Sophos Cloud Optix
It was a computer security story that made headlines around the world, involving the private emails of a woman who could have become Vice President of the United States. And now, it’s ended with a young man sent to a federal prison, hundreds of miles from his family home.
David C Kernell, the hacker who broke into Sarah Palin’s personal Yahoo email account, is reported to have been sent to jail despite a judge’s recommendation that he should not be put behind bars.
In September 2008, Kernell, who went by the internet handle of “Rubico”, posted Palin’s private emails, her online address book, and family photos on Wikileaks, and bragged that hacking into the vice-presidential candidate’s Yahoo account had been child’s play.
When Kernell was sentenced last November, Judge Thomas Phillips said that the the son of state democratic representative Mike Kernell should serve his 366 day punishment at a halfway house, describing it as “a sufficient restriction of the defendant’s liberty”.
BBC News, however, reports that US government officials have intervened, and Kernell has begun serving time at federal correctional institute in Ashland, Kentucky.
That’s an institution that’s nearly 300 miles away from his family home in Knoxville, Tennessee.
It’s a pretty miserable end to a story that has run since the height of Palin’s ultimately unsuccessful campaign to become US Vice President. I’m not saying that what Kernell did was right, or that it’s excusable – but it’s always sad to hear about a young man being punished so severely for his naive antics when there are so many organised, financially-motivated cybercriminals at large.
Palin went on to claim to the court that the email hack paralysed her campaign to become the USA’s first female vice president.
Furthermore, Bristol Palin – the daughter of the former Alaskan governor – testified that she was harassed as a result of the security breach.
Sarah Palin’s private communications had been exposed because of her lax attitude to securing her email account (a problem she shares with Paris Hilton, as demonstrated in the video below, which I made at the time of the email breach).
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Palin’s mistake was to choose a very dumb (and easy-to-guess) password reminder. That’s a faux pas that many have made in the past, making it easier for hackers to break into systems.
Make sure you don’t make the same mistakes as David Kernell and Sarah Palin. Don’t access computers and accounts that don’t belong to you, and show greater care over your online security.
I am very happy they threw that stooge in jail 🙂
I think he should have received several YEARS in prison. Wah, he's away from his family. The first time someone screws up, they should receive a very harsh punishment so that they don't want to go through it again. Instead we give warnings, no-nos, etc and tell them 'Next time' it will be worse, but it rarely is as we repeatedly hear of the numerous crimes criminals commit and repeat. Maybe when he gets out he will have learned that actions do have consequences and if you don't like the consequences, then you won't repeat the action.
Maybe, he'll be hardened and learn how to perform some real crimes while he's young and impressionable in prison right? Maybe next time he'll hack a bank with some of his new friends instead of hacking an email account.
As the mother of a young man, I can understand that feeling that this is a harsh punishment and agree with the Judges recommendation for the halfway house. I feel this young man should be recruited by intelligent firms and given a proper outlet for his creative hacking. It is computer stuff, not robbery and while embarrassing for the former VP candidate, it did not put her life in danger and that was not this young man's intent. He is just following the political vitrol spewed by his families party affiliation and the smear tactics encouraged by that party. He needs a good lesson in clean politics and a career in hacking for the government and not against it. I think he violated someones privacy and that is not good but it should not be criminal unless it resulted in bodily or permanent injury and it did not lose her candidacy, McCain did that for her.
I'm not sure his hacking was that "creative" or that this particular hack demonstrates any particular computer skill (he just correctly guessed Sarah Palin's answers to her "secret questions).
I wouldn't like to see a guy like this get a job in the computer security industry just because he did something illegal. There's plenty of skilled young people out there who have had the maturity to *not* do what Kernell did.
He's not very bright and would add nothing new to the computer security industry. We have more creative people than some guy who found out her secret questions based on Facebook.
Oh you are SO wrong. This judge did not want to put him into prison because his father was a democratic representative. So are you now saying this world should have 2 sets of rules. Those with political connections can get off with a pat on the hand? You are wrong. I have 2 sons and 2 grandsons. If they do something wrong, they should be punished by rule of law, not by who they are connected to.
Hacking into someone's email is the same as illegal entry into their homes and violating their privacy. He did not verbalize sorrow. He joked about how easy it was. He shows by this that he would do it again. He should get one year for each email he hacked into.
Yeah, he didn't have to do much to get in. I'm not suggesting he's not bright, but getting in the way he did doesn't suggest he has any real skill in security.
He did something he knew was wrong, got caught, and is being punished for it. Why is this news?
1) "it's computer stuff not robbery" 2) you advocate "clean politics and a career in hacking for the government" Your a fine example of why home schooling is not for everyome.
Thanks however for the laugh on "clean politics" . George Carlin would have appreciated that.
I believe he SHOULD be punished, but it just proves that Yahoo! is really insecure. Imagine him getting into Donald Trump’s email… THEN you have world news.
I see the GESTAPO are doing well in the U.S. He deserves to be punished but sending him to jailfor a stupid prank. Ridiculous…. This could ruin his job prospects in future
He should have thought of this before he did it.
