September 18, 2008

"Other /b/tards were displeased to miss a chance at the lulz."

Explaining the Palin email hacking. I'm slightly interested in the lingo and folkways of these internet people -- previously discussed here. It's important to understand that there are people like this.

110 comments:

AJ Lynch said...

Shouldn't the Secret Service have buttoned up and secured stuff like her email passwords, etc about three weeks ago?

Or is this another case of "Nice Job Brownie"?

Sloanasaurus said...

Maybe the Secret Service is corrupted by democrats just like the CIA and FBI.


Expect only more dirty tricks under an Obama administration. Look how effective liberals have been when they are not in power.

Pogo said...

That guy, however, didn't do it for the lulz, he did it, as Victoira pointed out, and he admitted,
"what I concluded was anticlimactic, there was nothing there, nothing incriminating, nothing that would derail her campaign as I had hoped, all I saw was personal stuff, some clerical stuff from when she was governor".

Larry J said...

Back in the late 1980s, some punk released a worm that brought the Internet to its knees. He was eventually caught. The late Mike Royko wrote a column about the punk that went something like this:

"People are praising this kid. Personally, I think he should be put into a jail cell with some big hairy guy who'd say, 'From now on, you answer to Margaret. Come here, Margaret!'"

erniecu73 said...

So, it was not all for the lulz and nothing but the lulz? orly? ::shock::

MadisonMan said...

As I noted last night, it's foolish to view this through the prism of the election. The hacker could easily have been a Russian or Chinese or AQ spy who would not have posted information to the internet, but instead used it for other social engineering attacks.

A great question for McCain and Palin is why were the lost password questions for Palin so easily guessed? Yes, it's an old account, but useful information comes from all sorts of places.

And I echo aj lynch's question at 7:56.

Outis said...

So, then, the /b/tards are in fact tards. Good to know.

vbspurs said...

It's important to understand that there are people like this.

The hacker's alleged name is Rubicon. This is possibly his blog.

this page is dedicated to showing what has happend to scociety these days, now i am not going to be a hipicrit here and say im "fair and balanced" like FOX news, it is imposible to do so, we are humans and are very falable, but less than perfect is better than nothing, its much like limits in calculus, you can get infintely close to the variable but it is impossible to reach it. Also, this is intertwined a bit with my expriences because most of our behaviors are formed by scociety and our experienes. My name is (deleted). I am 15 a white cacasian male i live in memphis, TN. My favorite and only hobby is chess, more like an obsession. I am not afraid to say that i have acute depression and have been institutionalized twice, one at th age of 9 in Texas and one this past year. I have been strugleing with this for my entire life and have finally come to the conclusion that being stoic in most of life's issues is of the untmost importance. i have to go to sleep now, its 2 AM here. notice, i never say goodbye or c ya

This kid reminds me of that Virginia Tech weirdo, no offence.

vbspurs said...

/not name. ID.

/and he would 20 years-old today, as it was an entry written in 2003.

Ken said...

Sullivan approves of the hacking. Here he is chortling.
http://andrewsullivan.theatlantic.com/the_daily_dish/2008/09/vetting-palin.html

erniecu73 said...

He needs a dictionary, urgently. I mean, this is not even l33t, it is a pretty plain and horrible destruction of English.

vbspurs said...

Finally lawyers, politicians and used car salesmen are off the hook.

Andrew Sullivan is lower than even then in the pond scum pecking order.

Sloanasaurus said...

The hacking fits Obama's campaign message.

Obama is running the most divisive campaign in modern times. 80+% of his ads are attack ads. An Obama election will mean 4 more years of a divided America and no solutions to our problems. Obama will be the next George W. Bush.

Rich B said...

The moral of the story is that you must always remember that web accessible email accounts are not really private.

Oh, and the end justifies the means if you have to stop the wingnuts.

vbspurs said...

I mean, this is not even l33t

Ernie, you ARE hard-core about the exigencies of language! ;)

He was 15 years-old then. You can actually see that he's rather intelligent, in an introspective, Young Unabomber type of way...

Bob said...

Losers like this are common in online games such as WoW, they specialize in "griefing," ruining other players' gameplay. A perfect example of it is the famous Leroy Jenkins video you can see on YouTube. That tells you all you need to know about the mindset of these juveniles.

Yachira said...

"A great question for McCain and Palin is why were the lost password questions for Palin so easily guessed?"

That's right Madison Man, it's her fault! Just like those women who get raped, right?

Peter V. Bella said...

Gawker is upset.

By email, by telephone and by cable television comes a consistent message for Gawker: We should all be woken in the middle of the night, hauled off to jail, and locked away maybe forever for publishing some of Sarah Palin's emails, including her daughter Bristol's phone number and husband's previously-known email address.

Well, um, yes. That is exactly what we expect.

Of course had someone did the same to them; hacked in, got their personal emails, and published them all over the web, they would never demand something be done. And I have a bridge to nowhere to sell you too. Hypocrites!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

erniecu73 said...

vbspurs said...
I mean, this is not even l33t

Ernie, you ARE hard-core about the exigencies of language! ;)

He was 15 years-old then. You can actually see that he's rather intelligent, in an introspective, Young Unabomber type of way...

8:30 AM


Yes, sorry, I am. LOL, srsly.

I can see the potential and the similarities.

Peter V. Bella said...

Larry J,
Mike Royko was the best. One of the last real reporters. He was the guy you loved to hate and hated to love; but read every time his column was out.

BTW, he never went to a fancy. schmancy J school either.

MadisonMan said...

