Sarah Palin’s Email Hacker Convicted.

A jury handed down a mixed verdict in the case of David Kernall, who hacked into Sarah Palin’s Yahoo email account. Kernall used a password reset attack to break into Palin’s Yahoo account, something that wouldn’t have happened if either Yahoo had been using reasonable security practices at the time, or if Palin would have known not to answer password reset questions with the correct answer (more on that in an upcoming blog). Still, it is neither Yahoo nor Palin’s fault that Kernall chose to break the law and the blame lies squarely with him. Still, in apparent effort for prestige and glory, the prosecutors really decided to go overboard on this case. It is unlikely there would have been so many charges were it not for the publicity of the event.

So, the charges and the verdicts…

The most serious charge was obstructing justice, which is a felony. Kernel faces up to 20 years in jail for that charge, however he will probably get a significantly shorter sentence. The thing about a felony conviction is that as an American you lose your right to vote and that is for life.

Kernall was convicted of unauthorized access to a computer, which was completely appropriate for the prosecution to charge him with. The unauthorized access is a misdemeanor charge.

Kernall escaped conviction on the charge of wire fraud.

The prosecution also charged identity theft. This one seems a stretch to me, but I haven’t reviewed the testimony. The jury deadlocked on the identity theft charge and the prosecutors have yet to say if they will seek a retrial.

Of particular interest was the commentary of a man who testified against Kernall. You can read his statements at http://www.theregister.co.uk/2010/04/28/palin_email_witness/. The witness for the prosecution described the prosecution as “a dog and pony show” and as a result is changing the logging policies of his anonymous proxy to the legal minimum rather than retaining logs for a longer period of time, which may have helped the prosecution in this case.

I’ll follow up with a recap of the password reset attack and how to protect your accounts against such attacks

Randy Abrams
Director of Technical Education

Author ESET Research, ESET

  • Rhiana G

    sarah palin is hosting a new show.. PALIN FOR PRESIDENT 2012!

  • IDTheftReview

    This is justice for Sarah Palin but what about the numerous others who have been through this problem before? They wouldn’t have generated as much attention but hopefully they, too have been given the justice they deserve. There will always be people like David Kernall who will choose to break the law. One thing we learned out of it is not to take email security measures for granted. If there are suspicious changes, there must be something fishy going on.  

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.