THEINCIDENTWHAT WE KNOW SO FAR:- Very recently an anonymous poster on /b/

1. THE
2. INCIDENT
3. WHAT WE KNOW SO FAR:
4. - Very recently an anonymous poster on /b/ claimed to have hacked Sarah
5. Palin's Yahoo e-mail account.
6. - Sarah Palin used the e-mail address gov.sarah@yahoo.com for public
7. communication. Several media outlets have confirmed this fact prior to
8. this "incident". SOURCE:
9. http://thinkprogress.org/2008/09/10/palin-email-privilege/ SOURCE:
10. http://www.commondreams.org/headline/2008/09/15-7
11. - The e-mail address that the poster hacked was gov.palin@yahoo.com.
12. This second e-mail address, previously unknown publicly, was used for
13. private communcations.
14. - Yahoo e-mail addresses, unlike .gov e-mail addresses, are not subject
15. to archiving and oversight. This fact has led to controversy from
16. several sources, including fellow Republicans, asking her to release
17. e-mails from her Yahoo account.
18. - The anonymous poster apparently panicked, and released the password
19. onto /b/.
20. - Several other posters on /b/ took screenshots of the Inbox and
21. various e-mails.
22. - Some of the screenshots reference several people in Alaska state
23. government. One of these people is Sean Parnell, Lieutenant Governor of
24. Alaska. Parnell mentions KFQD Radio's Dan Fagan, to whom he gave an
25. interview about Palin's ACES initiative. Lt. Gov. Parnell's e-mail
26. address is verified via an Alaska Republican Central Committee contact
27. listing. SOURCE: http://gov.state.ak.us/aces/ SOURCE:
28. http://www.alaskarepublicans.com/centralcommittee.aspx
29. - One of the screenshots references the Yahoo account fek9wnr, Todd
30. Palin, Sarah's husband who is at the heart of the controversy over her
31. use of Yahoo e-mail for public dealings. The fek9wnr account was
32. verified as being Todd Palin via a public posting to an automotive
33. enthusiast BBS from August 2006. SOURCE:
34. http://autos.groups.yahoo.com/group/centurionconversions/message/2309
35. - Several photographs of her family were allegedly downloaded from the
36. e-mail account.
37. - A scan of profiles.yahoo.com put gov.palin@yahoo.com's profile update
38. date at 04/05/2008, long before any VP nod was apparent. If this were a
39. fake, the perpetrator would've had to travel into the past and create
40. an account or be very good at guessing who the VP candidate would be 5+
41. months later, not to mention faking an overwhelming amount of e-mails,
42. photographs, verified private cellphone numbers, and other information.
43. - A good samaritan in the /b/ thread reset the password account with
44. the intention of handing it over to Palin, a process known on /b/ as
45. "white knighting". This locked everyone else out of the account. The
46. "white knight" posted a screenshot to /b/ of his pending message to one
47. of Palin's contacts about how to recover the account, but made the
48. critical mistake of not blanking out the new password he set.
49. - Several other people in the /b/ thread then apparently logged in
50. using this new password, and they all attempted to reset the password
51. at once, causing a security trap at Yahoo to automatically put a
52. 24-hour lockout on the account.
53. THE AFTERMATH:
54. - Sarah Palin was likely notified of the breach by morning, as she had
55. then deleted both the gov.sarah@yahoo.com address (the one subject to
56. the disclosure controversy in the media) as well as the
57. gov.palin@yahoo.com address (the one that was hacked).
58. - The outright deletion of the accounts can be verified by attempting
59. to pull up the public profile on both addresses, which both existed
60. during the incident. SOURCE: http://profiles.yahoo.com/gov.palin
61. SOURCE: http://profiles.yahoo.com/gov.sarah
62. - Both accounts were deleted simultaneously, thus linking the
63. publicly-known e-mail address "gov.sarah" and the private e-mail
64. address "gov.palin".
65. - This outright deletion may have the potential to be viewed as
66. destruction of evidence, considering that the e-mails in the
67. now-deleted accounts are the subject of several legal controversies.
68. SOURCE:
69. http://www.washingtonpost.com/wp-dyn/content/article/2008/09/03/AR2008090303210_pf.html
70. - Several ZIP, RAR, and 7Z compilations of the downloaded screenshots,
71. contacts, and photos were made available by anonymous individuals.
72. - 4chan is actively (some say over-actively) banning and deleting any
73. posts of the screenshots of Palin's account, contacts, or family
74. photos.
75. - An anonymous poster to 420chan, using information from the e-mail
76. account's contact list, attempted to call Bristol Palin's cellphone
77. number using the AT&T phone relay service. Several others allegedly
78. called the cellphone number itself and got Bristol's voicemail. These
79. posts were quickly deleted by 420chan moderators.
80. - A poster on /b/ did a lookup on the cellphone number which returned
81. this information: Type: Cell Phone Provider: Dobson Cellular Systems
82. Location: Palmer, AK
83. - An anonymous individual has uploaded some of the screenshots to a
84. photobucket account. SOURCE:
85. http://s405.photobucket.com/albums/pp134/anoncrack/
86. - A poster in /r9k/ e-mailed the compilations to ABC News producer
87. Eamon McNiff who he/she claims is a personal contact of his/hers.
88. - Someone submitted a summary to Digg. As of this writing it has only
89. 12 diggs. SOURCE:
90. http://digg.com/2008_us_elections/The_Incident_Did_4Chan_Anon_Hack_Palin_s_Yahoo_Email
91. - As of right now the media related to the incident sits mostly
92. confined to 4chan and rapidshare, and thus either deleted, censored or
93. under the radar.