Thursday, September 18, 2008

The Christian Science Monitor

Palin’s hacked email account — what’s next?


By Jimmy Orr | 09.18.08

The news buzz last night was all about Republican vice presidential nominee Sarah Palin’s hacked email account.

Palin’s personal Yahoo account was apparently plundered late Tuesday evening and the contents of the account — personal emails, email addresses of her parents, children and friends, private family photos, and phone numbers — were published all over the Internet Wednesday.

Shocking invasion

News of the break-in received a harsh response from the McCain campaign.

“This is a shocking invasion of the governor’s privacy and a violation of law,” McCain’s campaign manager said. “The matter has been turned over to the appropriate authorities, and we hope that anyone in possession of these e-mails will destroy them.”

Those appropriate authorities are the FBI and the Secret Service as they’ve teamed up to investigate the breach.

Yeah, but…

The hacking community however isn’t really in to the “authority thing.”

Upon word of Davis’s statement, one blogger at Gawker.com said - we think with a touch of sarcasm - “I guess we’ll have to blow up the internet now?”

Ryan Tate over at Gawker doesn’t condone the break-in but said the hacker “succeeded in reviving the unanswered question of why the Alaska governor had two quasi-official email addresses.”

“This use of the accounts is a naked affront to public records laws in Alaska,” Tate writes. “But it’s not exceptional: It’s one battle in a 30-years war between conservatives and civil libertarians over government openness, during which the current presidential administration itself blurred the lines between public and private email. Is there any way to finally stop these hijinks?”

Why use Yahoo?

The topic of whether Palin should be using a personal account for state business has been subject of a lot of talk recently. Two days before the email account was hacked, the Anchorage Daily News discussed it.

“Even before the McCain campaign plucked Palin from Alaska, a controversy was brewing over e-mails in the governor’s office. Was the administration trying to get around the public records law through broad exemptions or private e-mail accounts?” the newspaper asked.

Pssssstttt

The British IT website The Register published an article early this morning with the wonderfully attractive headline: Memo to US Secret Service: Net proxy may pinpoint Palin email hackers.

Translation? If the feds were to contact an individual named Gabriel Ramuglia they might be able to track down the, as President Bush and Aquaman would say, “evil-doers.”

The 25-year-old webmaster and entrepreneur is the operator of Ctunnel.com, the browsing proxy service used by the group that hacked into the vice presidential candidate’s personal email account and exposed its contents to the world. While he has yet to examine his logs, he says there’s a good chance they will lead to those responsible, thanks to some carelessness on their part.

“Usually, this sort of thing would be hard to track down because it’s Yahoo email, and a lot of people use my service for that,” he told El Reg in a phone interview. “Since they were dumb enough to post a full screenshot

Act now and save

The article, written by a San Francisco based reporter named Dan Goodin, suggests the law enforcement communities get working now as the logs on the server which house this information expires in seven days.

Ramuglia told The Register he would “probably” comply with requests from law enforcement but has not yet been contacted.

Karl Rove

Former Bush strategist, Karl Rove, gets brought up nearly every time a controversy with a Republican candidate emerges. No different this morning. Farhad Manjoo, over at Slate, this morning says the use of the Yahoo based email is “Rovian” in nature.

“The Yahoo breach does raise a few questions about Palin’s e-mail habits,” Manjoo wrote. “Why was she using Yahoo? Critics say she was taking a page from Karl Rove, who cooked up the idea of using an off-site e-mail address to confound investigations of his activities in the Bush administration.”


Computerworld

Web proxy firm working with FBI to trace Palin e-mail hacker

The webmaster of a Ga. company says he's been asked to save server logs

by Jaikumar Vijayan

September 18, 2008

The webmaster of a proxy service called Ctunnel.com, which may have been used by a hacker to illegally access the e-mail account of Republican vice presidential candidate Sarah Palin, is working with law enforcement authorities to track down the person behind the break-in.

Gabriel Ramuglia, the Athens, Ga.-based webmaster of Ctunnel, said today that URLs in screenshots of Palin's e-mail -- photos were posted online yesterday on 4chan.org and other sites -- suggested that whoever accessed her Yahoo Mail account had used his proxy service.

Ramuglia said in an interview that he was contacted by FBI officials last night and asked to retain computer logs of the past few days' activity on his service and to make sure nothing is deleted. Ramuglia, who normally stores only a week's worth of log data, said he would not have deleted anything anyway because of the illegal nature of what had happened.

Ramuglia is now in the process of importing more than 80GB worth of log data into a database for analysis. He said he's reasonably confident that he can help authorities sift through the logs and trace access back to the originating IP address -- especially because the self-professed hacker has admitted using just one proxy service to access Palin's account.

The alleged hacker said in an online posting that he gained access by simply resetting the password to the Alaska governor's Yahoo e-mail account using its password-recovery service. That's according to a description of events posted on a blog site run by conservative syndicated columnist Michelle Malkin.

The first-person account was originally posted on 4chan.org by a poster identified only as "Rubico." That post, along with a related thread, was later deleted from that site -- but not before a reader of Malkin's blog apparently snagged a copy of it and sent it along to Malkin. Rubico's claims could not be verified, and security analysts have been skeptical of the claims.

According to the Malkin blog reader, 4chan.org hosts multiple boards, each of which is dedicated to specific subjects. The individual who first broke into Palin's e-mail account apparently belonged to a group called "/b/," which the reader described as the "most notorious" of the boards on 4chan.org. "'/b/tards,' as its denizens are called, are interested only in their own amusement," the reader claimed.

Rubico allegedly became interested in Palin's e-mail after reading media reports of her using a Yahoo Mail account. He decided to try to access it by resetting her password. "It took seriously 45 minutes on Wikipedia and Google to find the info [needed]," Rubico claimed. "Birthday? 15 seconds on Wikipedia. ZIP code? Well, she had always been from Wasilla, [Alaska], and it only has two ZIP codes (thanks, online postal service!)."

Rubico said it was harder to find the answer to one of the other questions needed for a password recovery: Where had Palin met her husband? After some digging, Rubico determined that the couple first met at Wasilla High School.

He said he used the information to reset Palin's password and go through her e-mail to see for anything incriminating that might "derail her campaign."

It was only after finding nothing that the hacker realized how easily he could be caught, since he had used only one proxy to access the account. So he decided to make access to it available to others on the /b/ board by posting Palin's recently reset password. Rubico claimed that he "then promptly deleted everything and unplugged my Internet and just sat there in a comatose state."

However, one of the other members of the bulletin board whom Rubico described as a "White knight f...," saw the thread and used the new password to go back into Palin's account and reset it. That person then sent an e-mail to a "friend of Palin's" informing her of the new password and what had happened, Rubico claimed.