Palin email hacker convicted by Tennessee jury

A college student indicted for hacking into former Alaskan Governor Sarah Palin's Yahoo email account while she was the Republican nominee for Vice President was convicted on Friday by a Tennessee jury, according to Cnet.com. David Kernell, the 22 year old son of Tennessee Democratic house representative Mike Kernell, was found guilty of unauthorized access to a computer and destroying records to obstruct justice. He was acquitted on charges of wire fraud, and no decision was made regarding a conviction of identity fraud due to a deadlocked jury.

Kernell, a student at The University of Tennessee,  used simple social engineering techniques to gain access to the account. He guessed the answers to the secret questions associated with Palin's account, and the password was simply emailed to him. He leaked only a few pieces of personal information which were promptly picked up by wikileaks.com, and didn't seem to have malicious intent. Wikileaks attributed the leak to the infamous /b/ board of the anonymous forum 4chan. It was only later that the source was tracked back to Knoxville, and Kernell's apartment. 

After the trial, Palin commented:

"Violating the law, or simply invading someone's privacy for political gain, has long been repugnant to Americans' sense of fair play. As Watergate taught us, we rightfully reject illegally breaking into candidates' private communications for political intrigue in an attempt to derail an election."

There has been no word on sentencing yet pending a decision from U.S. District Judge Thomas Phillips.

Image courtesy of Cybershack.

Report a problem with article
Previous Story

Ubuntu 10.10 for netbooks to have single menu bar design

Next Story

Pachter: Xbox 360 Slim is coming

65 Comments

Commenting is disabled on this article.

Well eather way it is right vs. wrong and he was wrong for doing so.

Also thoughs that say she is an idiot or a fool for useing yahoo. You will be surrprised at how many companies and stores through out the world use yahoo as there email for corp executives/managers/associates... So what is the issue with a political figure to use it.

So, like, first of all, this so wasn't hacking. Also, the "unauthorized access to a computer" sounds like they found him guilty of breaking into Palin's computer, which he simply did not do.

No matter what politcial affiliation you have, you should not be trying to access the email accounts of other people.

Lax security isn't an excuse. How many thieves can use the excuse "Well, the door was unlocked, so it was ok to just walk in"?

He probably didn't get so much cred for hacking Palin's adress since password must be easy.

I'm gonna try worldsbestmom

Yep, it worked.

Hobbit Hair will probably get, at most, a 2 year sentence. And that will be for the obstruction of justice charge, not the actual email account "hacking". I hope he serves all of it, too...

Whew! Thank God it wasn't some Liberal's account, I mean what if it had been John Edwards. Boy did we Liberal's dodge a bullet there, oh wait.
As a Liberal I still find this wrong, and feel this stupid person needs to get sometime in jail for his stupidity. For those who feel he shouldn't because it will ruin his life stop and think, he choose to do this, then he choose to show the world how smart he was by posting Ms. Palin's E-mail, hence he also showed the world how stupid he really is.

Pam14160 said,
Whew! Thank God it wasn't some Liberal's account, I mean what if it had been John Edwards. Boy did we Liberal's dodge a bullet there, oh wait.
As a Liberal I still find this wrong, and feel this stupid person needs to get sometime in jail for his stupidity. For those who feel he shouldn't because it will ruin his life stop and think, he choose to do this, then he choose to show the world how smart he was by posting Ms. Palin's E-mail, hence he also showed the world how stupid he really is.

This won't ruin his life. He is the son of Mike Kernell.

my friend has tapped into the white house, CIA and the IRS... clean as a whistle even today. they're gonna convict this kid for such petty things?

nub said,
More proof Palin is retarded

That's a retarded statement right there. How does this prove that Palin is "being retarded".

If this guy did it to some other candidate he would be facing the same fate.
bottom line is he's an idiot and now he's gonna be some inmates bitch for a few years at least.

nub said,
She's retarded for using yahoo.

so by your own definition you are retarded unless you have never in your life used yahoo, msn, google, or any other email service that has been hacked. who honestly cares what email service she or anyone else uses. if it fits the users needs then they have no reason to use anything else. stfu and get out troll.

nub said,
She's retarded for using yahoo.
The thing about it is that she could have used any service, would not have mattered he still would have gained access.

