Palin's email hacked

[Count Chocula]

The typical Fed dodge for illegally obtained evidence is to trot out the "T" word. Once you're even accused of being some sort of terrorist, you are basically SOL as far as having legal rights or ability to mount a defense. That said, in important cases, my guess is that Feds may illegally obtain evidence to confirm their suspicion of a suspect, then go after more evidence with warrants. Just 'cause evidence isn't used in a trial don't mean it wasn't gathered.

[Edi]

Technically, isn't evidence gathered illegally also inadmissible in a court of law? Or has that provision been overturend?

If so, it doesn't matter what is found on there, even child porn, she can't be charged for it.

The cops didn't do it, so no 4th amendment violation. The stuff posted in public is available to any investigation from public sources.

It'd be different if someone had hacked it and then just given it o the cops but nowhere else. Then it would be inadmissible.

[SirNitram]

Social Engineering: Why Only Fucking Morons Use Passwords That A Google Search Of Your Life Would Suggest.

Which, given the amount of public spotlight anyone like Palin gets, is another strike against deciding to imitate the Bush Administration with it's use of private e-mail.

You can imagine the braindead conversation, really. 'Hey, let's use a password that anyone who google-searches big moments in my life would find. No one would suspect that!'

Am I sure it's a pure social engineering attack? No. But that's certainly what I've heard. Which would explain why a bunch of kiddies would be able to crack it.

[Axis Kast]

As I understand it, the vulnerability was inherent in Yahoo!Mail's method of retrieving forgotten passwords: asking personal questions, the answers to which aren't actually as obscure as they would have been before the age of online directories.

It seems that the hacker fooled Yahoo! into thinking he was Sarah Palin, and then took advantage of the fact that the Governor chose to make her retrieval queries matters of public record.

[SirNitram]

As I understand it, the vulnerability was inherent in Yahoo!Mail's method of retrieving forgotten passwords: asking personal questions, the answers to which aren't actually as obscure as they would have been before the age of online directories.

It seems that the hacker fooled Yahoo! into thinking he was Sarah Palin, and then took advantage of the fact that the Governor chose to make her retrieval queries matters of public record.

That's not really better. Such security features are painfully dumb for anyone with a position like Palin's. Five seconds of Googling and you have the relevent data, unless they've answered falsely.

Social engineering at the core either way. And all because using the official e-mail, which would, like most state issued, have to be re-issued manually, was apparently too accountable.

[Axis Kast]

That's not really better. Such security features are painfully dumb for anyone with a position like Palin's. Five seconds of Googling and you have the relevent data, unless they've answered falsely.

Maybe I'm just not upset over this because, while I think it was a stupid move for somebody in top office, I've already been exposed to too many people approximately my parents' age who can't use technology at all. A lot of my professors, many of whom work for the government, fall into that same boat and end up being unable to work out how to send mass e-mails.

Social engineering at the core either way. And all because using the official e-mail, which would, like most state issued, have to be re-issued manually, was apparently too accountable.

I thought Phongn posted something to the effect that there was little of interest to the original hacker, who was looking for incriminating details.

[General Zod]

Maybe I'm just not upset over this because, while I think it was a stupid move for somebody in top office, I've already been exposed to too many people approximately my parents' age who can't use technology at all. A lot of my professors, many of whom work for the government, fall into that same boat and end up being unable to work out how to send mass e-mails.

Some of us expect our politicians to at least be somewhat savvy with current trends and technology. In any other office setting that degree of incompetence would at least lead to a severe chewing out. If not a firing.

[Covenant]

No, the thing is, she was provided with an account for doing this kind of business and she chose to do something that was possibly illegal for ethically bankrupt reasons and now we're seeing why it was originally a bad idea and still is today. The fact that she got her email hacked is entirely her fault, because of all the people out there who are candidates for an office, hers was the only personal account that was also being used to skirt the law and conduct offical business. That's the real danger there, not the invasion of privacy issue, and that's why it's people's right to be upset at her for exercising no judgement--and for selfish, law-evading reasons.

If or if not anything is posted that turns out to be interesting or offical, it's still an example of why using a nonsecure channel for secure business should really carry a more robust guilty penalty. You're given an account that can be monitored by security professionals to conduct that business, so use it, goddammit. If this is something I can get fired for despite the fact my stuff isn't important, this is something a public offical should definately get at least a public wrist-slap for.

[SirNitram]

That's not really better. Such security features are painfully dumb for anyone with a position like Palin's. Five seconds of Googling and you have the relevent data, unless they've answered falsely.

Maybe I'm just not upset over this because, while I think it was a stupid move for somebody in top office, I've already been exposed to too many people approximately my parents' age who can't use technology at all. A lot of my professors, many of whom work for the government, fall into that same boat and end up being unable to work out how to send mass e-mails.

I'm vexed by this because I'm exposed to idiots who practice bad security(Both computer and social) constantly, particularly in my brief stint running a school computer network. When you have to clean up the peices of miniature versions of this, and it's the most blindingly obvious nonsense they were warned against, it annoys.

Social engineering at the core either way. And all because using the official e-mail, which would, like most state issued, have to be re-issued manually, was apparently too accountable.

