Hacker impersonated Palin, stole e-mail password
Sep 18 03:25 PM US/Eastern
By TED BRIDIS
WASHINGTON (AP) - Details emerged Thursday behind the break-in of Republican vice presidential candidate Sarah Palin's e-mail account, including a first-hand account suggesting it was vulnerable because a hacker was able to impersonate her online to obtain her password.
The hacker guessed that Alaska's governor had met her husband in high school, and knew Palin's date of birth and home Zip code. Using those details, the hacker tricked Yahoo Inc.'s service into assigning a new password, "popcorn," for Palin's e-mail account, according to a chronology of the crime published on the Web site where the hacking was first revealed.
The FBI and Secret Service launched a formal investigation Wednesday. Yahoo declined to comment Thursday on details of the investigation, citing Palin's privacy and the sensitivity of such investigations.
The person who claimed responsibility for the break-in did not respond Thursday to an e-mail inquiry from The Associated Press.
"i am the lurker who did it, and i would like to tell the story," the person wrote in the account, which circulated on the Internet. What started as a prank was cut short because of panic over the possibility the FBI might investigate, the hacker wrote.
Investigators were waiting to speak with Gabriel Ramuglia of Athens, Ga., who operates an Internet anonymity service used by the hacker. Ramuglia told the AP on Thursday he was reviewing his own logs and promised to turn over any helpful information to authorities because the hacker violated rules against using the anonymity service for illegal activities.
"If you're doing something illegal and causing me issues by doing this, I'm willing to cooperate," Ramuglia said. "Obviously this is the most high profile situation I've dealt with."
The break-in of Palin's private account is especially significant because Palin sometimes uses non-government e-mail to conduct state business. Previously disclosed e-mails indicate her administration embraced Yahoo accounts as an alternative to government e-mail, which could possibly be released to the public under Alaska's Open Records Act.
At the time, critics of Palin's administration were poring over official e-mails they had obtained from the governor's office looking for evidence of improper political activity.
Details of this week's break-in, if authentic, were consistent with speculation by computer security experts who said Yahoo's "forgot-my-password" service almost certainly was exploited. The mechanism allows customers to retrieve or change their password if they can verify their identity by confirming personal information such as birthdate, zip code and the answer to a "secret question," such as a childhood pet's name or school mascot.
Palin's hacker was challenged to guess where Alaska's governor met her husband, Todd. Palin herself recounted in her speech at the Republican National Convention that the pair began dating two decades ago in high school in Wasilla, a town near Anchorage.
"I found out later though (sic) more research that they met at high school, so I did variations of that, high, high school, eventually hit on 'Wasilla high'," the person wrote.
The McCain campaign issued a statement describing the hacking as an invasion of Palin's privacy.
Sep 18 03:25 PM US/Eastern
By TED BRIDIS
WASHINGTON (AP) - Details emerged Thursday behind the break-in of Republican vice presidential candidate Sarah Palin's e-mail account, including a first-hand account suggesting it was vulnerable because a hacker was able to impersonate her online to obtain her password.
The hacker guessed that Alaska's governor had met her husband in high school, and knew Palin's date of birth and home Zip code. Using those details, the hacker tricked Yahoo Inc.'s service into assigning a new password, "popcorn," for Palin's e-mail account, according to a chronology of the crime published on the Web site where the hacking was first revealed.
The FBI and Secret Service launched a formal investigation Wednesday. Yahoo declined to comment Thursday on details of the investigation, citing Palin's privacy and the sensitivity of such investigations.
The person who claimed responsibility for the break-in did not respond Thursday to an e-mail inquiry from The Associated Press.
"i am the lurker who did it, and i would like to tell the story," the person wrote in the account, which circulated on the Internet. What started as a prank was cut short because of panic over the possibility the FBI might investigate, the hacker wrote.
Investigators were waiting to speak with Gabriel Ramuglia of Athens, Ga., who operates an Internet anonymity service used by the hacker. Ramuglia told the AP on Thursday he was reviewing his own logs and promised to turn over any helpful information to authorities because the hacker violated rules against using the anonymity service for illegal activities.
"If you're doing something illegal and causing me issues by doing this, I'm willing to cooperate," Ramuglia said. "Obviously this is the most high profile situation I've dealt with."
The break-in of Palin's private account is especially significant because Palin sometimes uses non-government e-mail to conduct state business. Previously disclosed e-mails indicate her administration embraced Yahoo accounts as an alternative to government e-mail, which could possibly be released to the public under Alaska's Open Records Act.
At the time, critics of Palin's administration were poring over official e-mails they had obtained from the governor's office looking for evidence of improper political activity.
Details of this week's break-in, if authentic, were consistent with speculation by computer security experts who said Yahoo's "forgot-my-password" service almost certainly was exploited. The mechanism allows customers to retrieve or change their password if they can verify their identity by confirming personal information such as birthdate, zip code and the answer to a "secret question," such as a childhood pet's name or school mascot.
Palin's hacker was challenged to guess where Alaska's governor met her husband, Todd. Palin herself recounted in her speech at the Republican National Convention that the pair began dating two decades ago in high school in Wasilla, a town near Anchorage.
"I found out later though (sic) more research that they met at high school, so I did variations of that, high, high school, eventually hit on 'Wasilla high'," the person wrote.
The McCain campaign issued a statement describing the hacking as an invasion of Palin's privacy.