[Infowarrior] - Gov.Palin at Hacked.Com

Richard Forno rforno at infowarrior.org
Sun Sep 21 15:39:20 UTC 2008 

Gov.Palin at Hacked.Com
By Farhad Manjoo
Sunday, September 21, 2008; Page B02

http://www.washingtonpost.com/wp-dyn/content/article/2008/09/19/AR2008091902806.html?hpid=opinionsbox1

Sometime last Tuesday, an unknown hacker gained access to gov.palin at yahoo.com 
, an e-mail account that Gov. Sarah Palin has used for personal and  
possibly also state business in Alaska. The hacker posted the e-mail  
password to a section of 4Chan, a discussion site known as a haven for  
Web "trolls" -- deliberate online troublemakers. For a brief time,  
Palin was an open book. Readers of 4Chan trudged through her inbox,  
saving screen shots of her correspondence with friends and supporters,  
a list of her frequent contacts and pictures of her family. Then a  
good Samaritan reset Palin's password, triggering a Yahoo security  
measure that alerted Palin to the breach. Soon after, gov.palin at yahoo.com 
  and another account Palin has reportedly used to conduct official  
business -- gov.sarah at yahoo.com -- were deleted.

The gossipy Web site Gawker.com has posted a few screen shots of the  
messages found in Palin's account; they reveal nothing damaging about  
the governor, other than the fact that she has a penchant for typing  
in ALL CAPS when exercised. ("Does he want someone OPPOSED to the life  
issue in Congress?" Palin wrote to Lt. Gov. Sean Parnell.) Still, in a  
statement sent to reporters on Wednesday, the McCain campaign called  
the incident "a shocking invasion of the Governor's privacy and a  
violation of law."

In fact, if there's anything remotely shocking here, it probably has  
to do with Palin's e-mail habits. Why was she using Yahoo? Critics say  
that she was taking a page from former White House political  
mastermind Karl Rove, who cooked up the idea of using an off-site e- 
mail address to confound investigations of his Bush administration  
activities. (In 2007, the White House admitted that Rove and other  
officials had used Republican National Committee addresses for some of  
their correspondence; as a result, the White House said it couldn't  
track down a trove of e-mail messages requested by congressional  
investigators looking into those fishy U.S. attorney firings.)
ad_icon

Palin's e-mail policies do show a certain Rovian (or perhaps  
Cheneyesque) partiality for secrecy. The New York Times reported last  
Sunday that shortly after she took office, Palin's aides discussed the  
benefits of using private e-mail accounts, with one assistant noting  
that messages sent to Palin's BlackBerry "would be confidential and  
not subject to subpoena." In June, Andrée McLeod, a Republican  
activist in Alaska, filed a public-records request for copies of all e- 
mails sent between two of Palin's aides, Ivy Frye and Frank Bailey.  
(McLeod suspected the aides of various ethical violations.) Palin's  
office parted with four boxes of e-mail, but it refused to disclose  
more than 1,000 other messages, claiming executive privilege.

Rovian tactics aside, last week's hacking episode proves that it's  
rather boneheaded to put state business on Yahoo. True, all e-mail  
addresses are vulnerable to hacking. But Yahoo is a particularly big  
target. Lots of people spend a lot of time trying to crack Yahoo  
accounts. Do a quick search for "hack yahoo," and you'll be presented  
with myriad methods of attack.

When you forget your e-mail address, Yahoo asks you a "challenge  
question" to verify your identity before giving you your password. But  
because we know a great deal about Palin (her kids' names, her  
husband's favorite sport, her date of birth), the challenge question  
seems not to have been much of a challenge for the hacker. On a  
message board, the supposed culprit explained last week that he got  
into Palin's e-mail by guessing where she'd met her husband, Todd. He  
says that he typed in "Wasilla high" -- and was able to trick Yahoo  
into assigning the account a new password, "popcorn." This echoes the  
other major celebrity e-mail theft of recent memory: Paris Hilton's  
cell phone was successfully hacked because the thief knew that her pet  
Chihuahua is named Tinkerbell.

Palin probably won't be the last politician whose e-mail gets hacked.  
Until now, this has been rare, mainly because many big-time pols don't  
e-mail. Despite apparently having invented the BlackBerry (as a  
campaign aide suggested last week), John McCain abstains from e-mail,  
as does President Bush. Bill Clinton sent just two messages during his  
time in the White House (and one was a test e-mail).

But other politicians are addicted to e-mail: Barack Obama, Hillary  
Rodham Clinton, Mitt Romney and Al Gore are always on their  
BlackBerrys. The BlackBerry is known to be tough to hack; that is, it  
has shown no major tech vulnerabilities that would allow easy access  
to intruders. But keeping all devices safe from attackers takes work  
-- choosing strong passwords, changing them often, making sure you  
haven't left them lying around somewhere. Politicians are probably no  
better at that than you or I. And we know all their pets' names.

Farhad Manjoo is Slate's technology columnist.

More information about the Infowarrior mailing list