Yachira, as I told Victoria last night, that rape analogy is incredibly weak, and here's why.

All Government employees and contractors (Dept of Commerce, at least) get to take a Security Quiz every year, and one thing that is emphasized is that it is part of your job to keep all your email accounts secure. Work and non-work ones. So I see this as someone failing at their job of keeping accounts secure.

Explain to me how is it someone's job to prevent unexpected violence from being perpetrated on their body and I will accept your lame rape analogy.

Peter V. Bella said...

Obama will be the next George W. Bush.

Talks just like him too.

Peter V. Bella said...

Ken said...
Sullivan approves of the hacking.

I approve of caning. Sullivan would be number one. One hundred lashes.

Pogo said...

" it's foolish to view this through the prism of the election"

That does not fit with the perpetrator's own admitted motive: to "derail her campaign as I had hoped".

Not foolish at all.'
Mandatory.

Simon said...

Ken said...
"Sullivan approves of the hacking. Here he is chortling."

Whaddya know, it turns out that some people are what they eat.

Honestly, the people excusing this, or shrugging their shoulders at it, or worse yet, blaming Palin... I don't know what's gone wrong with their sense of decency, and alas, that includes at least one regular commenter here who ought to know better.

Orin Kerr makes it clear that if this person is found, there are at least two criminal charges that could be filed against them with years of jail time. I say throw the book at them. The only sadness I have is that it looks as if Gawker and the other abettors can't be take down too.

Simon said...

It really has become clear that at long last, the left has thrown even the pretense of civility out of the window. Just when you thought that the bottom of the barrel had been scraped clean, they find a whole new layer of slime. I would say that I think that by the end of this election, there are people whose calls I'm going to stop returning, but I expect them to break ties first. It's become almost impossible to maintain cross-partisan friendships.

Simon said...

And that's very sad.

Too many jims said...

MadisonMan,

It is important to note (and I do not mean to suggest you hold a contrary view) that it is possible to simultaneously hold the views that (1) the "hacking" of her e-mail is vile and should be prosecuted to the fullest and (2) assuming the account was used for official government business, it demonstrates that the individual is reckless and incompetent as a public official.

El Presidente said...

I must say that when I first read this I thought it a spoof. Why did anyone go to such lengths, and take such risks, to publish such pablum. An effective propaganda ministry could have fabricated more 'telling' email, and released those to the media. Do you think Gawker did an independent confirmation? Do you think the other news agencies that are channeling Gawker did?

Another opportunity squandered.

MadisonMan said...

jim, I don't mean to suggest that the hacking is not vile. (You know there's a but coming)

BUT -- this kind of hackery is being tried by govt-employed hackers in Russia and China. It's foolish to think otherwise. Does it matter to me that a public official is so ignorant of internet security that they can have their account hacked? Yes.

Sy said...

If the hacker found nothing incriminating or embarrassing in Palin's email account, doesn't that speaks volume? Maybe Palin is not the extremist, whacko job these people made her out to be ...you think?

Simon said...

Peter, reading that post, actually I'd describe their mood as smug rather than upset. Alas, smugness appears to be justified at this point - they don't appear to be touchable, criminally or by civil suit.

vbspurs said...

Explain to me how is it someone's job to prevent unexpected violence from being perpetrated on their body and I will accept your lame rape analogy.

Let me try.

It's like women not taking "precautions" not to be raped, by avoiding to wear short skirts or being sexually overt, and therefore practically asking to be violated.

Palin also didn't take safety "precautions" by daring to use a podunk Yahoo account, and thus both the rape victim and the Governor deserved all the grief they got.

Pogo said...

Madison Man,
The demand for absolute internet security on government matters is misapplied concerning a benign yahoo account meant for boring family crap.

Plus, I agree, it looks like you're saying she deserved it for being so stupid, hence the 'rape' similarity.

Simon said...

Too many jims said...
"assuming the account was used for official government business"

I refuse to read the emails, but from reading second hand accounts on both left and right, I had thought that there was no indication that the email address was so used?

I'd also point out that this is designed to play into a larger whine by the left, the complaint about records retention and nosy parkers trying to get hold of government communication. I agree that government business shouldn't be transacted in private email, but what do you think is going to happen if official email is subject to retention requirements? This country is at risk of taking governmental transparency to absurd and counterproductive lengths.

Simon said...

You can see the same trend in Congress, too - members can't transact real business on the floor because they don't want to do so on camera. So one of two things happen: real legislative work gets moved off the floor and entirely off the record, or it just doesn't happen at all. In trying to make Congress more transparent, we've made it less transparent and possibly contributed to its mounting (and in my view, now crested) dysfunction.

Pogo said...

If only there were cameras and mics in the Congressional hallways, toilets, sidewalks, restaurants, cell phones, and homes, then finally we would have honest government.

Yeah, that's the ticket.

Bissage said...

IM IN UR EMALE



LOOSIN MAI SOUL

erniecu73 said...

Bissage said...
IM IN UR EMALE



LOOSIN MAI SOUL

9:15 AM


10+, you win!

Pastor_Jeff said...

Game over.

Bissage wins the thread.

MadisonMan said...

pogo, I'm not saying she's stupid, just ignorant on internet security. I hope she has learned a little about it in the past 24 hours.

Benign family crap is the kind of stuff that is useful for a social engineering attack on an account. You hope that your IT people are savvy enough not to fall for something like that. But people do want to be helpful, and that's a security problem.

AJ Lynch said...

I am questioning our own govt security protocols not Gov. Palin's.

