By Farhad Manjoo
Sunday, September 21, 2008
Sometime last Tuesday, an unknown hacker gained access to firstname.lastname@example.org, an e-mail account that Gov. Sarah Palin has used for personal and possibly also state business in Alaska. The hacker posted the e-mail password to a section of 4Chan, a discussion site known as a haven for Web "trolls" -- deliberate online troublemakers. For a brief time, Palin was an open book. Readers of 4Chan trudged through her inbox, saving screen shots of her correspondence with friends and supporters, a list of her frequent contacts and pictures of her family. Then a good Samaritan reset Palin's password, triggering a Yahoo security measure that alerted Palin to the breach. Soon after, email@example.com and another account Palin has reportedly used to conduct official business -- firstname.lastname@example.org -- were deleted.
The gossipy Web site Gawker.com has posted a few screen shots of the messages found in Palin's account; they reveal nothing damaging about the governor, other than the fact that she has a penchant for typing in ALL CAPS when exercised. ("Does he want someone OPPOSED to the life issue in Congress?" Palin wrote to Lt. Gov. Sean Parnell.) Still, in a statement sent to reporters on Wednesday, the McCain campaign called the incident "a shocking invasion of the Governor's privacy and a violation of law."
In fact, if there's anything remotely shocking here, it probably has to do with Palin's e-mail habits. Why was she using Yahoo? Critics say that she was taking a page from former White House political mastermind Karl Rove, who cooked up the idea of using an off-site e-mail address to confound investigations of his Bush administration activities. (In 2007, the White House admitted that Rove and other officials had used Republican National Committee addresses for some of their correspondence; as a result, the White House said it couldn't track down a trove of e-mail messages requested by congressional investigators looking into those fishy U.S. attorney firings.)
Palin's e-mail policies do show a certain Rovian (or perhaps Cheneyesque) partiality for secrecy. The New York Times reported last Sunday that shortly after she took office, Palin's aides discussed the benefits of using private e-mail accounts, with one assistant noting that messages sent to Palin's BlackBerry "would be confidential and not subject to subpoena." In June, Andrée McLeod, a Republican activist in Alaska, filed a public-records request for copies of all e-mails sent between two of Palin's aides, Ivy Frye and Frank Bailey. (McLeod suspected the aides of various ethical violations.) Palin's office parted with four boxes of e-mail, but it refused to disclose more than 1,000 other messages, claiming executive privilege.
Rovian tactics aside, last week's hacking episode proves that it's rather boneheaded to put state business on Yahoo. True, all e-mail addresses are vulnerable to hacking. But Yahoo is a particularly big target. Lots of people spend a lot of time trying to crack Yahoo accounts. Do a quick search for "hack yahoo," and you'll be presented with myriad methods of attack.
When you forget your e-mail address, Yahoo asks you a "challenge question" to verify your identity before giving you your password. But because we know a great deal about Palin (her kids' names, her husband's favorite sport, her date of birth), the challenge question seems not to have been much of a challenge for the hacker. On a message board, the supposed culprit explained last week that he got into Palin's e-mail by guessing where she'd met her husband, Todd. He says that he typed in "Wasilla high" -- and was able to trick Yahoo into assigning the account a new password, "popcorn." This echoes the other major celebrity e-mail theft of recent memory: Paris Hilton's cell phone was successfully hacked because the thief knew that her pet Chihuahua is named Tinkerbell.
Palin probably won't be the last politician whose e-mail gets hacked. Until now, this has been rare, mainly because many big-time pols don't e-mail. Despite apparently having invented the BlackBerry (as a campaign aide suggested last week), John McCain abstains from e-mail, as does President Bush. Bill Clinton sent just two messages during his time in the White House (and one was a test e-mail).
But other politicians are addicted to e-mail: Barack Obama, Hillary Rodham Clinton, Mitt Romney and Al Gore are always on their BlackBerrys. The BlackBerry is known to be tough to hack; that is, it has shown no major tech vulnerabilities that would allow easy access to intruders. But keeping all devices safe from attackers takes work -- choosing strong passwords, changing them often, making sure you haven't left them lying around somewhere. Politicians are probably no better at that than you or I. And we know all their pets' names.
Farhad Manjoo is Slate's technology columnist.