

Palin Hacker Caught - Son of Democratic TN State Rep. - pmorici
http://www.tgdaily.com/html_tmp/content-view-39405-108.html

======
rsheridan6
AFAICT, what we know at this point is that Palin's email was hacked and
somebody claiming that Kernell's email address was theirs claimed to have done
it on 4chan. I think it's a little irresponsible to have a headline that
shouts "Palin Hacker Caught" when he hasn't admitted to it, been convicted of
it, or even been charged yet. I'm not saying he didn't do it, but internet
trolls have been known to attribute their actions to others before.

~~~
pmorici
That's a good point, the person in question could also have had their computer
compromised and are being framed...

------
iamdave
_He forced a password reset by answering questions about Palin’s birthdate,
zip code and where she met her spouse, Wasilla High School._

By this admission, the media needs to drop the word "HACK" right now because
that's not hacking. That's social engineering.

~~~
sant0sk1
Social engineering is people hacking. He didn't hack any people. He subverted
a poorly designed password retrieval mechanism.

Just because he didn't use a personally crafted 0-day exploit doesn't mean he
wasn't hacking (or cracking, if you're in to semantic debate).

~~~
iamdave
_He subverted a poorly designed password retrieval mechanism._

Even better way of putting it, thank you. By all legal definitions this kid
should get off scot free but he wont.

~~~
hugh
I'm pretty sure that "the lock was poorly designed" has never successfully
been used as a legal defence by a burglar, and that "but they were so easy to
fool" has never successfully been used as a legal defence by a conman, so I'd
be surprised if a poorly-designed password retrieval mechanism could be used
as a defence in this case.

If nothing else, the kid committed some kind of fraud by telling the system he
was Sarah Palin when in fact he wasn't.

~~~
iamdave
_If nothing else, the kid committed some kind of fraud by telling the system
he was Sarah Palin when in fact he wasn't_

I've also never heard of a case where someone told a computer they were
someone they weren't and prosecuted on that alone or any sort of 'fraud' in a
circumstance like this (though if you want to split hairs, Identity Theft that
leads to punitive damages such as credit, or finances is another thing, but
still doesn't fit the mold of this particular circumstance)

It's a perfectly fine defense, all things said. He retrieved the information
he needed, he used the system the way it was built to be used and the system
did what it was supposed to do. There is NOTHING illegal about lying to a
computer system in this situation.

The burglar analogy only makes even a bit of sense if the burglar illegally
obtained a key, made a copy of it and _THEN_ gained access to the home. For
the intents of this discussion, that's all this rubico person did. He obtained
a key to the home, used the key to it's intended purpose and gained access.

~~~
mseebach
> he used the system the way it was built to be used and the system did what
> it was supposed to do.

So, if I go to the mailbox outside your home (assuming the classic unlocked US
design) after the mailman leave, pick up your mail, open the envelopes and
post what I find on /b/, you're just gonna shrug and blame yourself for using
such a badly designed security mechanism?

You know, when I open your letters, the envelope does exactly what it's
supposed to do, so I'm not committing a crime, right?

------
hugh
Well, this settles the question, posted in an earlier thread, about whether
the culprit was very very smart or very very stupid.

(Unless, of course, this guy is innocent, in which case the real culprit was
very very smart.)

In other news, I sure hope everyone who feels compelled to express an opinion
about what should happen to this kid now will stop for a moment and consider
whether their opinion would be the same if he were the son of a Republican
senator and got caught doing the same thing to a Democratic candidate, and to
make absolutely sure that their opinion would be the same either way.

~~~
davidw
> I sure hope everyone who feels compelled to express an opinion...

... will do so elsewhere?

~~~
hugh
Oh I don't know, I think that "suitable punishments for computer criminals" is
perfectly on-topic, as long as it's not too infected by boring politics.

~~~
qqq
And you think that your view that politics is boring is on-topic?

~~~
hugh
Perhaps it's more meta-ontopic.

~~~
qqq
Do you think the view that politics is not boring is on topic (or meta-on-
topic)?

------
bbb
Hypothetically, it is really easy get away with something like this:

1) Go to a well-trafficked coffee shop that you've never been to before. Pay
with cash.

2) Use a bootable Linux CD or a virtual machine for the actual "attack." (Xen,
VMWare, anything.)

3) Spoof your wireless MAC address. (if you are paranoid)

4) Perform your "special investigation." Post your info to wikileaks.

5) Reboot without the Linux CD or securely delete the virtual machine when you
are done.

6) Don't brag about it.

See, you don't even need a proxy. It's not that hard.

How can anyone be so stupid to get caught anyway?