WTF didn't the Secret Service button up this stuff weeks ago? Is that so wrong to ask? Does anyone in govt actually do their job anymore?

vbspurs said...

You hope that your IT people are savvy enough not to fall for something like that.

Having said what I did before, I will say this -- if a hacker like this kid could take 45 minutes to hunt around for answers on Wikipedia, to crack her password, now that reflects badly on her.

Apparently, her password was her date of birth and another important date, plus the Yahoo security question was "Where did you and your husband meet?" -- answer, Wasilla High.

The worst of it is not that they cracked her account, believe it or not. It was the possible mischief they could've created.

Imagine all the bogus emails they could've concocted, regarding all the hot button issues people hold against her.

Homosexuality. Banning books. Being a bad mum. Troopergate.

Sure, it could've been debunked, but people would've dragged it out and even believed it anyway, like the Trig rumours.

God, the mind reels.

Roger J. said...

Re use of computers for "official business." I do not know what the laws of Alaska specify, nor am I remotely interested in reading governor Palin's emails so I cannot comment on whether they could constitute official business.

I would suggest drawing a distinction between "official business," and classified or otherwise sensitive information (eg, SSNs). Government employees frequently send files from the office to their homes to work on in the evening and email it back to their office addy when finished.

Roger J. said...
This comment has been removed by the author.
Simon said...

MadisonMan said...
"pogo, I'm not saying she's stupid, just ignorant on internet security."

Rephrase it how you like, but what you're doing, on a basic level, is orienting this story about the concept that Palin did something wrong. That is what's indefensible - unconscionable, even - about your position (although I acknowledge you aren't the only one, you're just one of the few I expected better from), and it's why Victoria is entirely correct to charge you with blaming the victim.

Roger J. said...

Too bad Gov Palin is not a terrorist (although clearly half the country seems to think she is) and it was the FBI hacking into her private email. Civil libertarians would be up in arms. I eagerly await strong condemnation from the NYT--perhaps James Risen should write about this.

dmfoiemjsof said...

Pogo you don't understand what lulz are. Derailing her campaign would have generated massive lulz for all the /b/tards.

MadisonMan said...

Victoria, I haven't read what the passwords were, but what you wrote sounds more like the questions you can post to yahoo to reset your password when you forget it. That is my understanding of how the account was hacked.

The easiest way to get around that potential risk is to make up answers to the questions. What is your mother's maiden name? Ph0t0synthesis. That's not something someone is going to hack very easily.

Simon, she did something that she shouldn't have, yes. Because she didn't know better. Like millions of other internet users. The difference is that I hold potential public officials to a higher standard.

John McCain has the right idea: Don't use email.

Pogo said...

"Derailing her campaign would have generated massive lulz for all the /b/tards."

Oh, I understood that, all right. The original agent provocateur, however, was motivated by more than mere barabaric vandalism. His post was political.

He can try to hide behind the "anarchy is fun (but has a really bad dental plan)" banner, but I call bullshit when this has not happened similarly to Oabama's people.

Pure bullshit.

John Lynch said...

No, you do not need to know about 4chan. It's a waste of time. And it's not a very nice place.

Hoosier Daddy said...

It's become almost impossible to maintain cross-partisan friendships.

Simon, I could not agree with you more. I have several liberal friends in my circle of cycling buddies who I simply told I will not discuss politics anymore, period. It has gotten to the point where a friendly debate ends up in a heated argument where the phrases ‘fucking Bush and fucking Republicans’ is uttered every fifteen seconds. Now that kind of hatred is spilling over on Palin and like her or not, some of the filth being leveled against her is simply beyond the pale. DTL, Alpha and Lucky can do so to their hearts content, I don’t know them , don’t wish to and simply scroll past their drivel but when I hear similar stuff come from people I associate with and consider a friend, it certainly gives me pause to re-evaluate if that is really the type of person I wish to associate with and that’s pretty sad.

vbspurs said...

‘fucking Bush and fucking Republicans’ is uttered every fifteen seconds.

Same here. I have no friends from Univ. left that I speak to regularly, because they are all BDS-sufferers, Truthers, Obamabots or variations thereof.

The problem is that I don't necessarily want to be surrounded by Conservatives. I like sparring, and this is why I cling to Althouse like a raft to a drowning woman.

I don't mind people questioning my reasoning when I tell them I'm Republican.

I do very much mind when they start to use conspiracy theories to justify theirs, or frankly, the anti-semitism I find in the Left, WRT Israel. The Palin elitism was just the latest punch to my gut. I simply do not recognise the Left today.

A friend of mine who was a die-hard Hillary supporter tells me she finally understands what I have been going through.

That makes me even sadder.

Tibore said...

Ok, a lot of people are misunderstanding what happened here. First of all, Palin's Yahoo account was never "cracked". That's a specific term referring to decryption. And very importantly, it's not determined that Palin's password was insecure. Read the Malkin reprint of the offender's post. What happened here was that her account was locked because of a massive influx of traffic (presumably spam), and someone was able to use the password recovery system to their advantage.

Again, major emphasis here: It is not determined whether her password was insecure. Sorry for the bold type, but reading this thread, I see that the misconception is that her password was based on publicly available information. It was not; that assumption is incorrect. The "security questions" are what ended up being based on publicly available information and that is not her fault; use of private questions are the way most password recovery systems are designed to work.

So before we start gigging her on being insecure with her password, let's understand that the account was never "hacked" that way. From what the offender wrote, her original password was never guessed. Her private information was simply revealed to not be so private, and the email account's password was changed based on that publicly available information, because the recovery system is designed to work that way.

