A person claiming to be the hacker who obtained access to Alaska Gov. Sarah Palin's private Yahoo e-mail on Tuesday has posted a supposed first-person account of the hack, revealing the relatively simple steps he says he took to crack the private e-mail of the Republican vice-presidential candidate.
The story was briefly posted Wednesday to the 4chan forum where the hack first surfaced. Bloggers have connected the handle of the poster, "Rubico," to an e-mail address, and tentatively identified the owner as a college student in Tennessee.
[Wired's] Threat Level [blog] was unable to reach the student by phone because his number is unlisted. A person who identified himself as the student's father, when reached at home, said he could not talk about the matter and would have no comment. The father is a Democratic state representative in Tennessee. Threat Level is not identifying them by name because authorities have not identified any suspects in the case, and the link to the student so far is tenuous.
As detailed in the postings, the Palin hack didn't require any real skill. Instead, the hacker simply reset Palin's password using her birthdate, ZIP code and information about where she met her spouse -- the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search.
The simplicity of the attack, of course, makes it no less illegal.
The hacker said that he read all of the e-mails in the Palin account and found "nothing incriminating, nothing that would derail her campaign as I had hoped. All I saw was personal stuff, some clerical stuff from when she was governor…. And pictures of her family."
Once the hacker had read the e-mails in Palin's account, he said he suddenly realized what he'd done and how vulnerable he was to being caught, since he'd used only a single proxy service to hide his IP address.
yes I was behind a proxy, only one, if this s--- ever got to the FBI I was f---ed, I panicked, i still wanted the stuff out there but I didn't know how to rapids--- all that stuff, so I posted the pass on /b/, and then promptly deleted everything, and unplugged my internet and just sat there in a comatose state
Once he posted the information to 4chan -- the stronghold of the Anonymous griefer collective -- a good Samaritan tried to step in to protect Palin by resetting her password and sending an e-mail to one of her aides, Ivy Frye. But the white hat posted a screen shot of that e-mail to 4chan, and it included the new password. That triggered a feeding frenzy on the forum, as legions of channers competed to log in and reset Palin's password again.
That flurry of activity triggered a security feature that froze Palin's account for 24 hours, which was long enough for the information to hit the media. Palin, or someone in her camp, closed the account early Wednesday morning.
The postings telling the story have been deleted from 4chan, so I've included them below.
rubico 09/17/08(Wed)12:57:22 No.85782652
Hello, /b/ as many of you might already know, last night sarah palin's yahoo was "hacked" and caps were posted on /b/, i am the lurker who did it, and i would like to tell the story.