Graham: In your second video above you give advise to make sure to use a "secure PC". What, by your definition is a "secure PC"? I find that concept interesting. I have often wondered why Dell, HP, Acer, do not sell "secure PCs" with hardened (non-Windows) operating systems, firewalls, disk encryption, etc. baked in.
-R
In the context of the video I meant a PC that had been secured by up-to-date anti-virus software, security patches, firewalls, etc.
I wouldn't, for instance, use a computer in a hotel lobby or cybercafe to access my web email account or Facebook page.
A secure PC is simple. Just boot off of a Linux DVD. Unhackable because nothing can alter the OS.
This doesn't sound to me like he hacked it although he bragged about "Hacking" it. He merely guessed the password. I understand that going through other peoples mail is a federal offense but this sounds to me like its her own fault. There is plenty of ways to make your password hard to get and if it happened to any one else it would be blown off and nobody would do a thing. So I do believe, IMHO, that this was a very strict punishment for something that happens multiple times a day with no repercussions.
Woah, she left her door open and the mail on the table and he read it. The Judge who had all the details of the case said he shouldn't be going to prison. Big Brother then intervened and said he must go to prison. Hordes of people in the Land of The Free think this is a good thing, what the heck is wrong with them?
Stupid woman – she should be thanking him for alerting her to her appalling lack of security, She even says that the act paralyzed her chances of becoming president. Oh please…she's living in cloud cuckoo land. I can't believe the young man hasn't been snapped up by some computer security company.
Keister I bet I can go to your yahoo account and use your publicly know information and your recovery questions to figure out your password. Again its not hacking he used his publicly received knowledge to change the password to (essentially) yahoo's account so now If we want to start blaming people tell Palin its her own fault and maybe even blame yahoo for not telling her her recovery questions were stupid and easy to get through. she got "hacked" through ignorance.
You drop your diary in the bus station and I'm going to read it
also How the hell does the government over rule the judge….they are using him as an example to push forth the internet controls and regulation.
P.s. A crime is a crime but you don't charge people who steal cars, murderers and littering all the same do you?
So if the lock on your front door is easy to open with a crowbar, it isn't a crime for someone to go into your house and steal your possessions? Prank? No, this is a serious crime that took a purposeful and concerted effort, and one that would have you calling the police, not the parents, if it happened to you.
I don't know how old this moron is; he appears to be old enough to be tried as an adult. If he is smart enough to hack into someone private account then he is smart enough to understand this premise, " If you going to do the crime then be prepared to do the time".
My pastor says that in the eye of God there is no such thing as a little lie. A lie is a lie period, nothing big or small about it. Now for the crime, an intrusion into someones personal and private information is a crime (there was a law on the books for this prior to him doing this stupid thing, they didn't just make it up for his benefit). A crime is a crime. If you don't understand please refer to the first paragraph.
Exactly!
A crime is a crime but you don't charge people who steal cars, murder and littering all the same do you?
YES! They all get punished, if convicted.
I'm glad your pastor said "there is no such thing as a little lie. A lie is a lie period"
By the same token you're also speaking against yourself – unless you've never lied, and will never lie.
I recommend that you also read up on the parts of Bible where it talks about condemning, judging others, and above all, being a hypocrite.
Please excuse me for sounding a little strong, but let's have some balance here, not condemning the man out of questionable motives, nor being too lenient toward an obvious breach of law.
Anywhere did I say I wasn’t a sinned? The apostle Paul wrote to the church and in essence told then they needed to rebuke fellow members in the way they were acting. Jesus surrender to the Hebrew leaders to be judged by their laws. Don’t mis-understand what I’m saying. This was God’s plan, not man’s control. When someone makes biblical comments one can not pick and choose what fits their agenda. With that said, I pray not to mislead anyone in short biblical lectures. That is a far far greater sin I choose not to bear. Any problems I have created in this arena needs to be discussed with a Christian Biblical leader.
And if what the US government is doing to its citizens, be it knowingly or in secret, isn't a whole book of little lies, then i don't know what is. I'm an atheist, but you cant tell me that what the government does is all moral, above board, and favorable in the eyes of any god.
A war in IRAQ based on lies about WMD. I rest my case.
yea I would call the police if someone came into my house from finding the key I left under a rock outside my front door but It was my own fault still. Besides which he stole crap. And if it did effect her political campaign that's her own fault again for using a yahoo account with poor security to take care of her campaign. I would beef up security and probably give my key to a neighbor instead of putting it under a rock. I'm not saying what he did wasn't somewhat inappropriate what I'm saying is that serving time at federal correctional institute is not a reasonable punishment for the act.
so back on if someone broke into my house stole some newspapers a bag of garabage and a 20 dollar bill….who cares I would let it go I would call the cops but if they caught them I would only want to know why the hell they would steal such stupid things. The kid obviously did it to do it. I'm sure it was so he can say he did it and not to plan her demise or to ruin her political career. She can do that all on her own. So prying the door open is a little different than finding the password publicly online.