Now that that's said, we can get back to the conversation.

reader_iam said...

You know, I've maintained cross-partisan--in my case, in both directions--for years and have been able to cope with a high-degree of (potential and actual) tension. There are two lines I draw. The first (the lesser) is consistent, broad-brush characterizations of the other side that seek to demonize. The second, (the deal-breaker) is such statements as "people who support candidate 'x' are stupid" and other clear indications of "if you don't think AS I do or in the WAY that I do, you're stupid." There are commenters here, for example, for whom I used to have a great deal of respect who have crossed that latter line, and in at least one case, flat-out and in pretty much those words.

Couple that particular self-indulgence with a refusal to look into a mirror as to one's own contributions to cross-partisan ire, and--as I said--that's the deal-breaker for me.

vbspurs said...

Tibore is right, guys.

This is the hacker's own words:

Hello, /b/ as many of you might already know, last night sarah palin’s yahoo was “hacked” and caps were posted on /b/, i am the lurker who did it, and i would like to tell the story.

In the past couple days news had come to light about palin using a yahoo mail account, it was in news stories and such, a thread was started full of newfags trying to do something that would not get this off the ground, for the next 2 hours the acct was locked from password recovery presumably from all this bullshit spamming.

after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)

the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs.

I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…


So this means at the very least, the security question should be something very obscure or nonsensical, like Photosynthesis mentioned earlier.

UWS guy said...

Passwords and accounts get stolen all the time. She was probably downloading porn or her daughter was probably ripping illegal music and got hacked.

comparing getting your YAHOO! email account hacked with being raped is sexist! Making the comparison belittles actual victims of rape also.

although...someone did violate her yahoo...

vbspurs said...

I was thinking about this, as I read his hacking sequence. I realised I myself could've hacked her account, given the fact that I know her info by heart.

Born Dec. 4, 1964.

Zip Code: 99654, I've seen her income tax returns.

(Interestingly, there are 5 not 2 as the hacker mentioned, HMMM)

And since I read the Kaylene Johnson bio, I wouldn't even have had to Wiki the info on where they met.

God, that's scary.

vbspurs said...

Err, 11 February 1964. I memorised the wrong date. I am not l33t.

UWS guy said...

Of course the real question is why was the governor using hidden email accounts to conduct state biz?

Tibore said...

"So this means at the very least, the security question should be something very obscure or nonsensical, like Photosynthesis mentioned earlier."

Well... that's one way to do it, I suppose... but the whole purpose of private questions types of password recovery systems is to make such a recovery process based on stuff you'll remember. Yes, true, that's a flaw in Palin's case, but there's no real good way around things.

Frankly, the best security would come in the form of an institution running their own email service, not depending on an outside source. Where I work, for example, university business cannot be conducted on anything but the university email systems.

Outside of that, the best choice is to select the "write your own" question; you can make it truly obscure when you do that. Things like "Your high school mascot" or "Your city of birth" are too easily found.

If we're talking password security - and remember, this wasn't really a password cracking, so I'm getting off topic here - the best thing is a "passphrase", not a password. Take a sentence, misspell a couple of letters with random characters, or insert random non-alphanumerics (i.e. "!", or "$", or "*") in spots, but make it long. The way password encryption works is that the whole thing is taken as a chunk, so a very long but simple passphrase is actually far more secure than a slightly shorter but completely random one. The math behind that can be looked up on the 'net, but trust me, it works out.

As far as private questions recovery systems? Well, again, the more obscure the question, the better. If you can write your own, you should. Barring that, make sure you base it on stuff you'll remember, but isn't easy for someone to discover.

Yeah, this is one of the things I deal with in my current job. It may stink to have long passwords and come up with obscure but memorable questions, but trust me, the alternative of getting an account broken in to is much, much worse. Even if you're not a public figure like Palin, it's a pain in the a** because most "break ins" are not committed to get at the contents; rather, they're to create a starting point for spam cannoning across the internet; use someone else's account, and tracing back to you becomes painfully difficult. So yes, even if your Yahoo or Google account is just for benign family crap, it's still a target.

Meh... my post just turned into a PSA...

Peter V. Bella said...

Does anyone in govt actually do their job anymore?

You had to ask that, right?

MadisonMan said...

but I call bullshit when this has not happened similarly to Obama's people.

I can think of several possible explanations.

(1) The right-side of the political debate just has too many scruples to stoop to something so low as trying to hack an email account.

(2) The right side of the political debate has hacked Obama accounts, but they haven't publicized it -- this way Karl Rove has continued direct access to Obama's brain.

(3) The right side of the political debate is too stupid (er, st00pid) to hack because they lack the technical wherewithal.

(4) It's harder to hack into Obama's account(s) because he's more technically savvy than Sarah Pain.

(5) Obama has a tech team around him that works to prevent this kind of thing.

Most likely: (5). By a mile. Then (2), (4), with (3) and (1) tying for last.

As a sitting Senator, Obama will have had lots of emails and lectures on internet security. I'm not sure what the policy is for the Government of Alaska, but I think the emphasis on security isn't quite so strong, given the recent turn of events.

reader_iam said...

Tibore: You saved me the trouble of writing a similar comment about "writing your own questions" and password protocol. Ditto.

Peter V. Bella said...

Lulz is the one good reason to do anything, from trolling to rape. After every action taken, you must make the epilogic dubious disclaimer: "I did it for the lulz".

reader_iam said...

