol, testified as well. Following the conclusion of testimony, Sarah said, "I think there need to be consequences for bad behavior." [38]

Verdict and sentence

On April 30, 2010, David Kernell was found guilty on two of four counts: the felony of anticipatory obstruction of justice by destruction of records and found for the lower misdemeanor option of unauthorized access to a computer. The jury acquitted him of the charge of wire fraud. It was deadlocked on identity theft charge, so the judge declared a mistrial on that charge. [39] In response, Palin issued a press release comparing the case to Watergate. [40]

Sarah Palin said the family was "thankful that the jury thoroughly and carefully weighed the evidence and issued a just verdict." [41]

The prosecutor, Assistant U.S. Attorney Greg Weddle, who had sought an 18-month prison sentence for Kernell, promised a retrial on the identity theft charge should he be successful in his attempt at receiving a new trial. [39]

In November 2010 Kernell was sentenced to a year and a day of prison, preferably to be served in a halfway house, plus three years of probation, by U.S. District Judge Thomas Phillips, though he noted the Federal Bureau of Prisons (BOP) could override his recommendations. [42] [10] However, the BOP, which makes the ultimate determination as to where federal prisoners serve their sentence, assigned Kernell to the minimum security prison at the Federal Correctional Institution, Ashland near Ashland, Kentucky. [11] [12] [43] Jose Santana, the chief of the BOP's Designation and Sentence Computation Center, [44] said that halfway houses are for convicts who have limited skills and/or limited support from their families. Because Kernell had the support of his family and had attended a university for three years, Santana argued that he does not need to be in a halfway house. [45] Kernell was later relocated to a halfway house. [46]

Federal Correctional Institution, Ashland, where Kernell served part of his sentence FCIAshland.jpg
Federal Correctional Institution, Ashland, where Kernell served part of his sentence

Perpetrator

David Christopher Kernell was the son of longtime Democratic state representative Mike Kernell of Memphis.

Kernell won the Tennessee Open Scholastic Chess Championship in 2004, and graduated in 2006 from Germantown High School. After release from BOP custody, he returned to the University of Tennessee, Knoxville to finish an economics degree. He first volunteered his programming skills to Tennessee Voices for Children, a child advocacy nonprofit group. [47] Diagnosed with multiple sclerosis (MS) in 2014, Kernell participated in clinical research trials at the Cedars-Sinai Neurosciences Research Center in Los Angeles to help develop cures and treatments for other victims of MS. After moving to California, he developed facial recognition software that could identify children at risk of abuse.

Kernell died on February 2, 2018, in Newport Beach, California, at the age of 30, from complications related to progressive MS. [48] [49]

See also

Related Research Articles

<span class="mw-page-title-main">Yahoo! Mail</span> American email service

Yahoo! Mail is an email service offered by the American company Yahoo, Inc. The service is free for personal use, with an optional monthly fee for additional features. Business email was previously available with the Yahoo! Small Business brand, before it transitioned to Verizon Small Business Essentials in early 2022. Launched on October 8, 1997, as of January 2020, Yahoo! Mail has 225 million users.

<span class="mw-page-title-main">Stratfor</span> American geopolitical advising firm

Strategic Forecasting Inc., commonly known as Stratfor, is an American strategic intelligence publishing company founded in 1996. Stratfor's business model is to provide individual and enterprise subscriptions to Stratfor Worldview, its online publication, and to perform intelligence gathering for corporate clients. The focus of Stratfor's content is security issues and analyzing geopolitical risk.

<span class="mw-page-title-main">4chan</span> Anonymous imageboard website

4chan is an anonymous English-language imageboard website. Launched by Christopher "moot" Poole in October 2003, the site hosts boards dedicated to a wide variety of topics, from video games and television to literature, cooking, weapons, music, history, anime, fitness, politics, and sports, among others. Registration is not available and users typically post anonymously. As of 2022, 4chan receives more than 22 million unique monthly visitors, of which approximately half are from the United States.

