Sarah Palin email hack
Sarah Palin email hack
The Sarah Palin email hack occurred on September 16, 2008, during the 2008 United States presidential election campaign when the Yahoo! personal email account of vice presidential candidate Sarah Palin was subjected to unauthorized access. The hacker, David Kernell, had obtained access to Palin's account by looking up biographical details such as her high school and birthdate and using Yahoo!'s account recovery for forgotten passwords. Kernell then posted several pages of Palin's email on 4chan's /b/ board. Kernell, who at the time of the offense was a 20-year-old college student, was the son of longtime Democratic state representative Mike Kernell of Memphis.
He was charged in October 2008 in federal court. After he was led into the court in leg irons and handcuffs, the judge released him on his own recognizance, pending trial.[1][2] The incident was ultimately prosecuted in a U.S. federal court as four felony crimes punishable by up to 50 years in federal prison.[3][4] The charges were three felonies: identity theft, wire fraud, and anticipatory obstruction of justice; and one optional as felony or misdemeanor: intentionally accessing an account without authorization. Kernell pleaded not guilty to all counts.
A jury trial, featured testimony of Sarah and Bristol Palin, as well as 4chan founder Christopher Poole,[5] began on April 20, 2010.[3] The jury found Kernell guilty on two counts: the felony of anticipatory obstruction of justice and the misdemeanor of unauthorized access to a computer.[6][7] On her Facebook page, Sarah Palin stated that she and her family were thankful the jury had rendered a just verdict.[8]
Kernell was sentenced on November 12, 2010, to one year plus a day in federal custody,[9] followed by three years of supervised release.[9] The sentencing judge recommended that the custody be served in a halfway house,[9] but the Federal Bureau of Prisons sent him instead to a minimum security prison.[10][11] He was released on November 23, 2011.[12] In January 2012, the United States Court of Appeals for the Sixth Circuit found Kernell's awareness of a possible future FBI investigation was enough to uphold a conviction on obstruction of justice.[13]
Incident
After reading through Palin's emails, Rubico wrote, "There was nothing there, nothing incriminating — all I saw was personal stuff, some clerical stuff from when she was governor."[4][14] Rubico wrote that he used the Sarah Palin Wikipedia article to find Palin's birth date (one of the standard security questions used by Yahoo!.[15]) in "15 seconds." The hacker posted the account's password on /b/, an image board on 4chan, and screenshots from within the account to WikiLeaks.[16] A /b/ user then logged in and changed the password, posting a screenshot of his sending an email to a friend of Palin's informing her of the new password on the /b/ thread. This man was criticized heavily by the /b/ community, for being a "white knight". However, he did not blank out the password in the screenshot.[17] A multitude of /b/ users then attempted to log in with the new password, and the account was automatically locked out by Yahoo!. The incident was criticized by some /b/ users, one of whom complained that "seriously, /b/. We could have changed history and failed, epically."[18] The hacker admitted he was worried about being caught, writing "Yes I was behind a proxy, only one, if this sh*t ever got to the FBI I was f**ked, I panicked, I still wanted the stuff out there ... so I posted the [information] ... and then promptly deleted everything, and unplugged my internet and just sat there in a comatose state."[15]
The hacker left behind traces of his activity. His IP address was logged at the proxy he used, CTunnel.com, and he also left his email address rubico10@yahoo.com when he posted at 4chan. Furthermore, the attacker revealed the original web address used by the proxy[19] by leaving this information in the screenshot which according to experts can also help the investigation.[19] 4chan's /b/ board is not archived, and posts are only retained for a short time. However, with the great interest surrounding the posts of Rubico, many, including wired.com, archived the original posts. The email address left behind was then connected to David Kernell through various social networking profiles where it was used,[20] though no official investigation took place at this time.
