Begin forwarded message:
From: "Mario Profaca" <[EMAIL PROTECTED]>
Date: September 21, 2008 4:33:39 PM PDT
To: [EMAIL PROTECTED]
Subject: [SPY NEWS] Proxy server trail leads FBI to Palin email hacker
Reply-To: [EMAIL PROTECTED]
http://www.tgdaily.com/html_tmp/content-view-39405-108.html
Proxy server trail leads FBI to Palin email hacker
Security
By Humphrey Cheung
Friday, September 19, 2008 21:44
Anchorage (Alaska) – FBI agents are using proxy server logs to track
down the hacker who broke into Sarah Palin's Yahoo email account. The
hacker gained access to the Republican Vice Presidential candidate's
account by resetting the password. He then posted details of his
adventures up on a popular online forum, but that information is now
leading reporters and federal investigators to the suspect – a
Tennessee university college student and son of state democratic
representative Mike Kernell.
A few days ago, someone going by the name of "Rubico" gloated on
4chan.org that he managed to hack into Sarah Palin's Yahoo account.
He forced a password reset by answering questions about Palin's
birthdate, zip code and where she met her spouse, Wasilla High School.
Of course, by being the Republican candidate for Vice President,
this information is all very easily found on the Internet. After
answering the questions, Rubico reset the password to "popcorn" and
read through Palin's emails.
And it seems he was pretty thorough, saying he read, "ALL OF THEM" on
the boards. He even posted up screenshots of the Yahoo email page,
complete with the full URL (we'll talk about that later). Rubico says
he didn't find anything incriminating and the emails were actually
fairly mundane family pictures and correspondence. But his jubilation
turned into horror as he realized that he didn't take proper
precautions in covering his tracks.
Rubico used a proxy server that shields the source IP address from
website logging scripts. While this sounds great, Rubico posted, "Yes
I was behind a proxy, only one, if this sh** ever got to the FBI I was
FU****"
In his gloating, Rubico posted up screenshots of the Yahoo account
complete with the full URL which included the proxy server url
(ctunnel.com) appended with a unique identifier. For example, we used
ctunnel.com to surf to YouTube and the URL reads -
http://ctunnel.com/index.php/1010110A/58a5cd1e8ab47088982c83282fd768456ebe14f44221026
.
So it doesn't take a genius to go through the logs and match up the
ID to the appropriate IP address and BAM, you got the hacker.
But aren't proxy servers supposed to anonymize your information? Yes
and no. Dan Goodin over at The Register talked to Gabriel Ramuglia,
the owner of the ctunnel.com proxy server that Rubico allegedly used.
Ramuglia is upset about the ordeal because his service was never
meant to be used for illegal activies and says Rubico definitely broke
his site's terms of service. Ramuglia added that every incoming IP
address is logged with the time and destination website.
Ramuglia told Goodin that he hasn't a chance yet to examine his logs,
but added that there is a good chance that it will lead to the hacker.
Since the interview, he's received a call from the Anchorage Alaska
FBI field office and agents there are highly suggesting that he not
lose the logs.
But it gets even better. White hat hackers didn't even need proxy
information to find the culprit because they discovered that the
Rubico forum handle was linked to This e-mail address is being
protected from spam bots, you need JavaScript enabled to view it A
few searches on Google and YouTube further links this email address to
20-year-old David Kernell, a student at the University of
Tennessee-Knoxville. His father is Democratic Tennessee state
representative Mike Kernell.
As you can expect, the Yahoo account has been frozen and all the
incriminating forum posts on 4chan.org have been deleted. But this
didn't stop Wired.com from printing some of the posts. Don't you just
love it when hackers brag about the "leet" skills?
------------------------------------
-__ ___ _ ___ __ ___ _ _ _ __
/-_|-0-\-V-/-\|-|-__|-|-|-/-_|
\_-\--_/\-/|-\\-|-_||-V-V-\_-\
|__/_|--//-|_|\_|___|\_A_/|__/
SPY NEWS is OSI newsletter and discussion list associated to
Mario's Cyberspace Station - The Global Intelligence News Portal
http://mprofaca.cro.net
http://spynews.byethost13.com
Since you are receiving and reading documents, news stories,
comments and opinions not only from so called (or self-proclaimed)
"reliable sources", but also a lot of possible misinformation
collected and posted to Spy News for OSI purposes - it should be
a serious reason (particularly to journalists and web publishers)
to think twice before using it for their story writing, further
publishing or forwarding throughout Cyberspace.
To unsubscribe:
mailto:[EMAIL PROTECTED]
*** FAIR USE NOTICE: This message contains copyrighted material whose
use has not been specifically authorized by the copyright owner. Spy
News is making it available without profit to SPY NEWS members who
have expressed a prior interest in receiving the included information
in their efforts to advance the understanding of intelligence and law
enforcement organizations, their activities, methods, techniques,
human rights, civil liberties and other intelligence related issues,
for non-profit research and educational purposes only. We always
mention the author and link the original site and page of every
article. We believe that this constitutes a 'fair use' of the
copyrighted material as provided for in section 107 of the U.S.
Copyright Law. If you wish to use this copyrighted material for
purposes of your own that go beyond 'fair use,' you must obtain
permission from the copyright owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
SPY NEWS home page:
http://groups.yahoo.com/group/spynews
Mario Profaca
http://mprofaca.cro.net/profaca.html
e-mail: mario.profaca[at]zg.t-com.hr
SPY NEWS owner & editor
Yahoo! Groups Links