An example (which I haven't used) from my mental list of questions to use that are both easy to remember but pretty obscure, both as to the question and certainly as to the answer: "In which neighborhood did someone first offer you a joint when you were a kid?"

MadisonMan said...

You had to ask that, right?

hee hee. I suspect the McCain/Palin campaign will say it's the Secret Service's job, and the Secret Service will say it's the McCain/Palin campaign's job.

Pogo said...

I was quite glad to hear Obama advise the dogs to let up on Palin. Family really ought to be left alone, especially kids.

This stuff is just ugly. Ugly.

Even though the outcome was nothing, no deal-killers or shockers or even lulz, it tells me again we live in an extremely uncivil time.

There is no longer a presumption of privacy, not for anyone. The /b/tards are no different than someone rifling through your mailbox or garbage. it's just wrong, and while it might indicate something about Palin, it indicates very little. (The Secret Service was caught flat-footed, though.)

BTW, the weekend in the woods I had inquired about a few weeks back, in which a libertarian conservative and a lefty liberal and I shared kayaks and meals and fireside chats went very very well. A few slips here and there but fun.

Simon said...

Hoosier, I've had similar experiences, but for me it goes even further - it's not just "let's not talk about politics," it's "I don't know that I want to be friends with someone who thinks people like me ought to be put in prison." A high school friend of my wife's kept forwarding all this stuff decrying the evil rethuglican slimebags, and I eventually reached a point where it was like, look - if you hate these evil rethuglican slimebags, and you know I'm one of them, why in the world do you even want to know me? And if that's your opinion of me and people like me, I don't think I want to know you.

They have this bizarre disconnect. It's like they repeat all the daily kos stuff about Republians in abstracto, yet they don't behave that way towards Republicans that they actually know, and they don't seem to recognize the disconnect.

This will not pass if McCain wins, I suspect. They're already amped up to keep the same fever pitch against Palin. And honestly, I don't think it's worth electing Obama just to try to placate these people, to restore some semblance of temporary civility.

Too many jims said...

Simon,

If she did not use the address for governmental purposes then I certainly wouldn't call her reckless and incompetent.

You raise a good point that there are a variety of reasons that elected officials may have mulitple accounts. If I were an elected official, I would have (at least) three email profiles. 1 for private correspondence, 1 for political correspondence and 1 for official business. And I would insist on increasing levels of security. I might use a yahoo type email for personal email but there is no way I would use something with that lax security for political much less governmental business. (It would be a pain in the ass to keep them all straight particularly since there would be overlap.)

Further you make an interesting argument against transparency. While I understand your point I would have two points in response. First, if you are in favor of decreased transparency you have to accept that argument in a democratic administration (which you may be willing to do, but I suspect some on the right would be howling if a democratic administration was doing things to decrease transparency). Second, while I think there may be merit to your argument, it is a tough sell to argue for less transparency in government.

Glen said...

Theres one aspect of this hack that I haven't seen explained.

The hacker guessed a few answers to get Yahoo to reveal Palin's password and/or User ID.

That info would then be sent to Palin's alternate email account -- a pre-existing and functional email account that Palin specified when she created the Yahoo account -- where forgotten passwords would be sent in the event they were ever needed.

Perhaps this was her well known government address. Perhaps not.

In any event, how did the hacker retrieve the emailed password info from this alternate account?

Hoosier Daddy said...

They have this bizarre disconnect. It's like they repeat all the daily kos stuff about Republians in abstracto, yet they don't behave that way towards Republicans that they actually know, and they don't seem to recognize the disconnect.

Well its the disconnect I can relate to. One of my cycling friends told me he actually celebrated when Reagan died. Yet this is the very same person that will attend a candlelight vigil outside the governor's mansion when Michigan City executes a cold blooded murderer. It is that very kind of disconnect which makes me wonder if the extreme liberalism is actually a mental illness as the death of a ideological opposite causes joy but the death of a murderer garners sympathy.

This will not pass if McCain wins, I suspect.

I can only imagine it being worse and that does indeed frighten me.

Cedarford said...

Simon said...
Ken said...
"Sullivan approves of the hacking. Here he is chortling."

Whaddya know, it turns out that some people are what they eat.


Cold crack on the old Queen, but appropriate.

=====================
Yes, if she had only been a terrorist and it was the FBI invading her "sacred rights" and hacking emails, the usual NYC-based media figures would be springing to her defense.
=====================
We need better privacy laws. Technology marches on, and it is a mistake to leave deciding what is permissable or not to a lawyer who a politician decided to reward with black robes for services rendered.

We can grab most stuff off cell phones, includng text messages. Shall we make encryption chips commonly available for cell phone users? What about remote operated micro cameras? Given CCTV can solve crimes and basically seal the deal on criminal sentences - where are they appropriate? What about scanners that can detect a concealed handgun, operating on city sidewalks and housing project
entrance/exit pathways.
And, what about laws that aim beyond the "source" - to those that duplicate and transmit privacy invading material to the public?

Tibore said...

"In any event, how did the hacker retrieve the emailed password info from this alternate account?"

That's not the way the Yahoo password recovery system works. You type in the Turing test code, then answer the private questions, then you're taken to a form where you simply enter in a new password. So no reliance on the alternate address is required. You don't get a password sent to another account, you're simply allowed to enter a new one right there and then.

Simon said...

