Security

Read all 'Alaska' posts in Security
September 18, 2008 3:56 PM PDT

Social engineering cracked Palin's e-mail account

by Robert Vamosi
  • 25 comments

Details describing how someone hacked into Sarah Palin's Yahoo Mail account emerged on Thursday, and it appears to have been done with little more than social engineering, the process of acquiring personal information through social manipulation.

Meanwhile, the Knoxville News Sentinel is reporting that a 20-year-old University of Tennessee student has been contacted in connection to the federal investigation of the break-in. Further details are not known.

Since Tuesday, anonymous posters using a forum on the 4Chan.org Web site have been circulating password-protected zip files containing the contents of the now-deleted e-mail account once belonging to the Republican vice presidential candidate. Various posts to the /b/ board have also provided insight into how the hack was carried out.

Like most Web account services, Yahoo Mail provides an option to reset or recover one's user name and password. What is unclear is how the account recovery was rerouted from the alternative e-mail address chosen by Palin to a secondary e-mail address.

When Yahoo Mail prompted for Palin's birthday, one poster said it took only 15 seconds on Wikipedia to answer that question. When it prompted for ZIP code, Wasilla, Ala., has only two ZIP Codes. As for Palin's personal security question "Where did you meet your spouse?" that did slow the process down. The poster claimed it took several tries but eventually hit upon the correct answer: Wasilla High.

Web mail accounts are not alone in using online security questions. In May Axiom, a Little Rock, Ark.-based data warehouse company, announced it was introducing a new biographical authentication service that asks online banking and e-commerce site users random questions based on their personal lives such as "How many fireplaces are in your current residence?" The answer can be obtained from any real estate Web site.

4Chan's "random" /b/ board is no stranger to controversy. In January, members waged an online media war against the Church of Scientology. Prior to that, the site popularized Lolcats, pictures of kittens with cute captions, and rickrolling, linking to videos of Rick Astley's 1987 song "Never Gonna Give You Up".

Topics:
Vulnerabilities and attacks,
News
Tags:
security,
Sarah Palin,
Yahoo Mail,
4Chan,
Church of Scientology,
Axiom,
Wasilla,
Alaska,
Wikipedia,
/b/
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

Most Discussed



advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET