Around September 10 a widely-reported story broke about how Sarah Palin’s Yahoo! email account was broken into.
Contents of some of her email messages were then widely posted to various Internet websites.
Numerous reports indicate it was not hard to get into Palin’s email account; reportedly Palin’s email address was easily guessed, and it was easy for the hacker to answer the security question, “Where did you meet your husband” to then be able to change the password.
It also appears, based upon the email content posted, that Palin was using her Yahoo! account to perform Alaska state business.
The primary suspect for the email hack, David Kernell, was indicted by a federal grand jury yesterday.
Kernell is the son of Tennessee State Representative Mike Kernell.
“Kernell faces a maximum of five years in prison, a $250,000 fine and a three year term of supervised release.”
Kernell did appear, based on the information reported, to have violated numerous laws, possibly including:
- The Alaska law of Criminal Use of Computer (AS 11.46.740.)
- The Alaska law on Theft (AS 11.46.100.)
- U.S. federal law U.S.C. §2701, Unlawful Access to Stored Communications
- U.S. federal law § 1343, Fraud by Wire, Radio, or Television
- U.S. federal law 18 U.S.C. § 2511(1)(a), Intercepting a Communication
It is very disappointing to see that someone who is the governor of a state 1) had such poor security on her email account, and 2) was using her personal email account to perform business. Good leaders must demonstrate the proper actions to take in business, including appropriate information security and privacy practices.
Tags: awareness and training, email privacy, email security, hacker, Information Security, IT compliance, IT training, kernell, policies and procedures, privacy training, risk management, Sarah Palin, security training