Sarah Palin hacker suspect had spyware-infected PC

Filed Under: Data loss, Law & order, Malware

The 21-year-old student accused of hacking into Vice Presidential hopeful Sarah Palin's Yahoo account was working on a spyware-infected computer, according to his legal team.

David Kernell was mid-way through a student party in September 2008, when the FBI swooped on his apartment in the city of Knoxville, Tennessee. The son of state democratic representative Mike Kernell, and student at the University of Tennessee, had been identified on the internet as being linked to a hack on Sarah Palin's gov.palin@yahoo.com email account, which saw examples of her emails, addresses of her contacts, and family photos posted on Wikileaks.

An email from Sarah Palin's Yahoo account

Sarah Palin recently claimed that the hack disrupted the ultimately unsuccessful Republican Presidential campaign.

Now it is reported that defence attorneys claim that Kernell's Acer laptop had been itself compromised by hackers.

"The program, which was installed by an unknown method before the computer ever came into Mr. Kernell's possession, uses sophisticated technology to record and report personal information without the user's knowledge," his attorneys stated, in a motion filed on 30 November.

Details of precisely which piece of malware is claimed to have been found on the laptop has not been revealed, but it certainly raises some interesting questions.

After all, if Kernell was able to prove that a remote hacker had interfered with - and possibly had control over - his PC, then would it be too much of a stretch to argue that there is reasonable doubt that it was actually him who broke into Sarah Palin's Yahoo account?

After all, anything that Kernell could have typed on his laptop keyboard could just as easily have been done by a remote hacker via malware and would look no different to the outside world.

I have no insight into whether this is a line of defence that Kernell's legal team might choose to take, but we have certainly other examples of alleged hackers playing the card of "I was hacked myself".

For instance, in 2003, teenager hacker Aaron Caffrey walked free from court after being cleared of trying to bring down the Port of Houston in Texas by hacking into its computer systems. Caffrey, who admitted being a member of a group called Allied Haxor Elite, claimed that unidentified hackers broke into his computer and launched the attack script against the port. The jury chose to accept Caffrey's story, even though prosecution expert witnesses could find no evidence that his computer had ever been broken into.

Kernell's trial is set to begin on 20th April 2010.

, ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.