Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/18/2008
09:45 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Palin's 'Hacker' Tells How He Did It

Hacker claiming to have broken into Republican VP candidate Sarah Palin's Yahoo email account reportedly used low-tech research and a little social engineering

So how did someone manage to hack “Sarah Barracuda’s” email account?

Word got out late yesterday that Republican vice presidential hopeful Sarah Palin’s personal Yahoo mail account ([email protected]) had been hacked, with some screenshots of messages and photos of her family posted on WikiLeaks.org and, later, gawker.com. Just whodunnit remains unclear, but details of just how the hack was executed have been emerging today -- and it was embarrassingly and eerily simple.

Palin’s Yahoo account had been in the limelight this week after reports that she had used her personal email account to conduct official state government business.

Initially, the Anonymous group, best known for its online protests against the Church of Scientology, was pegged with the hack, but the group has since posted a message on its site denying its involvement. The latest word is that it may have been a one-man effort, according to a Wired.com post. The person claiming to have executed the hack said in a post (which has since been removed) on the 4chan bulletin board site that he used Wikipedia to get Palin’s birthdate, her ZIP code, and then Googled for information for her security question -- where she met her husband -- in an effort to trick Yahoo into reassigning her password.

Her password was reportedly changed to “popcorn,” according to the Associated Press report.

Security experts say Yahoo’s “forgot-my-password" service was basically fooled into giving up Palin’s account to the attacker. Once he got enough information to go on and pose as Palin, he could easily grab control of her email account.

“This is much bigger than Web-based email insecurity. This is the inherent danger of the current hype around ‘cloud-based computing.’ There is no cloud, just a lot of fog around the security and privacy vulnerabilities surrounding online data of all kinds. Email, office collaboration, everything," says Randy Abrams, director of technical education for Eset.

“If it is online, it is available 24x7 for an attacker to attempt to access,” Abrams says. “Download and remove messages from the server is what I recommend, if you have anything you don't want to be public.”

Meanwhile, the FBI and Secret Service are investigating the hack. The alleged hacker appeared worried in his post that by hiding behind only a single anonymous proxy service, he could eventually be exposed. Investigators reportedly plan to speak with the operator of that service, who told the AP he plans to turn over any information from his logs that may be helpful to the case.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing Writer,  10/9/2019
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17660
PUBLISHED: 2019-10-16
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
CVE-2019-11281
PUBLISHED: 2019-10-16
Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input...
CVE-2019-16521
PUBLISHED: 2019-10-16
The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS payl...
CVE-2019-16522
PUBLISHED: 2019-10-16
The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. This affects Font Color, Background Color, and the Disable Cookie text. A...
CVE-2019-16523
PUBLISHED: 2019-10-16
The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin.