Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

John Brandon

Web 2.0 Watcher

David Kernell indicted, Yahoo Mail safe again

29 comments

TAGS:david kernell, indicted, yahoo mail
IT TOPICS:Government & Regulation, Internet, Mobile & Wireless, Security

David Kernell has been indicted by the Justice Department for breaking into VP hopeful Sarah Palin's Yahoo e-mail account, according to an announcement at Justice.gov.

The news comes as somewhat of a shock because, the last we heard, the FBI was searching his apartment and did not make any arrests.

The indictment goes into great detail, explaining how Kernell, the son of a Tennessee congressman used the password reset feature at Yahoo, changed the password to 'popcorn' and then posted screenshots of the e-mail messages online. It's a rather obvious example to anyone who thinks it might be a cool idea to try and read someone's e-mail without their knowledge.

However, it also had another effect. Yahoo Mail now uses an alternate e-mail that you must use to reset your account. If you don't have an alternative e-mail, or if you click an option that you can't access that account, then Yahoo says you can't reset the password and that you have to contact Customer Care.

Before even getting to that point, you have to type in your birthdate, country of residence, and zip code. Okay, so all of that info is easy to find about politicians on Wikipedia, but it is a small deterrent. There's also a captcha that prevents bots from running password recovery software, although I'm not sure if there is a bot out there that can fool a captcha (post in comments if you know).

To be honest - and this is where my opinion gets me into trouble, I know - the penalty for the break-in seems stiff. It's up to a $250,000 fine and 5 years in prison. I imagine that teenagers break into the accounts of their friends all the time, but likely would not get an indictment from the Justice Department or an FBI warrant. That's not supposed to be an endorsement, but let's face it: it obviously matters a great deal which account you break into, and if that account could have revealed secrets pertaining to the upcoming election.

And then there is the matter of whether politicians should use Webmail at all -- I would say it's not a good idea. I know this: the e-mail for a personal domain I own seems much more secure - it uses SSL encryption, for example. I'm not sure how someone would reset my password, it doesn't seem possible - but maybe it is if you know the ISP I'm using and can access the account somehow. For now, I feel safe by the mere fact that I am not running for office and, also, that my e-mail is full of everyday e-mails from editors asking for stuff.

Email this

Digg this

What People Are Saying

Add new comment

it was malicious hacking

Submitted by Anonymous on October 12, 2008 - 8:56 P.M.

The son of a TN lawmaker wasn't just hacking into friends' accounts. It wasn't just to see if he could do it. He did it to make public the contents of someone else's email account.

He should get a stiff sentence for that.

Reply | Report this comment

son of a Democratic congressman

Submitted by Anonymous on October 9, 2008 - 9:03 P.M.

It's no little detail that he is the son of a Democratic congressman and to leave that information out of the story downplays the significance of this.

Reply | Report this comment

You don't make a son pay for

Submitted by Anonymous on October 11, 2008 - 8:35 A.M.

You don't make a son pay for the sins of a father and vice-versa. I'm registered Republican... but think your attempt to link a college kid's activities to the status of his father is completely unwarranted. Kid'd stupid activities are often just that -- stupid.

Reply | Report this comment

david_kernell_indicted_yahoo_mail

Submitted by Anonymous on October 9, 2008 - 3:28 P.M.

Excuse me but doesn't the Government have rules about storing Gov. mail? I am not sure if it is allowed to be stored on such a public place as Yahoo. As a matter of fact I believe Sarah Palin is not following this process herself, and possibly could be breaking the law herself.

Reply | Report this comment

What are her damages & are they political?

Submitted by Techie on October 12, 2008 - 3:00 A.M.

I agree with 'Anonymous,' whose post I am responding to, that there should not have been any work related data in the yahoo account.
Every mid-sized company (or larger) and certainly many small businesses have the common sense to restrict the ability of their employees to access personal/public email servers, etc. from the office place for one simple reason: to mitigate security risk. For example, many people use Gmail accounts and have their email forwarded to them because they are web based and be checked from any computer with an internet connection. This poses a risk because potentially privileged information is brought outside of the internal security systems and exposed to hacking of the sort Palin encountered, not to mention the more likely occurrence, leakage do to user negligence/incompetence.
The fact of the matter is: that while what Kernell is alleged to have done is innapropriate, however, it was to be expected. This is why policies against using Yahoo email accounts, or any other such unsecured means of communication, to conduct business are restricted.
The real story seems to be the lack of judgment on Palin's part, as well as, any potential violations of conduct/practice etc. along with the practices of the 'tech divisions' of the Gubernatorial offices of Alaskan

Reply | Report this comment

Kernell

Submitted by Lynn on October 12, 2008 - 3:31 P.M.

Once again people don't want to take responsibility for their actions. How is it Palin's fault? Who cares where she kepts her information? The bottom line is that he hacked into her computer which is private. Davis is responsible not Palin, not Bush, not my aunt, or the dog.

Reply | Report this comment

he didnt hack her computer,

Submitted by Anonymous on January 4, 2009 - 6:23 P.M.

he didnt hack her computer, he hacked a web-based email account that was obviously sorely lacking in security measures. not only that, but she was keeping sensitive government related files on her web-based email with little to no security measures. if it wasnt this kid, it would have been someone else. you're just lucky this kid was an american. what if some russian or lebanese guy got into those secure documents?

you have to understand that he did not hack her computer, he did not hack her government files, he did not hack anything related to her work, he simply attained the password to her web-based email address, where she was dumb enough to keep sensitive files. it is PALIN that is at fault here for putting HERSELF, the ELECTION, and for that matter the COUNTRY at risk by ignoring the safety measures put into place to prevent exactly this from happening. she should be the one getting an indictment.

Reply | Report this comment

Do you work for PETA....?

Submitted by Brian on October 11, 2008 - 3:49 A.M.

Do you work for PETA....?

Reply | Report this comment

What about Palin's crimes?

Submitted by Anonymous on October 9, 2008 - 1:47 P.M.

When is Palin going to answer for all of her secrecy and crimes...as a start, Troopergate? Here, Republican lawyers have stopped the investigations via lawsuits. Even Alaskan citizens are disgusted with Palin's flip flop on being an "open book." Well, this is evidently one book that Republicans will shelve until AFTER the election. Gee, it must be nice to have friends in high places.

Reply | Report this comment