I thought Phongn posted something to the effect that there was little of interest to the original hacker, who was looking for incriminating details.

And if she had been using the assigned mail, there would have been no reasons for stupid shennanigans which turn this into a carnival. I see no reason not to rant at an idiot who sets down the rake and walks right into it and takes up newspace.

[Axis Kast]

I'm vexed by this because I'm exposed to idiots who practice bad security(Both computer and social) constantly, particularly in my brief stint running a school computer network. When you have to clean up the peices of miniature versions of this, and it's the most blindingly obvious nonsense they were warned against, it annoys.

I guess that it really does boil down to personal experience, then.

Government systems actually strike me as unusually vulnerable. In most colleges, you've got a core of students that can -- and do -- take care of their own computers.

In government, it's a great many adults who often bemoan the end of the paper age.

And if she had been using the assigned mail, there would have been no reasons for stupid shennanigans which turn this into a carnival. I see no reason not to rant at an idiot who sets down the rake and walks right into it and takes up newspace.

Phongn's post of the hacker's conclusions seem to indicate a modest spill-over of government function to a personal account. I think that's not very surprising.

I see no reason to get up in arms -- especially when the exposure didn't net anything of interest to somebody seeking incriminating items.

[Beowulf]

Since I've seen a bit of BS about classified and intelligence gathered on civilians:

It's perfectly legal to mail information classified "Secret" through the US postal service. The way it's done also makes it fairly obvious that it's classified as well.

Intelligence gathered on US persons may legally be kept for only a short time period before it must be disposed of, and that time period exists so that it can be determined whether the information is actually from a US person. (Previous only applies to NSA/CIA/AFISR/whatever, not to domestic law enforcement)

[GySgt. Hartman]

You can send secret information as USPS registered mail, because the USPS is a US government agency. But I doubt that you would send secret information through another country's postal service and rely only on the fact that it's illegal to open mail in Iran, too. At the core is this: If you handle classified information, you have a responsibility for it, and you handle it only in approved ways. If you don't, and it goes wrong, you're screwed.

As I understand it, the vulnerability was inherent in Yahoo!Mail's method of retrieving forgotten passwords: asking personal questions, the answers to which aren't actually as obscure as they would have been before the age of online directories.

Yes, that's a bad system, and that has been known for several years, and is obvious after 2 seconds of thinking about it: The backup-password that can be used to recover your password should be at least as secure as the password itself. If they ask you for your favorite color and you answer "blue", you don't deserve better. My favorite color is lk-0R9*aMw'/a-=.

[Themightytom]

http://www.cnn.com/2008/POLITICS/09/22/ ... index.html

WASHINGTON (CNN) -- FBI agents investigating the hacking of a personal e-mail account belonging to Alaska Gov. Sarah Palin searched the home of the son of a Tennessee state legislator, federal law enforcement sources said Monday.


E-mail from Alaska Gov. Sarah Palin's personal account was posted on the Internet by a hacker.

The search occurred late Saturday and early Sunday at the Knoxville, Tennessee, apartment of 20-year-old David Kernell, who is the son of Rep. Mike Kernell, D-Memphis, and a student at the University of Tennessee.

Knoxville station WBIR reported that students were having a party at the apartment when federal agents began their search. Witnesses told WBIR that Kernell and his friends fled the apartment when the FBI agents arrived.

Officially, Justice Department spokeswoman Laura Sweeney acknowledged Monday only that "investigative activity occurred" over the weekend, but three sources familiar with the case confirmed the search of Kernell's residence.

Although charges may be filed, none was believed to be imminent, according to the sources.

No documents have been made public showing what equipment or evidence agents had seized. The sources requested anonymity because the investigation is ongoing and no charges have been filed.

Palin's Yahoo! e-mail account was hacked, and some of the contents were displayed briefly last week on a Web site, according to WBIR. A person going by the name "Rubico" took credit for hacking Palin's account by using Palin's ZIP code and birth date, and many people on the Internet associated that name with David Kernell, WBIR reported.

Although the displayed messages did not contain significant political disclosures, the McCain-Palin campaign issued a statement calling the incident "a shocking invasion of the governor's privacy and a violation of law."

So is underage drinking, I wonder if they were hoping to nail Mr. kernell for that, its not a long shot if a 20 yr old college student is having a party on a saturday night.

I'm a little skeptical, it would be a little "too" convenient for the perpetrator to be the son of a Democrat senator. McCain's campaign could lay out a nice trail of breadcrumbs portraying democrats as evil hacker nerds.

[General Zod]

I'm a little skeptical, it would be a little "too" convenient for the perpetrator to be the son of a Democrat senator. McCain's campaign could lay out a nice trail of breadcrumbs portraying democrats as evil hacker nerds.

Senator? What? He's a member of the Tennessee House of Representatives, NOT the US Senate.

[Themightytom]

I'm a little skeptical, it would be a little "too" convenient for the perpetrator to be the son of a Democrat senator. McCain's campaign could lay out a nice trail of breadcrumbs portraying democrats as evil hacker nerds.

Senator? What? He's a member of the Tennessee House of Representatives, NOT the US Senate.

Yeah my mistake, I had senators on the brain.