Jim, I don't know that I'd describe it as being "against transparency." Let me put it this way: the most transparent institution in government, as I see it, is the Supreme Court. Its deliberations are entirely in camera; all we know is what goes in, what questions are asked at argument, and what comes out. Yet everything the court does must be supported by written reasons. There are innumerable cases where even Bill Brennan had to come out for a "conservative" result because there was just no remotely credible argument that could be made for doing otherwise. To be sure, there are times when the given reasons aren't the real reasons (just look at Kennedy v. Louisiana, for example), but for reasons that apply peculiarly to that branch and so don't matter for our purposes here.

In Congress, the effort to make all information available has created a situation where a lot of the really important stuff gets pushed off the record. That's part of a broader pathology with Congress, I think - I think Congress is basically broken and I don't know how to fix it, but removing the cameras might be a good start.

Similarly, I'm not arguing for an opaque executive branch, but I do think that there needs to be room for the President to get candid advice and to have candid discussions with their subordinates, and that there should be a cocoon of opacity around those interests. The trade off, I suppose, is that the executive branch must earn privacy for its deliberative process by being more transparent - as the court is - with its inputs, outputs and reasons. Yes, that goes for Democratic administrations too.

I'm not against transparency in government, I just don't think that it's a transcendent imperative. It's one of several competing interests and its value should be weighed against countervailing interests. I think that lately, the balance has gone too far towards attempting to increase transparency with the predictable result that transparency has actually decreased.



MadisonMan said...
"Simon, she did something that she shouldn't have, yes. Because she didn't know better. Like millions of other internet users. The difference is that I hold potential public officials to a higher standard."

Even stipulating that much, you have thusfar seemed to regard her doing of something she shouldn't as worse than the hacker's doing of something he -- and inevitably it's a he -- shouldn't. And that's disgusting.

Fen said...

MadisonMan: So I see this as someone failing at their job of keeping accounts secure.

Thats a lame response, and as we know now, not based on the facts surrounding this incident.

I am surprised to hear it coming from you. You're usually the voice of reason from the Left side of this blog.

BTW, no internet system is completely secure. It would be a simple thing to hack Obama and then righteously declare that HE is a security risk, unfit for office, ignorant about the net, incompetent, etc.

David Walser said...

Re: Did Palin violate government security procedures by using a Yahoo email account?

It does not appear Palin used the Yahoo account for government business. Instead, it appears a long time associate used this address to send Palin a message that related to government business. How's that Palin's fault?

When my son wants to reach me, he sends me a text to my cell phone telling me, "You've got email!". He then sends me an email message addressed to my business AND my personal accounts. It matters not that I've asked him not to send me personal messages to my business address. He still does. Similarly, some of my business associates send messages to my personal account (because that email address hasn't changed in 8+ years, while my business address has changed several times). None of us can control which address people use to send us messages. We shouldn't blame Palin for failing to do the impossible, either.

reader_iam said...

None of us can control which address people use to send us messages.

!!!

And the problem one solution--block the sender--even assuming one has that option (I do, on some accounts) is that it's a sledgehammer (and then people just try other accounts, so it's possible you've just shifted the problem.)

I propose a Nobel Prize, or something, for the person who can solve all that in some sort of comprehensive way that avoids obvious pitfalls. I'm not sure it's even possible. (I am sure it's way above my paygrade, skill sets and technical smarts.P

David Walser said...

Re: Did Palin fail to keep her Yahoo account secure?

Duh? Of course she did. The real question is should we blame her -- hold this as a moral failing -- for this lapse? I sure hope not. I don't want to judged by that standard. I suspect Palin established her Yahoo account years ago, when she was not nearly the public figure that she is today. IIRC from when I set up my own Yahoo account years ago, the "security questions" were limited in number. (I remember when "Birth date" and "Mother's maiden name" were the only questions available on many systems.) So, Palin may not have had the ability to select better, more obscure, questions to answer. Other than doing as Madison Man has suggested, and purposely giving the "wrong" answer to the questions, there was little, years ago, Palin could have done to make her account more secure.

Of course, a lot has changed since the old days. Today, many networks allow you to write your own security questions. Palin should have gone back and updated her Yahoo account to take advantage of these new security features. How many of us do that? How many of us even think of doing that? Personally, without knowing much more, I'm unwilling to view this failure as some sort of moral lapse on Palin's part. It's like blaming her for not protecting her house better because she failed to upgrade the locks to something requiring a retina scan.

reader_iam said...

Well, of course you can control what addresses you give out and to whom, and I do have a whole number that are very restricted or designated only for specific purposes (for example (generic titles follow to illustrate the point), "register" for all registrations; "news" for info subscriptions; "opinion" for opinion subscriptions, "shopping" for shopping; and so forth.) Most of those we maintain on private mail server.

The problem is with the other types of addresses and, above all, that some of the worst offenders are those who are more likely to have need of more than one address type--business, personal, group affiliation (i.e., certain family members, colleagues who are also friends, colleagues who also belong to certain civic groups, etc.)

Eh, well. It's a hairball.

Bruce Hayden said...

First, many are talking about whether official business was conducted on the Yahoo account. But that is the reverse of why she probably had it in the first place. Many employers, esp. governments, have prohibitions against personal use of their email systems. So, almost by necessity, a personal account is required.

Secondly, the difference between Sarah Palin and the rest of us is that the personal information that was used for key recovery was on the Web, accessible via Google, and much likely on Wikipedia (though why the hacker didn't know that they met in HS is beyond me - most of us here knew that fact, as well as that she still had her house in Wasilla). It is because she is running for VP on the Republican ticket that this is all available (maybe it would have been if she were the Democrat, but that is probably not as certain). So, when she set up for key recovery, years ago, this information on her was not easily available. And that was the problem, that she likely forgot that she had set up for key recovery with that information. After all, it is just one of those steps we all go through most of the time when we set up a new account, and then rarely use it.