SputnikGamer said,

so by your own definition you are retarded unless you have never in your life used yahoo, msn, google, or any other email service that has been hacked. who honestly cares what email service she or anyone else uses. if it fits the users needs then they have no reason to use anything else. stfu and get out troll.

She's "retarded" for using a personal e-mail for political operations. Should have used a professional service that can't easily be compromised for asking questions that probably a google search could answer.

Blasius said,

She's "retarded" for using a personal e-mail for political operations. Should have used a professional service that can't easily be compromised for asking questions that probably a google search could answer.

And you are retarded for not reading above before posting where it says personal information was leaked, not political.

xpablo said,

That's a retarded statement right there. How does this prove that Palin is "being retarded".

If this guy did it to some other candidate he would be facing the same fate.
bottom line is he's an idiot and now he's gonna be some inmates bitch for a few years at least.

Well.. let's look at it like this: Did Palin's "actions" to secure her e-mail account prove to be smart and an example to follow? Evidently not. So in what way does this contribute to an already existing impression that she is not the smartest person to ever run for vise-president? Probably further in the direction of retardedness =)

SputnikGamer said,

And you are retarded for not reading above before posting where it says personal information was leaked, not political.

When you are in politics, personal information is most certainly.. political

Probably didn't help that he happened to be a son of a Democratic house rep. In any case, I wonder what the secret questions were. If they were too obvious (what's the name of my daughter? lol) then her loss.

agreenbhm said,
Should have used TOR.
I doubt he even knew it existed!


He is no hacker by any means. He just got lucky guessing the PW a few times.

Edited by war, May 2 2010, 5:54pm :

I'm not saying what he did is right but getting jail time for this is too much (unless he had done it before or something).

It's in the USA so probably he will get like 10 years or something and a 22 year old guy has his life ruined. Let's hope not.

paperless said,
It's in the USA so probably he will get like 10 years or something and a 22 year old guy has his life ruined. Let's hope not.

Make that 20 years. And that alone is more than the time spent by a rapist.

paperless said,
I'm not saying what he did is right but getting jail time for this is too much (unless he had done it before or something).

It's in the USA so probably he will get like 10 years or something and a 22 year old guy has his life ruined. Let's hope not.


Sorry, he did it, now will he get 20 years, no, will he get jail time, hope so. This idiot robbed the mail (electronic) box of Ms Palin (not a fan), hence he did something wrong; thus he should get sometime in the box. He made the decision to break into her account (regardless if it is Yahoo, Gmail, Hotmail, or the U.S. Mail he is guilty as charged. So, answer me this; if he had broken into your account how would you feelâ€"remember he showed this mail to all his friends and whoever else he could get it to.

If this had been a U.S. Postal Mail Box he would be facing a Federal charge is there really that much difference. He stole someones mail that posted on the internet, is that something you would want done with your personnel mail. No.

Pam14160 said,

Sorry, he did it, now will he get 20 years, no, will he get jail time, hope so. This idiot robbed the mail (electronic) box of Ms Palin (not a fan), hence he did something wrong; thus he should get sometime in the box. He made the decision to break into her account (regardless if it is Yahoo, Gmail, Hotmail, or the U.S. Mail he is guilty as charged. So, answer me this; if he had broken into your account how would you feel......

How would I feel? Not too good. Would I like to see the life of this guy ruined? Most certainly not! Are my feelings really all that relevant when it comes to punishment? Not really, my feelings are not protected by law. My right to not have my mail read by anybody else is. He certainly violated that right, but is it really worth taking even 10 years away from this kid for that? Get some perspectives - 10 years is best case 10% of a persons life, likely more - is this crime worth 10% of the death penalty? Most certainly not. Ever heard of the term "a second chance"? I'm not saying he shouldn't be punished - but get some perspectives on how bad this really was. Make sure that he won't do this again, but don't overdo it!

Edited by jazzper, May 2 2010, 11:01pm :

treemonster said,
it's ok when the government spies on your email, but when a college student hax into a politician's email then it's wrong.

if you had a law backing you up, then yea you can spy on any citizen, as long as you are the government.

