Security ramblings: Sarah Palin's ID hacked

If you have been following the 2008 US Presidential campaign, you sure might have heard of Sarah Palin, the beauty queen turned Vice -Presidential candidate for the Republicans. Right? No?

Before I proceed, no -- this has nothing to do with Ms. Palins chances against Mr.Biden (The Democrat VP candidate!). And we do intend to remain a tech oriented blog for the foreseeable future.



The reason for the sudden interest in Ms. Palin is due to the recent "shocking invasion of privacy" that she and her family were subjected to -- In simple terms, two of her e-mail IDs were "hacked" by some miscreant(s). So, even the potential Vice President remains at the mercy of a bunch of wayward hackers. The group behind this security breach was said to be the somewhat famous "Anonymous" group which seems to have lost their interest for anti-Scientology activities and are looking for innovative ways such as this for grabbing attention. However, recent claims from a Forum member based in Tennessee might throw some light on how the ID was actually hacked.

That said, the e-mail account that were hacked into were Yahoo! accounts with no special features and according to the recent confession, the hacker did not have much of a trouble getting into both of Ms Palin's IDs (Yes! Two of them were hacked!). All he needed was some basic biographical information regarding her and it was as easy as using her Birthday, Zip Code and answering the security question which in this case was " Where did you meet your spouse". Palin being a public figure, all these information was freely available in public and all the hacker needed to do was to reset the password!


Here's the actual forum post which is now offline for obvious reasons...

"Hello, as many of you might already know, last night sarah palin’s yahoo was “hacked” and caps were posted on ----, i am the lurker who did it, and i would like to tell the story.
In the past couple days news had come to light about palin using a yahoo mail account, it was in news stories and such, a thread was started full of newfags trying to do something that would not get this off the ground, for the next 2 hours the acct was locked from password recovery presumably from all this bullshit spamming.
after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)
the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs.
I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…"

...........And that brings me to my main concern here. I am sure nobody has life threatening data stored in their e-mail accounts but yes, it is always a good idea to be just extra cautious. In these days of online banking and NEFT money transfers, you better be. As much as possible, avoid monetary transactions on a Public PC. As for e-mail accounts, there are people who do use their unofficial accounts for office work (Palin too!) and this could be potentially dangerous if your ID indeed gets hacked (say by a competitor?). Apart from the competitor getting to know what happened behind closed doors at the last meeting, you also face the risk of being unemployed all of a sudden! So... yes, as much as possible, avoid official e-mails through unofficial channels and please do not make your IDs easily crackable. Trust me, it's very easy to do that. I am sure you do not want me to go into details. Do you?

Have a hack free extended weekend!

Chat excerpt from:WIRED