How safe is your personal email account? Better yet, how safe is your password? A hacker decoded the information needed to change vice-presidential candidate Sarah Palin's email account password using information found on Wikipedia.
Beyond the issues of invasion of privacy -- which I take very seriously -- there are two issues of concern:
- How easy is it to break into an email account?
- And, why are government officials using personal accounts to conduct government business?
Let's start with the email break-in. We have all lost passwords. And, I am willing to bet that we have all filled out those forms offering to let us change our password if we complete certain personal information -- perhaps your mother's maiden name, your first pet, etc. Well, a hacker impersonated Ms. Palin, claimed to have lost a password, completed the needed information using information available from Wikipedia, and had a new email sent with a revised password. It was simple, required no programming experience, a reportedly took less than an hour.
The Secret Service is investigating the break-in. But, 4Chan's /b/board claims to have all the details:
"after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)
"the second was somewhat harder, the question was "where did you meet your spouse?" did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits [sic] that I took and other fellow anon have so graciously put on photobucket you will see the google search for "palin eloped" or some such in one of the tabs.
"I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on "Wasilla high" I promptly changed the password to popcorn and took a cold shower..."
As for the content, which you can see a limited selection for yourself at Gawker.com, the hackers plastered personal photos, screen shots of several messages and directories, as well as Palin's email contact list on a site called Wikileaks.org. The Secret Service is investigating and the McCain campaign is outraged.
The information leak reminds me of the previous reports that Governor Palin bypassed state open government regulations by deliberately using her personal email account to conduct government business. It is hard to tell from what I have seen at Gawker.
The blogs are all over the map on this. James Pinkerton of FOXnews says "Welcome to the new world of opposition research—a world once known as “invasion of privacy,” made all the more threatening because computer hackers can infiltrate into the innermost areas of your life."
The incident is sensational, but brings to light several problems beyond the world of hackers who may have political motives:
- Yahoo! and other companies need to fix the lost password recovery capability. Yes, we all need to have a way to recover forgotten passwords with information that we know -- but that is not commonly known. (Most password recovery for me could be answered by my siblings or children.)
- We have done a great job of creating regulations around open government and email archiving. But, there is a giant loophole that allows employees to bypass these safeguards by avoiding business accounts. Companies and governments need to find a way to take action against employees that deliberately and regularly bypass the law.
- We all need to increase our emphasis on security and privacy. It is too easy for hackers to get information and steal our identities.
Subscribe by Email
