As you may recall, last week the Yahoo email account of Republican vice-presidential candidate Sarah Palin was hacked. Stolen private emails and photographs of her children were then posted to numerous websites. Also stolen was the cell phone number of Palin’s daughter Bristol. The bad guys even went so far as to call the number, record the voicemail message and send the recording to various websites.
I predicted that within a few days we would see some hapless college student in handcuffs and pajamas being dragged from his parents’ basement, and the case would be closed. That’s not quite how the story is playing out, though.
As it turns out, the main suspect in the case is indeed a college student named David Kernell. A student at the University of Tennessee, the suspect also happens to be the son of Tennessee Representative Mike Kernell, a Democrat from Memphis. No big surprise there, as few people would have expected Palin’s account to have been hacked by a Republican. Still, in the crazy world of Internet hacking, you never know. Family attorneys issued a statement saying, “The Kernell family wants to do the right thing, and they want what is best for their son.”
The FBI searched Kernell’s apartment and must have felt they that had enough evidence to gain a conviction. The suspect also left a messy trail of evidence scattered across the Internet. All of this evidence was presented by the FBI to a federal grand jury in Chattanooga, which, as of this writing, has not yet returned an indictment. That situation could quickly change.
Strangely enough, no matter who the real bad guy turns out to be, he/she may get off on a technicality. That potential outcome starts with the Stored Communication Act, which states that it is a crime to, without permission, access a wire or electronic communication while it is in electronic storage, including email. Reinforcing that law is a 2003 court decision, Theofel v. Farey-Jones, which ruled that the law applied to email messages that had been read, as well as messages that remained unopened.
It seems that the Department of Justice (DOJ), in a move designed to excuse their own potentially illegal investigations, has previously issued an official policy which contradicts the Theofel court decision. In essence, the DOJ, the same agency prosecuting the Palin case, may have shot themselves in the foot, as their policy states, “If the communication has been received by a recipient’s service provider but has not yet been accessed by the recipient, it is in electronic storage. When the recipient retrieves the email or voice mail, however, the communication reaches its final destination. If the recipient chooses to retain a copy of the communication on the service provider’s system, the retained copy is no longer in electronic storage.” That idiotic policy may well be used as a precedent for the bad guys getting off the hook, as there is no evidence that they accessed unread emails. All of the stolen emails they posted to the Internet had been previously read.
Another side-story to the whole affair developed a few days after the Palin email break-in was reported, when the website of political pundit Bill O’Reilly was hacked. O’Reilly had done a show segment covering the Palin break-in in which he called for the prosecution, not only of the hackers, but also of the Wikileaks website which hosted the stolen material.
This apparently didn’t sit too well with the members of the so-called “hacktivist” group known as “4chan,” an underground group also implicated in the Palin email break-in. 4chan, in retaliation for O’Reilly’s remarks, hacked his website and posted the names, email addresses and passwords of numerous BillOReilly.com users to the Wikileaks website. 4chan members have reportedly become very worried, though, after learning that some of the passwords they posted were also the same as their victims’ PayPal passwords. That could elevate their so-called pranksterism into serious criminal activity.
One lady whose information was stolen from O’Reilly’s website and posted to Wikileaks apparently was using a six-letter word from the English language as her password. When contacted and advised that she should change all accounts that used the password, she replied: “Oh damn, I use it all over the place.” Oops.