Son of Tenn. Lawmaker Indicted in Palin E-Mail Hack

The son of a prominent Democratic Tennessee state lawmaker was indicted Tuesday on charges of hacking into the Yahoo! Web mail account of Alaska Gov. Sarah Palin.

David C. Kernell, 20, of Knoxville, was indicted by a federal grand jury on a single count of accessing Palin's e-mail without permission. The FBI said Kernell turned himself in to federal authorities and will be arraigned today.

Kernell is the son of Tennessee State Representative Mike Kernell, who acknowledged shortly after the incident that authorities had contacted his son in connection with the investigation.

According to the indictment, on Sept. 16, Kernell broke into Palin's Yahoo! account by guessing the answers to her pre-selected "Secret Questions" that must be answered before Yahoo! will let users reset e-mail account passwords. Authorities say Kernell read Palin's e-mail messages and then made and posted online screenshots of the e-mail inbox, along with the new password to her account.

If convicted, Kernell faces a maximum of five years in prison, a $250,000 fine, and three years of supervised release.

Wired.com's Kim Zetter has a nice chronology of how the hack went down, which tracks a series of postings to the online community 4chan.org Kernell allegedly made describing how he was able to reset Palin's account password by looking up the answers to her secret questions online. From that story:

after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!) the second was somewhat harder, the question was "where did you meet your spouse?" did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits that I took and other fellow anon have so graciously put on photobucket you will see the google search for "palin eloped" or some such in one of the tabs.

I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on "Wasilla high" I promptly changed the password to popcorn and took a cold shower...



I've advised readers to take caution when picking the answers to these secret questions and to avoid choosing answers that can easily be discovered through a background or simple Internet search. When the option is available, the safest bet is to choose your own secret question and select an answer that only you would know.

Amazingly, Yahoo! still does not allow new registrants to make up their own question for resetting their password.

Photo courtesy of the Associated Press