Personally i think the stupid woman had it coming.. If it wasn't Kenell then it would have been someone else.. Sarah Palin is a self-centered, egotistical, self-righteous, hypocritical politician, you might as well just strap a massive bullseye to her back and say "Hack This"…
Now, granted i don't agree with hacking someone's email, if you can call guessing a password hacking… nor do i agree with the whole point of posting them on wikileaks.. but what i do have a problem with is that this kid gets 366 days in a FEDERAL jail as opposed to a half-way house like the judge said. As someone earlier on said, its just a case of the American government putting in their big size 50 feet over anything to do with "cyber-crime" and over reacting to prove some point to no-one really..
All this analogizing in here about front doors, diaries etc is almost annoying as the crime itself.. Face it, he did something stupid to a high profile government official, thought he could get away with it, cried like a baby when he got caught and now everyone is having a pissy fit about it.
The real issue here isn't the crime that was commited, nor who it was or what it was, more the fact that the American legal system has just been proven to be broken beyond repair. As the pledge states, "I pledge allegiance to the flag of the United States of America, and to the republic for which it stands, one nation under God, indivisible, with liberty and justice for all." Liberty and Justice that have sadly been taken out into the pasture and shot.
There certainly appear to be a lot of inherently dishonest people making comments here. As for Cluley's comments, I'm glad I dumped the Sophos system in favor fo Kaspersky. Cluely, this one is an embarrassment to the internet/computer security industry.
Hi Honest
I agree that what Kernell did was wrong and against the law and that he should be punished. None of us, however, know the full facts of the case. The judge *did* hear all the facts and see the relevant reports – and he seems to have believed that a halfway house was sufficient punishment.
It disturbs me that others can overrule a judge's advice like that.
Wow, looks like the kangaroo courts really threw the book at him lol
Gotta say Graham that on this issue, I disagree. A year locked up will be a suitable deterrent for himself and should also go some way to deter others from committing a similar crime. The distance between the prison and his home will not be an issue for the prisoner, only his family.
I have to say though that what disturbs me is why "Government Officials" are able to determine a sentence. I always thought that was the judges job. Mind you, I'm an Australian, so US justice is not a speciality of mine. I can understand a light sentence being appealed by government, by not set by them.
Kid ought to be given a medal. She's a dumb, horrible woman.
It's really quite simple.
You don't go into someone else's email account without their consent. Doing so is a crime, and people go to prison for that. They don't go to a halfway house. It doesn't matter whose email you break into.
From the AP report at the time.
http://www.huffingtonpost.com/2010/11/12/david-ke…
• A jury in late April convicted Kernell of unauthorized access to a protected computer and destroying records to impede a federal investigation. Jurors acquitted him of wire fraud and deadlocked on an identity theft charge.
• The sentence by U.S. District Judge Thomas W. Phillips fell short of the 18 months in prison sought by federal prosecutors to send a message to would-be hackers during political campaigns.
Incarceration for this can be compared, for example, to the Tennessee laws on DUI. It takes 4 convictions to get put away for a year.
http://www.1800duilaws.com/Tennessee-dui-attorney…
I guess hackers need more negative examples than drunkards.
palin needs to be thrown in jail, this kid needs a job!
What he did was not hacking, it was cracking. Uncreative cracking at that. . .
A) this conviction doesn't help society at all. It's cost us money, and we will gain no more then if he went into a halfway house. The man is not a risk to society. SO yesm he shoudl be punished, but this is too much.
B) Why hasn't Palin been investigated? He inadvertently found out that a governor of Alaska was using her private email to conduct state business.
Wah! Poor little politician's son. A whopping 300 miles away from home in one of Forbes "America's 10 Cushiest Prisons"
http://www.forbes.com/2009/07/13/best-prisons-cus…
Breaks my heart.
No amount of pain should be spared on this person. You should not be alllowed to read the email of anyone important!! That's why they are important, so that you can't read their email and go to jail! I am in full support of the Palin family, and all victims of this crime across America.
Gotta love the Liberal view: everyone is a victim except for the actual victims. Sarah Palin is at fault because she made it too easy for someone to perpetrate a crime against her, not the criminal because he actually perpetrated it. It is akin to saying that it was the pretty girl's fault for getting raped because she decided to dress attractively and perhaps be flirtatious that evening. And since when is it all right to cause harm to someone just because you don't like them? Where is this tolerance that the Libs are constantly preaching? By that logic Steve Jobs should have been rubbed out ages ago…
“but it’s always sad to hear about a young man being punished so severely for his naive antics when there are so many organised, financially-motivated cybercriminals at large.”
Is it? Is it sad to hear about a thief being punished harshly when there are bigger thieves that haven’t been caught? Not to me. It’s only sad in the sense that they haven’t caught them all yet.
I wouldn’t vote for her for Wasilla dogcatcher!
I think this should be a lesson not only to all hackers, but also to email users to ensure that they take extra precaution in keeping their passwords. I wonder, what about other hackers still out there? What's the government doing?
email encryption