Vulnerability Alerts
SANS
 
Microsoft
     
    CERT/CC
     
     
    Latest Comments
    "when i login to face book it tells me i am cookies enabled what does this mean"
    on Ads on Facebook serving up adware
    by celeste | Nov 21, 2008 5:15 PM
     
    "Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."
    on Yahoo and Microsoft take aim at lottery scams
    by Rodney Churchyard | Nov 20, 2008 6:13 PM
     
    "security through obscurity...shows how detached HIPAA is from reality."
    on Privacy breaches causing business instability
    by priceOfFishInChina | Nov 20, 2008 1:19 PM
     
    "Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."
    on Shavlik Technologies to broaden its patch management offerings
    by eric | Nov 20, 2008 8:15 AM
     
    "it's great i tried it"
    on McAfee offers free trial of security appliance
    by divyacharan | Nov 20, 2008 12:24 AM
    Email Security

    Palin's personal email account hacked, contents leaked

    • Email a Friend
    • Print Page
    Palin's personal email account hacked, contents leaked
    Related Articles
    By Dan Kaplan
    Sep 18, 2008 12:41 PM | 2 Comments
    Tags: Palin's | personal | email | account | hacked, | contents | leaked
    A hacker group broke into the email account for GOP vice presidential nominee Sarah Palin.

    Hackers have reportedly breached the Yahoo email account of Republican vice presidential candidate Sarah Palin, exposing some of the contents on Wikileaks, a clearinghouse for whistleblower documents.

    The Alaska governor's account -- gov.palin[at]yahoo.com -- was breached Tuesday night by a hacker group known as Anonymous, according to published reports.

    Security experts told SCMagazineUS.com on Wednesday that the hackers most likely breached the account through a brute force attack, in which a commonly available, automated program tries every possible login credential until the code is cracked.

    The vandals also may have employed a dictionary attack, in which only common words -- typically found in a dictionary -- are tried.

    Anonymous provided Wikileaks with screenshots of the hack, which include an email exchange between Palin and Alaska Lt. Gov Sean Parnell concerning his campaign for Congress and a list of Palin's email contacts, Wired reported.

    Attempts to reach the Wikileaks site where the emails and other information are being displayed were unsuccessful due to a high level of traffic. Media gossip blog Gawker posted screenshots on Wednesday.

    Prior to news of the hack, Palin had been under fire for using her Yahoo account to conduct state business, fueling speculation that she was trying to skate around certain regulations, such as email archiving.

    Email security experts told SCMagazineUS.com on Wednesday that cracking a web mail account is not difficult if someone is dedicated to doing so.

    There are a growing number of 'password recovery' services on the underground web that commonly use brute force-style attacks to retrieve passwords, usually at a cost of about US$100 to US$200 per account, Gunter Ollmann, director of security strategy at IBM Internet Security Systems, said in a recent blog post.

    "There are tools on the internet that will start with 'aaaa' and work all the way through," Graham Cluley, senior technology consultant at Sophos, told SCMagazineUS.com.

    Even simpler for the hackers, Palin could have been using an easy-to-guess password, or the hackers could have recovered the password by providing Yahoo with readily available personal information, such as a birthdate or zip code, experts said.

    It is also possible that Anonymous got its hands on the credentials by infecting Palin's machine with a keylogger or by sniffing the password when she was using an insecure wireless connection, Cluley said. The hackers may have initially stolen the password she used for another website and found that it also worked on her Yahoo account.

    "Over 40 percent of people use the same password for every single website they go to," he said.

    Observers said a high-profile person such as Palin should have known better than to use a personal account for work.

    "The reason we have corporate emails is because we have corporate IT staff...that are supposed to guarantee some level of security," said Adam O'Donnell, director of emerging technologies at Cloudmark.

    He added that many business email accounts are protected through another form of authentication, such as tokens, making a hack much less likely.

    "In general, you're going to get better security controls for a privately controlled account than a public account," O'Donnell told SCMagazineUS.com.

    This incident should serve as a catalyst for web mail providers to bolster the authentication technologies they offer users, he said.

    "People's attitudes toward their free email accounts are going to change as a result of this," O'Donnell said.

    Yahoo spokeswoman Kelley Benander told SCMagazineUS.com that the company cannot comment on an individual user's account.

    But if Yahoo learns that an account has been hijacked, it will "investigate for suspicious activity and take appropriate action," she said.

    "This is a shocking invasion of the governor's privacy and a violation
    of law. The matter has been turned over to the appropriate authorities
    and we hope that anyone in possession of these e-mails will destroy
    them," the McCain campaign said in a statement, as reported by the Associated Press.

    See original article on scmagazineus.com

    Secure Computing Magazine

     
    Ads by Google
    Thoughts on this article? Add a comment below.
    Comments: 2
    Too many people use yahoo or gmail accounts as they are easy to establish by well meaning people such as campaign staff. Apart from appearing unprofessional, there si zero monitoring to alert you that a potential brute force attack is underway.
    SC Magazine - comments icon Posted by MikeSep 18, 2008 4:14 PM
    Throughout the entire primaries and the general election, the Obama campaign has played dirty politics. In addition to the never ending vitriol of the Obama bloggers on the internet, nearly every time I have posted a supportive blog for Hillary Clinton ... and, then for McCain/Palin ... my computer's mailbox has been inundated with hundreds of pieces of email spam. Another example of under handed behavior by Obama's henchmen, is that they have been organized to approach retirement homes, as volunteer community speakers ... only to visit multiple times spewing lop sided pro-Obama, and negative McCain propaganda to elderly people, to get their votes in November. And, now we can see unprincipled politicians and bias media hacks using the race card ... telling people " if you don't vote for Obama, you must be a racist". Usually, when Americans uncover such despicable tactics, they can count on the mainstream media to expose it to the public ... however, in this case, most of the mainstream media is in the tank for Obama ... so, they either look the other way, or they make phony biased excuses to mischaracterize, and cover up what's really happening.
    SC Magazine - comments icon Posted by GinaSep 19, 2008 4:13 AM
    Report this comment as offensive:

       * Indicates information we require to process your submission.

    Name: *
    Email: *
    Reason for offense: *
    Your report will not be displayed.  
    Name:
    *
     
    Email:
    (will not be displayed)
    *
     
    Comment:
    (HTML not permitted)
    *
     
    Validation
    *

    Enter the code you see below:

     

     
     
     
     
     
    Tripwire - Click here to win an iTouch
     
     
     
    Messaging Whitepapers
     
    Popular Tags
    account alaska bank email french hack hacked indicted leaked loss lottery network palin personal president receipts sarah sarkozys spam yahoo