Sarah Palin's email hacker sentenced to 366 days in custody

Filed Under: Law & order

David Kernell
The student who broke into Sarah Palin's personal Yahoo email account, as she was running her campaign to become the US Vice President, has been sentenced to a year and one day in custody.

In September 2008, David C Kernell, who went by the internet handle of "Rubico", posted examples of Palin's private emails, addresses of her contacts, and family photos on Wikileaks, and bragged that hacking into the vice-presidential candidate's Yahoo account was child's play.

Sarah Palin email

Sarah Palin left her Yahoo account vulnerable to attack because she choose to make her "secret questions" her date of birth, her postal code, and information about where she met her husband - all information which David Kernell was able to glean quickly by using Google and Wikipedia.

How Sarah Palin's email address was hacked

Palin went on to claim that the email hack paralysed her campaign to become the USA's first female vice president.

Furthermore, Bristol Palin - the daughter of the former Alaskan governor - testified that she was harassed as a result of the security breach.

Kernell, the son of state democratic representative Mike Kernell, could have potentially faced up to 20 years in prison for the obstruction of justice conviction - brought about because he deleted evidence from his hard drive - and an additional year for the unauthorised access to Palin's account.

Here's a video I made at the time of the incident, showing how both Paris Hilton and Sarah Palin have been caught out by choosing naive answers to "secret questions":

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

David Kernell, meanwhile, will have plenty of time to think about his actions - 366 days, in fact, which he will need to serve in either a federal prison or a halfway house.

With luck, others will learn something from this story and realise that hacking into the email accounts of others is never acceptable.

, ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley