Browse > Home / Technology & Security / Palin E-mail Hacker - Anonymous Proxy Server not always Anonymous

Palin E-mail Hacker - Anonymous Proxy Server not always Anonymous

October 1, 2008

Please note it is your responsibility to evaluate the accuracy, completeness and usefulness of any information, opinion or advice contained in the content below.

When I wrote about Proxy Servers in my November 2007 article on On-Demand Software or Software as a Service (SaaS): When Your Competition Blocks Your Web Access, I hope people didn’t really believe Anonymous Proxy Server were truly Anonymous.

Anonymous Proxy Servers were simply meant to be used to get around firewalls that limited access to their desired web sites and Blogs. For example, in the recent Beijing Olympics, visitors had to resort to using Proxy servers to get to their favorite web sites back home.

Of course, the FBI has the right to subpoena any computer (as long as the proper search warrant exists!) and trace back your steps, which is easy as long as you have your raw log files.

Hacking into the email of a Vice Presidential candidate means serious business, and the Feds used their power and technology to nab a suspect, including access to an Anonymous Proxy Server.

Here is the full article from Yahoo news:

Suspect Nabbed in Palin E-mail Hack

In the wake of hacking the Yahoo! e-mail account of Vice Presidential candidate Sarah Palin, Web sleuths and the Feds may have nabbed the perpetrator. Meanwhile, Associated Press reporters were apparently in e-mail conversation with the suspect even as authorities were attempting to track him down.

According to reports in Knoxville’s Tennessean, Democrat State Representative Mike Kernell admitted that his son, David Kernell is being questioned by authorities in connection with the crime. The Secret Service and the FBI launched an official investigation on September 17.

Kernell, 20, is a student at the University of Tennessee-Knoxville. Rep. Kernell refused to disclose any further information about his son, including his whereabouts.

Not-So-Secure Security

In a message on a Web site frequented by hackers, a poster who identified himself as ‘rubico’ explained how he cracked Palin’s Yahoo! account. The hacker tracked Palin’s Yahoo! e-mail address from materials posted in the media, and then used the ‘password reset’ function to get into the account.

By successfully answering the account security question, ‘rubico’ was able to gain exclusive control of Palin’s e-mail by substituting his own password — ‘popcorn.’ The stored security question was: “Where did you meet your husband?” The hacker used online search to glean background information on Palin, and eventually hit on “Wasilla High School.”

Analysts, of course, note that such security questions are less than secure. The hacker continues in his message to express frustration over his inability to download all the material. He then posted the password to the board after leaving screen captures of a few messages, family pictures and the inbox on the Wikileaks Web site, and asks other hackers to check out the material.

Alarmed by the message, another anonymous message board member logged into the Palin account, changed the password again, then contacted the Palin family with the new password and a warning that someone had hacked the account.

Tracking the Hacker

After determining that ‘rubico’ had used a proxy server in an attempt to cover his tracks, it appears that the Ctunnel proxy service, operated by Gabriel Rumuglia, cooperated with FBI investigators to track the elusive IP address of the culprit by turning over IP cache records. The trail allegedly leads back to David Kernell.

It appears Kernell’s YouTube, MySpace and e-mail addresses have been terminated; one email address began with ‘rubico10.’ Kernell apparently used variations on the ‘rubico’ handle on other Web groups he belongs to, such as a chess group and other e-mail accounts. Bloggers such as Michelle Malkin and the Register were instrumental in tracking down leads to the perpetrator and tracking the path of the hacker through a proxy service.

Other fallouts from the hack are continued allegations in major newspapers that Palin was violating ethics standards by using a private e-mail count to conduct state business and the refusal of the Associated Press to turn over e-mail communications with the hacker. Some Web sites posted the e-mail addresses of Palin’s family members and even posted Crystal Palin’s cell phone number.

The hacker Web site that ‘rubico’ posted on, 4Chan.org, was most recently in the news when some members coordinated an online information blitz and attack on the Church of Scientology

Related Articles on CRM Help Desk Software.com

Recent Articles on CRM Help Desk Software.com

Free Newsletter

Sign up for the free Daily newsletter, filled with tips and ideas on how to choose a proper CRM, Help Desk, Customer Support, or Enterprise Content Management software system. Your email address will be kept confidential and won't be shared. Easily unsubscribe at any time.

If you enjoy the free information available on this site, you're sure to enjoy the free newsletter as well:

Enter your email address:

Delivered by FeedBurner

Site Search Tags:

Share and Enjoy:

Written by Jimson Lee · Filed Under Technology & Security 

Comments

CRM Help Desk Software