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

<span class="mw-page-title-main">Christopher Poole</span> American internet entrepreneur (born 1988)

Christopher Poole, also known online as moot, is an American internet entrepreneur and developer. He founded the anonymous English-language imageboard 4chan in October 2003, when he was still a teenager; he served as the site's head administrator until January 2015. He also founded the online community Canvas, active from 2011 to 2014. Poole was hired by Google in 2016 to work on the Google+ social network and as a product manager. He left the company in 2021.

Michael L. Kernell is an American Politician Who served as a member of the Tennessee House of Representatives from 1975 to 2013.

weev Internet troll and hacker

Andrew Alan Escher Auernheimer, best known by his pseudonym weev, is an American computer hacker and professional Internet troll. Affiliated with the alt-right, the Southern Poverty Law Center has described him as being a neo-Nazi, white supremacist, and antisemitic conspiracy theorist. He has used many aliases when he has contacted the media, but most sources state that his real first name is Andrew.

<span class="mw-page-title-main">Operation Payback</span> Series of cyberattacks conducted by Anonymous

Operation Payback was a coordinated, decentralized group of attacks on high-profile opponents of Internet piracy by Internet activists using the "Anonymous" moniker. Operation Payback started as retaliation to distributed denial of service (DDoS) attacks on torrent sites; piracy proponents then decided to launch DDoS attacks on piracy opponents. The initial reaction snowballed into a wave of attacks on major pro-copyright and anti-piracy organizations, law firms, and individuals. The Motion Picture Association of America, the Pirate Party UK and United States Pirate Party criticised the attacks.

<span class="mw-page-title-main">Federal Correctional Institution, Ashland</span>

The Federal Correctional Institution, Ashland is a low-security United States federal prison for male inmates in the unincorporated area of Summit in Boyd County, Kentucky, approximately 5 miles (8.0 km) outside the city of Ashland. It is operated by the Federal Bureau of Prisons, a division of the United States Department of Justice. It also includes a satellite prison camp for minimum-security male offenders.

Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

<span class="mw-page-title-main">Email hacking</span> Unauthorized access to, or manipulation of, an email account or email correspondence

Email hacking is the unauthorized access to, or manipulation of, an account or email correspondence.

The 2012 LinkedIn hack refers to the computer hacking of LinkedIn on June 5, 2012. Passwords for nearly 6.5 million user accounts were stolen. Yevgeniy Nikulin was convicted of the crime and sentenced to 88 months in prison.

<i>We Are Legion</i> 2012 American film

We Are Legion: The Story of the Hacktivists is a 2012 documentary film about the workings and beliefs of the self-described "hacktivist" collective, Anonymous.

Marcel Lehel Lazăr, known as Guccifer, is a Romanian hacker responsible for high-level computer security breaches in the U.S. and Romania. Lazăr targeted celebrities, Romanian and U.S. government officials, and other prominent persons.

<span class="mw-page-title-main">Matt DeHart</span> Former U.S. intelligence analyst and sex offender

Matt Paul DeHart is an American citizen and former U.S. Air National Guard intelligence analyst and a registered sex offender. He has made several unconfirmed claims, including that he received classified documents alleging the CIA was involved in the 2001 anthrax attacks in the United States and that the government used child pornography charges to frame him for possession of state secrets.

On August 31, 2014, a collection of nearly five hundred private pictures of various celebrities, mostly women, with many containing nudity, were posted on the imageboard 4chan, and swiftly disseminated by other users on websites and social networks such as Imgur and Reddit. The leak was dubbed "The Fappening" or "Celebgate" by the public. The images were initially believed to have been obtained via a breach of Apple's cloud services suite iCloud, or a security issue in the iCloud API which allowed them to make unlimited attempts at guessing victims' passwords. Apple claimed in a press release that access was gained via spear phishing attacks.

Rubico may refer to:

The Internet service company Yahoo! was subjected to the largest data breach on record. Two major data breaches of user account data to hackers were revealed during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.