MadisonMan said...

It would be a simple thing to hack Obama and then righteously declare that HE is a security risk, unfit for office, ignorant about the net, incompetent, etc.

For some definition of simple. And I'll be right there along with Peter V. Bella saying this is indicating just that. But I notice it hasn't happened to Obama, despite what I presume are attempts, for reasons I noted at 11:09.

I do hope you see the potential security risk of having a Vice President with a yahoo mail account. Even an inactive one is full of information that can be useful.

LoafingOaf said...

I love how people use this unfortunate incident to make sweeping statements about Obama (as if HE asked someone to hack the account!), Democrats, and the Left.

The woman is running for VP, has been the most talked-about person in the media for weeks now, and had an easy-to-hack email account. Her security question's answer was almost comically simple for someone to figure out. I've known since junior high school to have things more secure than Palin did.

If Obama or Biden were similarly careless in their email security, of course they'd be hacked too.

McCain's people should've warned her about this.

Heck, I'm extra careful to keep my stuff secure, and I'm just another person in the world, not the most high-profile politician of the month.

And look at the right-wingers on Althouse trying to make Andrew Sullivan somehow guilty of all this. LOL Classic. Just because he found it amusing that this un-vetted VP candidate had her email un-secure and a sitting duck for hackers. Oh no, Sullivan wasn't suffiently outraged for the commenters here, so he's pond scum!

As far as I can tell, the blogger who is most giddy about this email scandal is Michelle Malkin, who's always trying to find something which she can try and spin as the latest proof that all Obama voters are unhinged, vile people and it's no surprise because Obama hangs out with...terrorists! Guess what, Michelle? I'm voting for Obama specifically because I'm hoping terrorists will finally have someone on their side in the White House. Woo Woo! I guess I'll have to be placed in one of the internment camps Malkin advocates. :o

LoafingOaf said...

BTW, I tuned into Rush Limbaugh today for the first time in ages. He was in a screaming rant about Obama being nothing but an evil and sick Chicago "thug" and pathological liar that went far beyond even Andrew Sullivan's strong language about Palin. Althouse listens to Rush and reads Sullivan, but she only attacks Sullivan's rants.

MadisonMan said...

I've been trying to hack into my yahoo account -- well, I just say I forgot my password, and the new password gets sent to my work account.

Maybe yahoo has changed how passwords can be changed. I also tried to look around to find those questions you get asked. Can't find them, at least for my account.

My questions would be: Who choked you on the playground in 2nd grade? What game other than tetherball did you play a lot of in the summer between 2nd and 3rd grade?

Pogo said...

One trick I have learned is to skip any and every entry starting with the phrase "I love how..."

Thanks to all posters so doing; it saves me considerable time.

reader_iam said...

I love how everyone has his or her own tricks and tics for filtering comments (yeah, I do, too).

; )

reader_iam said...

You're welcome!

MadisonMan said...

The aol account was much easier to hack into -- just had to know where I was born, and I could choose a new password and use it. I think it's actually still a netscape.net account (!) even though aol took them over.

Trying to figure out how to change that question is not at all easy.

I love how I can do this. Sorry to put that at the end! :)

Glen said...

Yes I see now that Yahoo only emails the alternate email account if you forgot your user ID. If you forgot your password (and can answer some simple questions) it takes you directly to a new page and allows you to set a new password.

That's convenient for forgetful users -- but it's a horribly lax security protocol.

Chances are, none of this would have occurred if Yahoo sent the forgotten password to a previously determined alternate email account.

LoafingOaf said...

I love how Pogo pretended he didn't read a message that he did read.

I love how the messages he doesn't filter out are from people who are using what some silly hacker did for the lulz as a reason to now cut off all cross-partisan friendships in their lives, because the entire Left has now been revealed as nothing but complete pond scum.

Such silly people here.

I haven't read the Palin emails (since I heard there's nothing damaging in them), but a really clever politician might make their email account easily hack-able on purpose and have the contents that get exposed be stuff that reveals him or her to be a wonderful person in ways no one had ever known before. Hmm, maybe Barack should set up a Yahoo account. Then his hacked emails can show he's better than Palin is in her hacked emails!

LoafingOaf said...

Madison: I have answers to security questions that no one could ever figure out no matter how much they know about me (short of reading my mind).

To the rest: We already knew you thought Obama supporters were pond scum. We weren't sufficently outraged when Michelle Malkin was claiming Obama called Palin a pig. Now we can see how our evil has influenced someone to hack into Palin's account, and when we're not sufficiently upset about that we are the same as someone telling a rape victim she asked for it.

I apologize for Palin's account getting hacked into. I had nothing to do with it, I didn't even know about it till this morning, but nevertheless, I'm voting for Obama, Malkin says he called Palin a pig, and now someone hacked her account. Jesus, we are pond scum.

Pogo said...

"I love how Pogo pretended he didn't read a message that he did read."

I read this one because it had my name in it. But only up to the end of the sentence, then I stopped and skipped on. Didn't read past your last one after seeing the I love how... signifier; it all turns into blah blah blah xxxzzzzz mush for me.

I just can't read certain comments anymore.


"Jesus, we are pond scum."
The first step is admitting you are powerless over your addiciton.

LoafingOaf said...