~~~
ryanwaggoner
1.5) ensure the coffee shop has no security cameras

~~~
bbb
Good point.

But if there are a lot of laptop-using customers even a security camera
shouldn't be too much of a problem. After all, just being there is not a crime
in itself. And wiping your system will delete all evidence that could link you
to any log files.

------
nihilocrat
This guy (I mean whoever did it, not necessarily who the article purports did
it) is ultimately pretty dumb; it's one thing to point out "it is easy to
break into a public figure's Yahoo email because the security questions rely
entirely on security-through-obscurity" but it's another thing to actually do
it.

Like others have said, the defense provided sounds pretty feasible; I'm no
legal expert, so it's very plausible he has done nothing really wrong, and it
might be the case where prosecution will lead to a dangerous interpretation of
laws that would make "truly" innocent people guilty. As usual, the end result
will probably be less about law and more about the candidate involved making
sure the situation turns out how she wants it to, the justice system is eager
to put people in jail so I figure punishment will be likely. Everyone hates
college students, lazy hippies!

Also, he should have probably just used TOR. I'm not really that good of a
cracker, preferring to instead program useful things and then getting paid for
it, so would this have covered his tracks pretty well?

Either way, it's pretty amazingly funny to see a /b/tard easily get access to
a public figure's email and let 4chan get a hold of it, and then see the news
media act like it's some sinister hacker network that did it. Well played.

------
vaksel
does anyone here really think that a "l33t hax0r" was dumb enough to post a
screen with the proxy url visible?

~~~
newt0311
Then again, you don't have to be very l33t to do what he did.

------
Prrometheus
One proxy is never enough. You need more. Like seven.

~~~
lallysingh
Like tor?

~~~
eru
Tor uses three at a time.

------
froo
You can pretty much call the election right there gentleman.

I don't have any political preference in the matter (I'm an Aussie), but I
predict that Republican extremists are going to take this and run with it as
far as possible.

Not only are people going to see the Palin/McCain team as the underdog,
because everyone loves an underdog, but they'll also be portrayed as the
victim of evil attacks by the democrats (even though it was his son, and I'm
sure his son has little political preferences yet)

That just sucks and frankly it scares the living shit out of me that someone
like Palin could potentially end up being the "leader of the free world" when
she has shown some incredibly odd positions over time.

EDIT - just adding this in as a clarification incase anyone wants to call this
anti-right propaganda (as I saw myself downmodded earlier, if anything I'm
anti-noob)

I've got no problem whatsoever with McCain being President if his age wasn't a
factor. He's earned his right. It's just that there is a growing anti-American
sentiment in the rest of the world (I see it all the time in Aus) and it would
be a step backwards to have someone like Palin being literally a heartbeat
away from the top spot, especially with the absolute mess that it appears Bush
has made.

You guys need a leader, not a pretty face.

~~~
mattmaroon
Wrong on many accounts.

1) McCain won't even remotely attempt to tie this to Obama. Even despite the
recent negative turn, this campaign has been fairly civil. Just as Obama
passed on commenting about Palin's daughter's personal troubles, McCain will
not blame this on the DNC. (Michelle Malkin might be another story, but she
doesn't influence anyone whose vote is up for grabs.)

It was the college-age son of some state politician who will probably publish
remarks condemning it. That'll pretty much be the end of it.

2) In America, the rich old white male (especially one who doesn't know how
many homes he owns) is never seen as the underdog to the young black man, even
if he is.

3) Most of our worst leaders weren't noobs. George W had more executive branch
experience than anyone currently running, and in his second term (which a lot
of historians believe to be the worst in history) he'd already had 4 years of
trial under fire as President.

A lot of times, experience just deeply ingrains one way of doing things and
inhibits the mental flexibility needed for such an intellectual job.

(And don't get me wrong, I'm terrified as shit of having her as President, but
it's not due to her inexperience).

~~~
netcan
_Michelle Malkin might be another story, but she doesn't influence anyone
whose vote is up for grabs._

I thought in the US system, swinging votes don't really matter. Those fence
sitters aren't confident or interested enough to vote anyway. I thought the
only thing that mattered was preaching to the choir & getting them to vote at
all. Hence scare tactics.

~~~
anamax
> I thought in the US system, swinging votes don't really matter. Those fence
> sitters aren't confident or interested enough to vote anyway. I thought the
> only thing that mattered was preaching to the choir & getting them to vote
> at all.

Not at all. While you don't have a chance if your base doesn't come out, they
almost always do. As a result, swing votes typically decide US elections.

There are, however, two kinds of swing votes. One always votes, but switches.
The other shows up occasionally.

------
noahlt
So it _wasn't_ Anonymous, since he was posting as 'Rubico'.

------
KevBurnsJr
zip archive on wikileaks

<http://wikileaks.org/wiki/Sarah_Palin_Yahoo_inbox_2008>

------
ajkirwin
I'm not so sure that he should be prosecuted at all. The equivalence to this
is breaking into someone's house.. by asking their two year old if they can go
inside and for the key.

It's an equivalent level of security.

~~~
ars
If you asked a two year old if you can come in and did, you would/could be
prosecuted. For trespassing amongst other crimes. Two year olds do not have
legal capacity to consent. Technically you could be prosecuted if a 15 year
old let you in - although you probably wouldn't be. It depends on the parents.
And it depends on what you did - specifically did you commit an additional
crime while there.

Reading someones private email is a crime, as is posting it, as is trying to
mess with an election.

If you told the kid a lie in order to get in you could also be prosecuted for
fraud.

Just because you can, does not mean you should.

