News reports today indicate that WikiLeaks has published personal e-mails allegedly stolen from vice-presidential candidate Sarah Palin's Yahoo account.
That's certainly an interesting twist in the election. I couldn't get the WikiLeaks site to load this afternoon. I'm guessing the sudden rush of interest overwhelmed their servers.
Wednesday, September 17, 2008
Subscribe to:
Post Comments (Atom)
Posts
Apparently the yahoo account (where the emails were obtained) was shut down within minutes, but screenshots of the emails will remain on the website that broke the story.
ReplyDeleteThe McCain campaign said this is a "shocking invasion of the governor’s privacy and a violation of law."
Obviously hacking into someone's email is a violation of privacy, but many people are questioning why Palin has both a government email contact, as well as this personal yahoo account, which she is suspected of using for government purposes as well.
What is the violation of the law here? Is it the actual hacking into the account, or is it the fact that screenshots of the personal emails are still accessible to the public? Or neither?
CNET News has reported that currently the U.S. Secret Service is investigating the intrusion. This is reportedly a violation of federal computer crime law. Specifically issues of blackmailing could be raised (which in and of itself is not illegal - unless it is considered extortion). However, e-mail is considered casual communication (similar to snail mail) in which people should be wary of what is said/the contents. Since privacy and the internet typically cannot go together she should have been aware of the risks of using a third party account (assuming that her official Government account is more secure).
ReplyDeleteI guess information security has officially become political fodder as the left can use this incident to add to their "out of touch" argument against McCain and Palin. Allowing your email (a gov.palin Yahoo account? Really?!?) to be discovered and hacked does show a disconnect between her and basic security practices that everyday people handle on a regular basis. You know that some people will read this story and ask, "If she can't protect her own personal email, how is she going to protect me?"
ReplyDeleteI'm not ready to go that far, but the story really is painful to read; it is interesting to see information security playing a big part (considering also the e-voting debate) in the presidential race, though.
https://www.blogger.com/comment.g?blogID=1397998032075268434&postID=8855721947412791520&pli=1
ReplyDelete"Tenn. legislator confirms son is at center of Palin hack chatter"
This article talks about a Tennessee State Legislator who says his son is part of the group involved with the Palin incident. The son is a 20 year old student at the University of Tennessee. Apparently, all he did was use the Yahoo password reset feature.
I don't know about everyone else, but this makes me feel a bit uncomfortable. Obviously, Palin is a well-known person and people would want to get into her account. I doubt anyone would want to get into my account but still...what does Yahoo plan to do about this? How can they make the process more secure in the future?
This incident reminds me of what happened in 2007 when news broke that some White House officials were using RNC and Bush/Cheney 04 email accounts to avoid scrutiny by Congress. They used these accounts to discuss appointments and other sensitive matters that they did not want tracked by Congress. I can't remember what exactly happened as a conclusion.
This is certainly disturbing, but not surprising. John W. questioned why she had a personal email account in addition to her government one. I think it's unfair to fault her for that. Many businesses/organizations say in their policies that employees' email account are for work purposes only. Therefore if she wants to send any non-work related emails she has to either create a personal account or violate the policies set forth by her employers. Regardless of which she chooses, she'll be criticized. However, I agree that work information should not be sent in personal email either.
ReplyDeleteAdditional articles have come out saying that the incident could easily have been prevented. Because the answers to her security questions (zip code, birthday, etc.) were easy to find out with minimal research, the hacker was able to enter Palin's email account and reset the password. As a result, many free email providers are being questioned about their security practices. The answers to security questions are things that can often be found in public records.
It can be difficult to balance security with convenience since we all use our email so frequently. However, it makes me uneasy to know how insecure my email is.
One easy way you can secure your own similar accounts is to use false answers to the security questions. Instead of using your real ZIP code, use a random five digit number that you will remember. Instead of using your mother's maiden name, use your dog's name. These and similar tricks will help protect the security of your account while still allowing you to get back in if you forget your password (assuming you remember your fake passwords!)
ReplyDeleteThis is pretty intense. Not only did these hackers of whatever hat you may deem break into her account they also published all of her contacts for everyone to see and shots of her inbox. As much as I beleive that anything you write you should have to answer to this takes it a step to far. The fact that a group of people decided to target her to embaress her in public is just cruel.
ReplyDeleteThe worst part of the whole matter is that it this email account seems to be more of her personal account than a professional account. As a result the hackers didn't find a lot of embaressing political correspondence instead they found a goofy picture of her daughter and personal emails from family and friends, as well as some emails from associates in the Alaskan government.
As a reslt of this incident maybe when she is elected vice president she can have a little radio talk show called the palin hour where she will openly share her inbox with everyone- just email her your questions and comments at vp.palin@gmail.com....... if ND uses it for safety so should she!
Sarah Palin's email being hacked does not surprise me at all, especially because it was a free email account at yahoo. I have a yahoo email account and when creating my account and filling out the security question section I thought to myself that if some really wanted to get into my account by using my those security questions they could. All of the questions that it game me to answer I felt would be easy to find out, such my place of birth, mothers maiden name, etc. What I do not understand is why they do not give you the option to create your own question? Instead you have to pick for a list of questions that are not very original or creative.
ReplyDeleteLike Megan said earlier, I too can see why she had this yahoo account. But she should not have had any government contacts or information on there. But I don't think you can blame her, for this attack because it really could happen to anyone and anytime. The only problem I have is that she had "work" information on that account, had she not I do not believe this would have become a big deal at all, other than the issue of an invasion of privacy.
I think there is a logical reason why Yahoo has not allowed users to create their own security questions: it would create countless logistical difficulties. Think about it; all of the answers to current security questions have to be stored somewhere or in some fashion so that the information they protect can be accessed in the event that it is needed. On top of that, millions of people use Yahoo mail everyday. I assume that the logistics of storing--and being able to efficiently access--millions of unique security questions would be extraordinarily difficult to manage.
ReplyDeleteFurthermore, as has been mentioned plenty of times, Yahoo provides "free" e-mail addresses to anyone who wants them. So, aside from advertisements that other companies pay for and other small revenue streams, I doubt that Yahoo mail generates enough expendable income for Yahoo to handle millions of unique security questions or provide a higher degree of security/protection for its users.
Admittedly, these are all conjectures, but I figure that a company with as much name recognition as Yahoo would have done something to highten security around its email accounts had it not been a bad financial move or a bad logistical move. It could also be that many Yahoo users don't care about--or, at the very least, aren't worried about--their accounts getting hacked, and so don't want to "jump through additional hoops" that would protect themselves.
Why is it that these things remain so easy to do? I'm sure because of Wikipedia we all could have thought to do that. What kind of Crisis is it going to take to realize that there needs to be something done about this?
ReplyDelete