Here's an example of the deeply homophobic tactics the unhinged Right Wing blogosphere have been using to silence Andrew Sullivan: http://notropis.net/Sulli001.jpg

That nastiness appears on the high-profile right wing blog Ace of Spades, which has spent the last few weeks upping the ante on their homophobic attacks on Sullivan. Basically, the position of that prominent right wing blog and its commenters is that Sullivan suffers from AIDS-induced dementia. Nice folks you've got there in your right wing blogosphere, Simon. No wonder you have trouble with cross-partisan relations.

LoafingOaf said...

I read this one [despite claiming I'm filtering your "I Love How" messages]

HAHA! Busted.

LoafingOaf said...

Yes, what a lovely right wing blogosphere you've got going on there. Such nice people!

This garbage was commissioned by one of the leading right wing blogs:

http://notropis.net/Sulli001.jpg

If you're not sifficiently outraged, it will me you approve and will show that the right wing is just pond scum. I may not be able to continue cross-partisan relations in my life if they keep this up.

Pogo said...

Nah; ask any parent. Hearing or seeing your name calls one's attention. That isn't news to most people.

Now don't be an insult to pond scum; you have at least that small level of pride, no?

reader_iam said...

I guess Pogo missed my and MadisonMan's jokes as well. Too bad.

reader_iam said...

Wait, not MadisonMan's (his was at the end), just mine.

**Pouts.**

Pogo said...

No way, reader.

My other trick is to always read a reader_iam or MadisonMan post, no matter what the introductory phrase.

You're on a different algorithm altogether, of course.

Mark said...

Loaf-

Okay, so some people are homophobic and treat Sullivan poorly.

That doesn't change the fact that he's behaving like a spoiled brat this election cycle.

Simon said...
This comment has been removed by the author.
Simon said...

LoafingOaf said...
"Here's an example of the deeply homophobic tactics the unhinged Right Wing blogosphere have been using to silence Andrew Sullivan: http://notropis.net/Sulli001.jpg"

You're right, that really is appalling. It is a scurrilous, unhinged lie that Sullivan's reporting accuracy is remotely as high as 8%.

former law student said...

but I call bullshit when this has not happened similarly to Obama's people.

The Guapo* story covering Palin's alleged use of private email for state business gave Palin's yahoo email address right in the story. Who would know what Obama's private email address would be? bho1961@hotmail.com?

*Wouldn't that be a great name for a Spanish summary edition of the Washington Post?

John Burgess said...

FLS: Try Guano. More accurate.

Loafing Oaf: Don't worry about Guantanamo. Worry instead about wood chippers. They give Pinocchios around the world nightmares.

Bissage said...

I’m not about to claim I read every comment at Althouse as carefully as I should.

But maybe this would be a good time to admit I feel genuine affection for some fellow Althousians.

So much so that there have been times when I’ve felt hurt to read a comment that dispelled one or two of my assumptions.

There’s no point to what I’m saying, really.

Just thought I’d throw that out there . . .

And note that this little black duck gives loyalty with great hesitance and calls it back with even more reluctance.

Jeez . . . sometimes I really LOVE you guys!!!

**sniff**

**blows shnozzola**

vbspurs said...

To David Wasler:

A very tiny nitpick. ;)

I suspect Palin established her Yahoo account years ago, when she was not nearly the public figure that she is today.

This is her govsarah@yahoo.com account. It was specifically tied to her as Governor of Alaska.

My feeling is this.

She used Yahoo because it's folksy. It's tied to her persona as approachable, and "one of you".

It was the intended, I've no doubt, to be her send me your gripes type of email address for the Alaskan people.

Bristol and Track had Hotmail accounts, so I conjecture that was her original one and she switched over to Yahoo because of its direct ties to Microsoft. Perhaps she owns stock in the latter.

Okay, now I'm starting to conjecture too much.

Bottom line, the lady is not l33t.

But she'll learn to be now...

Cheers,
Victoria

vbspurs said...

Simon wrote:

It is a scurrilous, unhinged lie that Sullivan's reporting accuracy is remotely as high as 8%.

Never mind that. What the hell is a Feeder?

Oh God, this reminds me when I was on IRC and went to the wrong chatroom. Like 10 men immediately private IMs: ASL. I replied, "No I don't have DSL, I'm on dial-up."

True story.

blake said...

Eh, that's all right, Victoria: I remember innocently trying to engage "DogLover" in a chat room once.

=8-0

blake said...

Explain to me how is it someone's job to prevent unexpected violence from being perpetrated on their body and I will accept your lame rape analogy.

Ah, but this wasn't unexpected, isn't that the point. And neither should violence be in certain circumstances. Most people aren't sitting at home when they get raped. They're in a dangerous environment, like prison.

Heh.

It is, of course, everyone's responsibility to take care of himself (or herself). Whether internet security or rape.

You also have to realize that whether it be internet security, robbery, personal violence or even murder: You can't really defend yourself. If the right person or people wants you dead or hacked, you will be dead or hacked.

What I'm getting from MadMan is that Sarah Palin should have protected this account that had no valuable information in it because it might have had valuable information in it.

That's a very conservative viewpoint.

If Obama or Biden were similarly careless in their email security, of course they'd be hacked too.

Assumes facts not in evidence. Also, nobody has to hack Obama and Biden: There's plenty of material without doing so. They make it on a daily basis.

Heck, I'm extra careful to keep my stuff secure, and I'm just another person in the world, not the most high-profile politician of the month.

I'm not. It's just too much work.

Oh no, Sullivan wasn't suffiently outraged for the commenters here, so he's pond scum!

Sullivan is pond scum because he jumped on the Trig-is-Bristol's-baby bandwagon and has never really jumped off.

Just for starters.