In plain English - how they hacked Sarah Palin’s Yahoo account

Here is a plain English explanation of how Sara Palin’s Yahoo email account was compromised via Yahoo’s password recovery system - and the ugly fall-out that ensued.

Prologue

• Last week, the Washington Post published an article about Sarah Palin’s use a private Yahoo e-mail account , allegedly for State business.
• gov.palin@yahoo.com is published for public consumption by ThinkProgress.org and  CommonDreams.org.
• Not long after that, the account was locked after numerous attempts by individuals attempting to gain access.

Act One, scene 1 - the discovery

• Yahoo’s password recovery was re-enabled for the account
• A hacker identified as rubico10@yahoo.com, via the proxy service ctunnel, spends less than an hour obtaining the personal information about Palin to successfully fill in the blanks to the following password recovery questions:
  1. Birthdate: via the WikiPedia (15 seconds)
  2. Zipcode: All 2 of Wasilla’s zip codes via the U.S.Postal Service online
  3. Where did you meet your spouse:  “Wasilla high” after said hacker spent about 40 some-odd minutes chasing down various Google stories on Palin’s personal life.
• rubico 09/17/08(Wed)12:57:22 No.85782652 - posts the above on a bbs entitled /b/ hosted at 4chan.org.

Act One, scene 2 - the boast

• rubico 09/17/08(Wed)12:58:04 No.85782727 - said hacker laments how after reading through though all the emails, that anticlimactically finds “nothing there, nothing incriminating, nothing that would derail her campaign as I had hoped …“
• rubico10@yahoo.com, then in response to some speculative criticisms, verifies he was indeed the “lurker who did it” posts the passwords and some photos.

Act Two, scene 1 - the white knight

• A /b/ user named white knight used rubico’s information to Palin’s account and:
  1. change the password
  2. send warning emails to friends identified in Palin’s Yahoo email address book
  3. took screenshots of the email
• white night then goes back to /b/ to let them know the fun is over, posting the screenshot of the email - which included the new password he had created for the account

Act Two, scene 2 - the Anonymous bomb

• At about midnight Eastern on Tuesday, some one from the group Anonymous posts screenshots of e-mail messages and photos belonging to the Alaska governor are been published by WikiLeaks
• Accoding to Wired Magazine, these include:
  1. text of an e-mail exchange with Alaska Lt. Gov. Sean Parnell about his campaign for Congress
  2. a screenshot shows Palin’s inbox
  3. text of an e-mail from Amy McCorkell, whom Palin appointed to the Governor’s Advisory Board on Alcoholism and Drug Abuse in 2007
  4. A fourth screenshot shows an e-mail sent to Ivy Frye, a Palin aide, from someone claiming to belong to the group Anonymous advising that the person has changed the password to Palin’s Yahoo account to prevent other members of Anonymous from accessing it again
  5. a list of Palin’s e-mail contacts
  6. two photos of Sarah Palin’s children

Act Three, scene 1 - the explosion

• 10:49 - TechVoice writes ‘Hackers break into Sarah Palin’s inbox!’
• 1:00 PM on Wed Sep 17 2008 - ‘the Gawker posts the WikiLeaks‘ material, photos and all under the auspice of “Did the internet just cause Sarah Palin to destroy evidence?“
• 2:00 PM - Wired News reports the story, and receiving confirmation from Amy McCorkell that she indeed sent the message that appears in one of the screen shots.
• 3:00 PM - Michelle Malkin blogs ‘Sarah Palin’s private e-mail hacked, family photos raided; cesspool blog gloats; feds investigate’
• 4:40 PM - the Register.co.uk reports ‘Anonymous hacks Sarah Palin’s Yahoo! account’

Act Three, scene 2 - the fallout

• 5:00 PM  - Fox News broadcasts ‘Palin’s E-Mail Account Hacked, Published on Web Site‘
• 06:15 PM - the Drudge Report broadcasts the Fox News broadcast
• 7:00 PM - Michelle Malkin writes ‘Gawker lies again‘ in response to the Gawker effectively mirroring the WikiLeaks story - family photos and all
• 7:30 PM - Michelle Malkin publishes ‘The story behind the Palin e-mail hacking‘ which includes an email from a tipster who captures all the dialog about 4chan.org, /b/ and rubico10@yahoo.com
• 7:30 PM - CNN writes that McCain camp seeks investigation over reported e-mail hack
• 9:11PM - the SF Gate writes Hackers break into Sarah Palin’s e-mail account, going on to give out the email address of Todd Palin’s with an explanation of how it was derived
• 9:22 PM - the Register.co.uk reports Memo to US Secret Service: Net proxy may pinpoint Palin email hackers
• 11:30 PM (17Sep08) - my wife tells me, I begin writing this chronology
• 5:15 PM (18Sep08) - Malkin again: Closing in on the Palin e-mail hacker
• 6:47 PM Michelle, Michelle, Michelle: AP reporter e-mails: Yeah, it’s all Palin’s fault
• At some point in the day, ICANN deleted the DNS entry for WikiLeaks

Epilogue

• I don’t know yet, it depends on what you Christians who blog have to say about it …

My take on all this?  Having just today posting to  Heal Your Church Website an article entitled ‘5 simple steps to stronger passwords‘ … entirely unaware of the breaking Palin email story …

… I think I now need to go back there and follow up with a post on ‘5 things we can learn about password recovery questions from Sarah Palin‘ … after I first practice what I’m about to preach.

Other than that, my opinion is, this is theft and fraud plain and simple. And had this happened to Obama or Biden I still feel as offended and desirous of swift and harsh judgement on the perpetrators.