Palin Hack Was Really An Illustration Of How Not To Keep Your E-Mail Secure

Okay. Here’s the deal. Sarah Palin’s e-mail wasn’t hacked by some uber brillant hacker. It was hacked by some dude who managed to figure out how to get in to her e-mail after a few seconds of using Google. So he’s hardly a criminal mastermind by any stretch of the imagination.

According to Wired’s Threat Level blog, the perp who goes by the handle “Rubico” talked about what he did on 4chan:

“As detailed in the postings, the Palin hack didn’t require any real skill. Instead, the hacker simply reset Palin’s password using her birthdate, ZIP code and information about where she met her spouse — the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search.”

This is called social engineering. Basically, “Rubico” counted on the fact that Palin would use easy to remember information to set up and secure her e-mail, and leveraged that to get into it. I guess that should make one should wonder if a VP candidate and MILF can’t secure her e-mail, how can she secure the country?

But I digress.

“Rubico” days as a free person may be numbered. He apparently didn’t cover his tracks well:

“Once the hacker had read the e-mails in Palin’s account, he said he suddenly realized what he’d done and how vulnerable he was to being caught, since he’d used only a single proxy service to hide his IP address.”

Too bad he was that sloppy. Because the FBI has been in touch with the proxy service he used:

“Gabriel Ramuglia who operates Ctunnel, the internet anonymizing service the hacker used to post the information from Palin’s account to the 4chan forum, told Threat Level this morning that the FBI had contacted him yesterday to obtain his traffic logs. Ramuglia said he had about 80 gigabytes of logs to process and hadn’t yet looked for the information the FBI was seeking but planned to be in touch with the agents today.

Ramuglia said the screenshots of Palin’s e-mail account, which the hacker posted online, will help him narrow his search, since they revealed most of the Ctunnel URL that was at the top of the hacker’s browser when he took the screen shot.”

Translation: “Rubico” has just had his 15 minutes of fame which will shortly turn into 15 years in the pen as his cell mates bitch.

In the meantime, here’s what you can learn from this: Use obscure information that can’t be tied directly to you if you ever need to answer a password reset question. Ditto for the password itself. Otherwise, you’ll be dumb and owned. Just like Sarah Palin.

Don’t be a Sarah. Be smart. Be secure.

Leave a Reply

%d bloggers like this: