THE INCIDENT

WHAT WE KNOW SO FAR:

- Very recently an anonymous poster on /b/ claimed to have hacked Sarah Palin's Yahoo e-mail account.

- Sarah Palin used the e-mail address gov.sarah@yahoo.com for public communication. Several media outlets have confirmed this fact prior to this "incident".

SOURCE: http://thinkprogress.org/2008/09/10/palin-email-privilege/

SOURCE: http://www.commondreams.org/headline/2008/09/15-7

- The e-mail address that the poster hacked was gov.palin@yahoo.com. This second e-mail address, previously unknown publicly, was used for private communcations.

- Yahoo e-mail addresses, unlike .gov e-mail addresses, are not subject to archiving and oversight. This fact has led to controversy from several sources, including fellow Republicans, asking her to release e-mails from her Yahoo account.

- The anonymous poster apparently panicked, and released the password onto /b/.

- Several other posters on /b/ took screenshots of the Inbox and various e-mails.

- Some of the screenshots reference several people in Alaska state government. One of these people is Sean Parnell, Lieutenant Governor of Alaska. Parnell mentions KFQD Radio's Dan Fagan, to whom he gave an interview about Palin's ACES initiative. Lt. Gov. Parnell's e-mail address is verified via an Alaska Republican Central Committee contact listing.

SOURCE: http://gov.state.ak.us/aces/

SOURCE: http://www.alaskarepublicans.com/centralcommittee.aspx

- One of the screenshots references the Yahoo account fek9wnr, Todd Palin, Sarah's husband who is at the heart of the controversy over her use of Yahoo e-mail for public dealings. The fek9wnr account was verified as being Todd Palin via a public posting to an automotive enthusiast BBS from August 2006.

SOURCE: http://autos.groups.yahoo.com/group/centurionconversions/message/2309

- Several photographs of her family were allegedly downloaded from the e-mail account.

- A scan of profiles.yahoo.com put gov.palin@yahoo.com's profile update date at 04/05/2008, long before any VP nod was apparent. If this were a fake, the perpetrator would've had to travel into the past and create an account or be very good at guessing who the VP candidate would be 5+ months later, not to mention faking an overwhelming amount of e-mails, photographs, verified private cellphone numbers, and other information.

- A good samaritan in the /b/ thread reset the password account with the intention of handing it over to Palin, a process known on /b/ as "white knighting". This locked everyone else out of the account. The "white knight" posted a screenshot to /b/ of his pending message to one of Palin's contacts about how to recover the account, but made the critical mistake of not blanking out the new password he set.

- Several other people in the /b/ thread then apparently logged in using this new password, and they all attempted to reset the password at once, causing a security trap at Yahoo to automatically put a 24-hour lockout on the account.

THE AFTERMATH:

- Sarah Palin was likely notified of the breach by morning, as she had then deleted both the gov.sarah@yahoo.com address (the one subject to the disclosure controversy in the media) as well as the gov.palin@yahoo.com address (the one that was hacked).

- The outright deletion of the accounts can be verified by attempting to pull up the public profile on both addresses, which both existed during the incident.

SOURCE: http://profiles.yahoo.com/gov.palin

SOURCE: http://profiles.yahoo.com/gov.sarah

- Both accounts were deleted simultaneously, thus linking the publicly-known e-mail address "gov.sarah" and the private e-mail address "gov.palin".

- This outright deletion may have the potential to be viewed as destruction of evidence, considering that the e-mails in the now-deleted accounts are the subject of several legal controversies.

SOURCE: http://www.washingtonpost.com/wp-dyn/content/article/2008/09/03/AR2008090303210_pf.html

- Several ZIP, RAR, and 7Z compilations of the downloaded screenshots, contacts, and photos were made available by anonymous individuals.

- 4chan is actively (some say over-actively) banning and deleting any posts of the screenshots of Palin's account, contacts, or family photos.

- An anonymous poster to 420chan, using information from the e-mail account's contact list, attempted to call Bristol Palin's cellphone number using the AT&T phone relay service. Several others allegedly called the cellphone number itself and got Bristol's voicemail. These posts were quickly deleted by 420chan moderators.

- A poster on /b/ did a lookup on the cellphone number which returned this information:

Type: Cell Phone

Provider: Dobson Cellular Systems

Location: Palmer, AK

- An anonymous individual has uploaded some of the screenshots to a photobucket account.

SOURCE: http://s405.photobucket.com/albums/pp134/anoncrack/

- A poster in /r9k/ e-mailed the compilations to ABC News producer Eamon McNiff who he/she claims is a personal contact of his/hers.

- Someone submitted a summary to Digg. As of this writing it has only 12 diggs.

SOURCE: http://digg.com/2008_us_elections/The_Incident_Did_4Chan_Anon_Hack_Palin_s_Yahoo_Email