FBI Net Tightens On Palin E-Mail Hacker

Investigators from the FBI searched the apartment of a University of Tennessee student Sunday morning looking for leads into the hacking of Republican vice presidential candidate Sarah Palin's e-mail account, according to WBIR, an NBC affiliate in Knoxville, Tenn.

The suspect, David Kernell, is the son of Tennessee state legislator Mike Kernell, a Democratic representative from Memphis. Mike Kernell last week confirmed that his son was the subject of speculation about the Palin e-mail hack, but did not say David Kernell was officially being investigated.

"I had nothing to do with it, I had no knowledge or anything," Mike Kernell reportedly told the Associated Press Monday. "I was not a party to anything of this nature at all. I wasn't in on this -- and I wouldn't know how to do anything like that."

Meanwhile, Gabriel Ramuglia, the owner of the Internet proxy service believed to have been used by the Palin e-mail hacker said he couldn't link David Kernell to what Ramuglia said was the IP address of the hacker.

id
unit-1659132512259
type
Sponsored post

The FBI served a federal search warrant on the residence of David Kernell in Knoxville's Fort Sanders neighborhood, breaking up a party at the apartment unit and spending between one-and-a-half and two hours taking pictures inside, an unidentified witness told WBIR.

Witnesses also said Kernell and some friends fled the apartment when the FBI agents arrived, WBIR reported. The student and his three roommates have been subpoenaed to testify before a grand jury this week in Chatanooga, according to news reports.

Palin's Web-based Yahoo e-mail account was hacked last week and some screenshots of the Alaska governor's messages were posted on Internet forum 4chan.org, where the governor's username and password were also reportedly posted before being taken down by site administrators. Some of the messages were later reposted by technology-oriented gossip site Gawker.com and elsewhere.

WikiLeaks.org, a self-styled whistleblower site that publishes anonymous submissions of sensitive material, has confirmed the hack of Palin's e-mail account, as have officials for John McCain's presidential campaign.

A 4chan.org user called "Rubico" last week posted what the user claimed was a first-person account of how the hack was carried out. This post on 4chan.org's notorious "/b/" Web board followed the removal of the password information to access Palin's account on 4chan.org, and the actions of a 4chan.org user who reportedly reset Palin's password so others couldn't access her e-mail account. This user, whom Rubico refers to as a "white knight f***er," also notified a friend of the Alaska governor about the hack.

Next: How 'Rubico' Hacked Palin's E-Mail

Rubico claimed on the /b/ Web board that Palin's account was hacked through Yahoo's "Forgot My Password" reset feature, which prompts a user to answer a "secret question," such as name of their first pet or grade school, before allowing them to reset the e-mail account password. In addition to more basic prompts about things like Palin's date of birth, getting the secret question answered correctly would allow a hacker to take over the governor's Yahoo account, Rubico wrote.

The secret question, according to Rubico, asked where Palin had met her husband, information the self-proclaimed hacker was able to discover through an Internet search. Through such passive "social engineering" rather than a technical attack on the Yahoo account, Rubico was able to reset the password to "popcorn" and access Palin's e-mail.

But Rubico's account also included an e-mail address that bloggers and other media sleuths linked to David Kernell, now apparently under investigation for the alleged cybercrime. Rubico, in the 4chan.org post, seems worried about not taking enough steps to protect himself or herself from discovery:

Rubico's reference to "a proxy, only one" seemed to be confirmed when it came to light last week that the Palin e-mail hacker or hackers had used an Internet proxy service called Ctunnel to mask their identity while accessing the Yahoo account. Ctunnel, based in Athens, Ga., is run by Ramuglia, whom numerous media accounts say is cooperating with authorities in their investigation.

Ramuglia, however, isn't ready to pin the blame on Kernell. The webmaster has confirmed that he knows the IP address of the Palin e-mail hacker and has passed it on to authorities, but on Sunday told Computerworld's Gregg Keizer "that he wasn't sure the FBI was investigating the right man."

"Because I'm not in contact with the Internet service provider, I'm not 100 percent sure of where the IP is based," Ramuglia reportedly told Computerworld. "But from what I can tell, the IP address doesn't look consistent with media reports."