Campaign response
John McCain's campaign condemned the incident, saying it was a "shocking invasion of the governor's privacy and a violation of law".[19] Barack Obama's spokesman Bill Burton called the hacking "outrageous".[15]
Federal investigation
The FBI and Secret Service began investigating the incident and on September 20, it was revealed that they were questioning David Kernell, a 20-year-old economics student at the University of Tennessee and the son of Democratic Tennessee State Representative Mike Kernell from Memphis.[21][22][23][24] The handle used by the hacker when making his post at 4chan pointed to him, although this evidence was inconclusive because of the frequent pranks pulled at that board.[25] The hacker's proxy service provided its logs, which pointed to Kernell's residence.[22][25]
FBI agents served a federal search warrant at David Kernell's apartment in Knoxville.[26] Agents spent two hours taking pictures of everything inside his apartment.[26] Kernell's three roommates were also subpoenaed and expected to testify the following week in Chattanooga.[27] The obstruction of justice charge stems from an allegation by the FBI that Kernell attempted to erase evidence of the crime from his hard drive.[28] Kernell's father told Wired that he was aware that his son was a suspect, but he did not ask him anything about it over concerns that he may have to testify in court.[29]
Indictment
A second federal grand jury in Knoxville returned an indictment of Kernell on October 7, 2008.[30] He was charged with violating 18 U.S.C. § 1030(a)(2)(C) [48] and § 2701 [49] , or unlawful access to stored communications and intentionally accessing a computer without authorization across state lines, respectively.[31] Kernell turned himself in the next day.[32] Kernell pleaded not guilty.[33] The court released Kernell on his own recognizance.[34] Kernell's attorney claimed that using "an e-mail address and a birth date does not constitute identity theft"; however, the court rejected that argument saying "once Governor Palin chose the Yahoo! ID gov.palin@yahoo.com, that became her unique address, and no one else could choose it."
Trial
In October 2008, Kernell was brought into court in handcuffs and ankle shackles to plead not guilty to the hacking and was released on bond. The case went to trial eighteen months later, on April 20, 2010. On April 23, Sarah Palin testified for 44 minutes. Her daughter, Bristol, testified as well. Following the conclusion of testimony, Sarah said, "I think there need to be consequences for bad behavior."[35] The Department of Justice paid for plane fare $2,244.30 for Sarah's husband Todd to come to the trial, though he never took the stand, along with $122 for meals and incidentals and an attendance fee of $120, part of costs of over $29,000 to fly Palin family members, an aide and other witnesses to Knoxville, to send a prosecutor to Alaska for research, and pay other travel expenses, according to the Department records. Air travel was about $18,600; and hotel bills came to nearly $3,300.[36]
Verdict and sentence
On April 30, 2010, David Kernell was found guilty on two of four counts: the felony of anticipatory obstruction of justice by destruction of records and found for the lower misdemeanor option of unauthorized access to a computer. The jury acquitted him of the charge of wire fraud. It was deadlocked on identity theft charge, so the judge declared a mistrial on that charge.[37] In response, Palin issued a press release comparing the case to Watergate.[38]
Sarah Palin said the family was "thankful that the jury thoroughly and carefully weighed the evidence and issued a just verdict."[39]
The prosecutor, Assistant U.S. Attorney Greg Weddle, who had sought an 18-month prison sentence for Kernell, promised a retrial on the identity theft charge should he be successful in his attempt at receiving a new trial.[37]
In November 2010 Kernell was sentenced to a year and a day of prison, preferably to be served in a halfway house, plus three years of probation, by U.S. District Judge Thomas Phillips, though he noted the Federal Bureau of Prisons (BOP) could override his recommendations.[40][9] However, the BOP, which makes the ultimate determination as to where federal prisoners serve their sentence, assigned Kernell to the minimum security prison at the Federal Correctional Institution, Ashland near Ashland, Kentucky.[10][11][41] Jose Santana, the chief of the BOP's Designation and Sentence Computation Center,[42] said that halfway houses are for convicts who have limited skills and/or limited support from their families. Because Kernell had the support of his family and had attended a university for three years, Santana argued that he does not need to be in a halfway house.[43] Kernell was later relocated to a halfway house.[44]
Perpetrator
Kernell won the Tennessee Open Scholastic Chess Championship in 2004, and graduated in 2006 from Germantown High School. After release from BOP custody, he returned to the University of Tennessee, Knoxville to finish an economics degree. He first volunteered his programming skills expertise to Tennessee Voices for Children, a child advocacy nonprofit group. Diagnosed with multiple sclerosis (MS) in 2014, Kernell participated in clinical research trials at the Cedars-Sinai Neurosciences Research Center in Los Angeles to help develop cures and treatments for other victims of MS. After moving to California, he developed facial recognition software that could identify children at risk of abuse.
See also
E-mail privacy
Secrecy of correspondence