Friday, September 19, 2008

The Palin Hack Details

I was glad to see the BBC this morning had some coverage that those of us in the industry can sink our teeth into...

So my synopsis is that they used the password reset function to change the password at Yahoo. They gathered info from Wiki's and I'm sure Googled a bunch of stuff to piece together enough info that would or could be asked by Yahoo to perform a reset.

Then they use the CTunnel proxy service to obscure where they came in from, thinking they had covered their tracks. Then in a breathtaking 'dumb criminals' move they post screenshots with the URL from the origination point displayed clearly (PrtScn brings down Palin hackers). I wonder if these guys had ever done a B&E at a liquor store and left their Mapquest directions on the counter to let the cops know their start and end points.

The article snippet:

The attackers broke into Mrs Palin's e-mail account. This account and another,, owned by Mrs Palin have now been deleted.

The FBI and the US Secret Service have now begun a formal investigation into the attack and who may have been behind it.

The hackers used the CTunnel proxy service which routes web browsing through an intermediary to obscure where the attackers were based.

However, the screenshots for the attack reveal the original web address used by the proxy which may help investigators track down the miscreants.

It has been reported that records from the CTunnel proxy service are being sought by the FBI.

The attack on the e-mail account comes as questions are being asked about whether Mrs Palin used her personal e-mail accounts to carry out state business.

US law states that all e-mails relating to the official business of government must be archived and not destroyed. However, it does allow for personal e-mails to be deleted.

Mrs Palin is being investigated in Alaska for alleged abuse of power while governor of the state.


Post a Comment

<< Home