<span class="mw-page-title-main">Yevgeniy Nikulin</span> Russian computer hacker

Yevgeniy Alexandrovich Nikulin is a Russian computer hacker. He was arrested in Prague in October 2016, and was charged with the hacking and data theft of several U.S. technology companies. In September 2020, he was sentenced to 88 months in prison.

References

  1. Gehringer, Edward. "Personal Vs. Professional E Mail: The Palin Case". 2009 Annual Conference & Exposition.
  2. Lakin, Matt (October 8, 2008). "UT student David Kernell pleads not guilty in Palin e-mail hacking". Knoxville News Sentinel. Retrieved September 12, 2010.
  3. Michele Masterson (September 19, 2008). "Memphis Democrat Rep. Confirms Son Is Subject Of Speculation In Connection With Palin Hack". CRN.com. Retrieved September 12, 2010.
  4. 1 2 AP staff reporter (April 7, 2010). "Palin set to take stand in Tenn. hacking trial". FOX News. Associated Press. Retrieved September 12, 2010.
  5. 1 2 3 4 5 Johnson, Bobbie (May 27, 2010). "Sarah Palin vs the hacker". The Sunday Telegraph (UK). London. Retrieved August 7, 2012.
  6. "Court testimony by 4chan's founder and former administrator 'moot'" (PDF). Archived from the original (PDF) on 2010-08-20.
  7. Poovy, Bill (May 1, 2010). "Man convicted of Palin email hacking". The Sydney Morning Herald. Associated Press.
  8. Balloch, Jim (April 30, 2010). "Jury convicts Palin e-mail intruder on two counts; mistrial declared on ID theft". Knoxville News Sentinel.
  9. Palin, Sarah (April 30, 2010). "The Hacker Case Verdict". Facebook.
  10. 1 2 3 4 Mungin, Lateef (November 12, 2010). "Prison or halfway house for Palin e-mail hacker". CNN . Retrieved November 10, 2010.
  11. 1 2 "Inmate locator, David C. Kernell". Federal Bureau of Prisons . Retrieved February 11, 2011. Release date, actual or projected 11-23-11
  12. 1 2 "Official explains placing David Kernell at Kentucky facility". Knoxville News-Sentinel. January 28, 2011. Retrieved January 28, 2011.
  13. Register No. 32341-074, Federal Bureau of Prisons . Retrieved February 10, 2018.
  14. Baynes, Terry (January 30, 2012). "Sarah Palin email hacker loses appeal". Reuters . Retrieved August 7, 2012.
  15. 1 2 Rowland, Kara (September 19, 2008). "Hacker wanted to 'derail' Palin". The Washington Times. Retrieved September 23, 2008.
  16. 1 2 3 Carl Campanile (September 19, 2008). "Dem Pol's Son Was 'Hacker': I Spied On Palin' Boast Pops Up On 'Net". New York Post. Retrieved September 12, 2010.
  17. Tom Phillips (September 17, 2008). "Sarah Palin's email gets hacked". Metro . Retrieved September 17, 2008.
  18. M. J. Stephey (September 17, 2008). "Sarah Palin's E-mail Hacked". TIME . Archived from the original on September 19, 2008. Retrieved September 17, 2008.
  19. David Sarno (September 17, 2008). "4Chan's half-hack of Palin's email goes awry". The Los Angeles Times . Archived from the original on May 14, 2011. Retrieved September 17, 2008.
  20. 1 2 3 "Student suspect in Palin hacking". BBC News. September 23, 2008. Retrieved September 12, 2010.
  21. "Palin hacker gets one year". www.digitaljournal.com. 2010-11-13. Retrieved 2020-10-23.
  22. Sarno, David (September 24, 2008). "A hit-and-run at digital speed". Los Angeles Times. Retrieved August 7, 2012.
  23. "Palin Hacker Indicted". The Smoking Gun. Retrieved October 12, 2008.
  24. 1 2 Steve Bosak (September 20, 2008). "Suspect Nabbed in Palin E-mail Hack". NewsFactor. Retrieved September 21, 2008.
  25. Goodin, Dan (October 8, 2008). "Son of state lawmaker charged with Palin email hack". The Register . Retrieved October 10, 2008.