Laws don't say what is right and what is wrong. Laws say what is acceptable and what is not. Different things.

barteh said,
he ought to be locked up for simply having a hair cut like that!

The precious, does you have it?

Come-on, I can't be the only one who thought he looked like a hobbit.

Nighth.wk said,

The precious, does you have it?

Come-on, I can't be the only one who thought he looked like a hobbit.


LOL

FuhrerDarqueSyde said,
Pro tip: Social engineering != hacking.

mess with a extreme right-wing republican = terrorism.

:-(

FuhrerDarqueSyde said,
Pro tip: Social engineering != hacking.

Obtaining unauthorized access to confidential digital resources = hacking.
Social Engineering was simply the tool.

Ruler of the Interwebs said,

Obtaining unauthorized access to confidential digital resources = hacking.
Social Engineering was simply the tool.

If that is an accepted definition than I have to disagree with it, because if I guess someones password or secret answer, I honestly do not believe that to be hacking. Unauthorized access perhaps but not hacking.

FuhrerDarqueSyde said,

If that is an accepted definition than I have to disagree with it, because if I guess someones password or secret answer, I honestly do not believe that to be hacking. Unauthorized access perhaps but not hacking.

Really, so if you guess the keycode on someone's electric front door lock you should be able to just go right into their home and do what you will in there with no penalty ?

hkgonra said,

Really, so if you guess the keycode on someone's electric front door lock you should be able to just go right into their home and do what you will in there with no penalty ?

Your logic is flawed and he didn't say anything about there being no penalty, just that it should be considered unauthorized access and not hacking.

hkgonra said,

Really, so if you guess the keycode on someone's electric front door lock you should be able to just go right into their home and do what you will in there with no penalty ?

No, you shouldn't be able to just walk in, but that still doesn't make it hacking. Hacking would be "gaining unauthorized access by exploiting the machine/code." Social engineering is exploiting the user. There's a HUGE farking difference.

BillDozer357 said,

No, you shouldn't be able to just walk in, but that still doesn't make it hacking. Hacking would be "gaining unauthorized access by exploiting the machine/code." Social engineering is exploiting the user. There's a HUGE farking difference.

So brute forcing an admin account is not hacking, please, regardless of the person, he has commited a crime wilfully. This is not the first time people have been convicted of similar crimes on a less high profile individual.

Also, yes sneaking into a friends account without their permission is against the law. The law is not perfect, but circumventing electronic protection is hacking regardless of stupidity on either party.

ivdubvr6i said,

So brute forcing an admin account is not hacking, please, regardless of the person, he has commited a crime wilfully. This is not the first time people have been convicted of similar crimes on a less high profile individual.

Also, yes sneaking into a friends account without their permission is against the law. The law is not perfect, but circumventing electronic protection is hacking regardless of stupidity on either party.

He did not brute force the PW though!!


He simply was able to guess after a few tries using publicly available information.

Edited by war, May 2 2010, 5:58pm :

war said,
He did not brute force the PW though!!


He simply was able to guess after a few tries using publicly available information.

And that is where your logic is flawed, regardless of the process he gained access by circumventing electronic protection. Point blank, guessIng or using a tool same result or crime was committed. As I said regardless of either parties stupidity.

I never said it wasn't wrong, just saying it shouldn't be considered hacking as no code was exploited, Unauthorized access by means of social engineering because it was using the forgotten password option and he entered the right combination because Sarah Palin used something incredibly easy to guess as her answer. but just to reiterate... never said it wasn't wrong of him to do.

FuhrerDarqueSyde said,
I never said it wasn't wrong, just saying it shouldn't be considered hacking as no code was exploited, Unauthorized access by means of social engineering because it was using the forgotten password option and he entered the right combination because Sarah Palin used something incredibly easy to guess as her answer. but just to reiterate... never said it wasn't wrong of him to do.

Never said that you didn't feel it was wrong, I was only attempting to inform you on how it was still considered 'hacking'. This kid is in no way a 'hacker' however, in definition of US law, he did in-fact hack a computer.

