14 DAY TRIAL // The owner of the proxy service used by the person who hacked Sarah Palin's e-mail was contacted by the FBI regarding the server logs and is currently working to provide them. Meanwhile, the person whose e-mail was used to sign a confession circulating on the Internet was identified as David Kernell, son of democratic Tennessee state representative Mike Kernell.
The alleged hacker of Sarah Palin's Yahoo e-mail account appears to have made two major mistakes. The first was to include the browser address bar in the screen shots he released. The address bar contained an almost complete URL from the Ctunnel proxy service that was used. Due to the unique string of random characters in the URL, the owner of the service thinks he will be able to determine, from his server logs, the real IP of the hacker.
As we previously reported, 25-year-old web developer Gabriel Ramuglia from Athens, GA, owner of Ctunnel, was expecting to be contacted by law enforcement officers regarding this issue. It looks like yesterday he received a phone call from an FBI special agent who asked him to save the logs from being automatically deleted after seven days. Ramuglia accepted to help the investigation and started downloading the 80 GB worth of logs from his co-located server in Chicago. He is confident that with his assistance, the FBI will be able to pinpoint the real IP address of the hacker in the logs. According to him, the FBI also requested help from Yahoo and they will most likely provide their own logs, too.
This could really help the FBI if indeed the hacker did not use multiple proxy services in order to hide his real IP. Ramuglia doesn't think he was careful enough to do that and this is likely to be true because of the claim that “yes I was behind a proxy, only one,” present within a “confession” written by the alleged hacker, which we also detailed.
This widely discussed on blogs “confession” actually refers to a post made by a user calling himself Rubico on the 4chan /b/ board. The post was deleted pretty fast by the board's moderators, but not fast enough for someone to copy it and spread it around. Rubico takes responsibility for the incident and writes a detailed story of how he hacked Palin's e-mail. “I am the lurker who did it, and i would like to tell the story,” starts Rubico.
Of course the authenticity of this story cannot be confirmed and some security researchers are skeptical about it. This is mainly because the user claims to have used Yahoo's password recovery function in order to reset the e-mail's password, while the researchers say that using this Yahoo option sends the password to the secondary e-mail previously provided by the account owner. I personally beg to differ as I have tested the password recovery option and, what do you know, I changed my password without having it sent to the secondary e-mail.
After the first screen asking you to input the Yahoo! ID for which you want to recover the password, you get prompted with the following request: “Please select an email address to receive your password reset link.” This gives you the option to select the secondary / alternative e-mail associated with the account OR to check the “I can't access my alternate email address“ box, which will enable you to directly input a new password without being reset and sent to any other address. I would also like to mention that, in my case, it didn't even ask for birth date or zip code and I only had to provide the answer to the security question. I strongly suggest that you go and change your own security question to a custom one with a really hard to guess / find answer if you haven't done so already.
The second mistake made by the hacker is particularly related to Rubico's post and concerns the fact that he provided his e-mail address, [email protected] along with his nickname. Since this confession was cited on many websites, someone was bound to know the real person who owns the e-mail address. And someone did, as the e-mail address was soon after reported to belong to 20-year-old David Kernell, a student at the University of Tennessee-Knoxville. His father, Mike Kernell, who also happens to be a democratic state rep in Tennessee, confirmed for the Tennessean that the person being the subject of the many blog posts and news articles around the Internet is indeed his son. However, David Kernell has not been included in any official investigation yet.
Yes, the whole Rubico confession could be fake. It could be an attempt from someone to throw the blame on or harm David Kernell. This is even more likely giving the nature of the /b/ board and its users, who would probably qualify as trolls on other forums. Someone monitoring the /b/ board described them as being “hyperactive adolescents in search of amusement and joy, which they often get by upsetting people and making messes.”
On the other hand, there could be some truth to the story for exactly the same reason. It is likely that someone who would frequent such a board would be behind the incident as it certainly doesn't look like the work of an experienced hacker. The skills required to pull the password recovery trick off are not exceptional and only involve knowledge about Yahoo mail and how to do research using Google. The mistakes like not covering the URL in the screen caps suggest that “hacker” is just a glorified name attributed to the person who did this.