  26. Lakin, Matt (October 9, 2008). "Jury indicts UT student accused of hacking Palin's e-mail". Knoxville News Sentinel. Retrieved October 10, 2008.
  27. 1 2 "Grand jury investigates Palin e-mail hack; no charges yet". Ars Technica. September 24, 2008.
  28. 1 2 Keizer, Gregg (September 22, 2008). "Report: FBI serves search warrant against UT student in Palin case". Computerworld via WBIR.com. Retrieved August 7, 2012.
  29. Chisamera, Dee (September 22, 2008). "FBI Search The Apartment Of Palin Hack Primary Suspect". eFluxMedia. Archived from the original on October 8, 2008. Retrieved October 10, 2008.
  30. Satterfield, Jamie (April 23, 2010). "FBI agent says Kernell tried to destroy proof of Palin e-mail breach". KnoxNews.com. Retrieved April 23, 2010.
  31. Paul, Ian (September 22, 2008). "Palin Update: Tenn. Student Implicated in Hack". Today @ PC World. Archived from the original on October 26, 2008. Retrieved October 11, 2008.
  32. "David C. Kernell Indicted for Alleged Hack of Governor Sarah Palin's E-mail Account" (Press release). United States Department of Justice. October 8, 2008.
  33. "Indictment: United States of America v. David Kernell a/k/a "rubico," defendant" (PDF). United States District Court, Eastern District of Tennessee at Knoxville. October 7, 2008. Archived from the original (PDF) on December 2, 2009.
  34. Kim Zetter (October 8, 2017). "Tennessee Student Indicted for Hacking Palin E-mail — Updated". Wired.
  35. "Man denies hacking Palin e-mail". BBC News. October 9, 2008. Retrieved October 12, 2008.
  36. Reid, Tim; Tom Baldwin (October 9, 2008). "John McCain campaign renews attack on 'terrorist's friend' Barack Obama". The Times. London. Associated Press . Retrieved October 12, 2008.
  37. "The Bimbo from Alaska: Sarah Palin".
  38. Accounts differ as Sarah Palin e-mail hacking case is sent to court in Knoxville, Washington Post , April 24, 2010. Retrieved February 10, 2018.
  39. 1 2 "ID theft retrial in Palin hacking hinges on appeal". Seattle Times . Associated Press. May 7, 2010.
  40. "Sarah Palin Compares Hacking Case to Watergate". CBS News . April 30, 2010. Retrieved August 7, 2012.
  41. Jury convicts Palin e-mail intruder on two counts; mistrial declared on ID theft, Knoxville News Sentinel , Jim Balloch, February 9, 2018.
  42. Paul McNamara (11 December 2010), Palin e-mail snoop sentenced to a year in custody. David Kernell faces the music for 2008 intrusion into candidate's account, Network World
  43. Purewal, Sarah Jacobsson (14 January 2011). "Palin E-Mail Hacker Imprisoned Against Judge's Recommendation". PCWorld. Retrieved February 11, 2011.
  44. Federal Prison Authority- Who We Are Jose A. Santana JD, Federal Prison Authority. Retrieved February 10, 2018.
  45. "Feds: Palin hacker too well-off for halfway house [ dead link ]." Associated Press at the Washington Post . Friday January 28, 2011. Retrieved on February 1, 2011.
  46. "UT student David Kernell convicted of hacking Sarah Palin's e-mail, in halfway house". WBIR-TV . Knoxville. August 2, 2011. Archived from the original on February 9, 2013.
  47. Humphrey, Tom (2018-02-09). "David Kernell, who as UT student hacked Sarah Palin's email account, dead at age 30". TNJ. Retrieved 2020-10-10.
  48. "Student who hacked Sarah Palin's emails during 2008 campaign dies". USA TODAY. Retrieved 2018-02-09.
  49. Tennessee man who famously hacked Sarah Palin’s Yahoo email account in 2008 is dead, Commercial Appeal , Ryan Poe, February 9, 2018.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.