Slight snippet:

Computer hacking is broadly defined as intentionally accesses a computer without authorization or exceeds authorized access. Various state and federal laws govern computer hacking.

The federal Computer Fraud and Abuse Act provides in part as follows:

* "(a) Whoever--
1. having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation, willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;

And that is NOT the only thing this kid did wrong, sure he got into her account easily, but he also was found guilty of unauthorized access to a computer and destroying records to obstruct justice and publicly posted information online. So, yes in definition he is a hacker, and as I stated earlier the process of obtaining the information is irrelevant.

It sucks that his life is ruined, but that is the choice he made, some people get dealt a crappy hand. For instance, a buddy of mine got busted trespassing on private property because it was a shortcut home and he didn't want to drink and drive. He never did a thing wrong in his life, and was convicted of 'burglary'. But, his brother who is a drug addict is living the good life.

Edited by SaltLife, May 2 2010, 9:26pm :

BillDozer357 said,

No, you shouldn't be able to just walk in, but that still doesn't make it hacking. Hacking would be "gaining unauthorized access by exploiting the machine/code." Social engineering is exploiting the user. There's a HUGE farking difference.

Agreed there is a difference, he guessed the keycode instead of kicking in the door, but again if you did that to someone's home is there a differnce in the charge or penalty ?

The original article said,
A college student indicted for hacking into former Alakan Governor Sarah Palin's Yahoo email account

Alakan?

TCLN Ryster said,

Alakan?

I usually don't bother, but I was about to ask the same question.

Edited by Jabneh, May 2 2010, 10:39am :

BrainDedd said,
Where in the world is an Alakan from?

New alien race from the planet... Pandora?

Avatar is awful.

Edited by Jabneh, May 2 2010, 10:07am :

WAR-DOG said,
politicaly important emails on yahoo? I think Palin deservse the death penalty...

Sounds like another Obama apologist!! If you break the law, then be prepared to be punished, it's that simple. If you don't understand simplicity, I'll draw you some pretty colored pictures so that you might understand.

Edited by hamslammer, May 2 2010, 12:15pm :

hamslammer said,

Sounds like another Obama apologist!! If you break the law, then be prepared to be punished, it's that simple. If you don't understand simplicity, I'll draw you some pretty colored pictures so that you might understand.

He said nothing about the "hacker" not getting punished, or Obama for that matter.

His post was with regards to the fact that Palin was using Yahoo mail. If they are so sensitive that this guy could spend a long time in prison then why was she using Yahoo?

It appears that you're the one who doesn't understand, you made that clear with your first sentence.

hamslammer said,

Sounds like another Obama apologist!! If you break the law, then be prepared to be punished, it's that simple. If you don't understand simplicity, I'll draw you some pretty colored pictures so that you might understand.

Another idiot trying to always change the damn subject!! Go away!!

hamslammer said,

Sounds like another Obama apologist!! If you break the law, then be prepared to be punished, it's that simple. If you don't understand simplicity, I'll draw you some pretty colored pictures so that you might understand.

dude calm down (from your banana tree), I'm not even from the U.S. and I don'g give a rats ass about demo dudes or repo dudes... I just pointed out she was using Yahoo...

WAR-DOG said,
politicaly important emails on yahoo? I think Palin deservse the death penalty...

Wow you people crack me up........All things being equal, what the hell was Palin thinking using Yahoo as her political email account??? Is she insane?? Google has a separate email service for government employees, she could easily have used that and would have been far more secure than Yahoo or Hotmail......I don't mean to put this guy off the hook but the bigger issue here is that government officials did not have to worry about these things before the time of the internet and now Obama uses Twitter and YouTube, Palin uses Yahoo.....it seems like there should be a line between consumer services and government services and the government should take extra caution when using these mainstream services. In this day and age with the US's history of making some hardcore enemies I'd be just a little concerned about posting government sensitive information on yahoo or twitter.

And what did he get of punishment? How many years into jail?
Or no sorry, we are in America here of course, he got death penalty probably...

Hmm surely Yahoo don't email the password to the user.

I'm pretty certain it's either reset there and then or a link to reset it is sent to a chosen email?
If they emailed the password then that is pretty security lax.