Sometime on Tuesday, an unknown hacker gained access to firstname.lastname@example.org, an e-mail account that Sarah Palin has used for personal and possibly also state business in Alaska. The hacker posted the e-mail password to the /b/ group of 4Chan, a discussion site known as a haven for Web “trolls,” and for a brief while, Palin was an open book. 4Chan readers trudged through her inbox, saving screen shots of her correspondence with friends and supporters, a list of her frequent contacts, and pictures of her family. Then, a good Samaritan reset Palin’s password, triggering a Yahoo security measure that alerted Palin to the breach. Soon after, email@example.com and another account Palin has reportedly used to conduct official business—firstname.lastname@example.org—were deleted from Yahoo.
Gawker has posted a few screen shots of the messages found in Palin’s account; they reveal nothing damaging about Palin, other than that she has a penchant for typing in ALL CAPS when exercised. (“Does he want someone OPPOSED to the life issue in Congress?” Palin wrote to Lieutenant Gov. Sean Parnell.) In a statement sent to reporters on Wednesday, the McCain campaign called the incident “a shocking invasion of the Governor’s privacy and a violation of law.”
The Yahoo breach does raise a few questions about Palin’s e-mail habits. Why was she using Yahoo? Critics say she was taking a page from Karl Rove, who cooked up the idea of using an off-site e-mail address to confound investigations of his activities in the Bush administration. (In 2007, the White House admitted that Rove and other officials used Republican National Committee addresses for some of their correspondence; as a result, the White House said it couldn’t track down a trove of e-mail messages requested by congressional investigators looking into those fishy U.S. attorney firings.)
Palin’s e-mail policies do show a certain Rovian or perhaps Cheney-esque partiality for secrecy. The New York Times reported Sunday that shortly after she took office, Palin’s aides discussed the benefits of using private e-mail accounts, with one assistant noting that messages sent to Palin’s BlackBerry “would be confidential and not subject to subpoena.” In June, Andrée McLeod, a Republican activist in Alaska, filed a public-records request for copies of all e-mails sent between two of Palin’s aides, Ivy Frye and Frank Bailey. (McLeod had suspected the aides of various ethical violations.) Palin’s office parted with four boxes of e-mail, but it refused to disclose more than 1,000 other messages, claiming executive privilege.
Rovian tactics aside, Wednesday’s hacking episode proves that it’s rather boneheaded to put state business on Yahoo. True, all e-mail addresses are vulnerable to hacking. But Yahoo is a big target—lots of people spend a lot of time trying to crack Yahoo accounts. Do a quick search for “hack yahoo,” and you’ll be presented with myriad methods of attack. Alaska’s private e-mail system probably does not include a “Did you forget your password?” function. Yahoo, of course, does—and that function presents a key method of entry for hackers. The forgotten-password system is all the more vulnerable for addresses belonging to public figures like Palin. When you forget your e-mail address, Yahoo asks you a “challenge question” to verify your identity before giving you your password; because we know a great deal about Palin (her kids’ names, her husband’s favorite sport, her date of birth), the challenge question might not have been much of a challenge for the hacker. Indeed, that was the case in the other celebrity e-mail theft of recent memory: Paris Hilton’s cell phone was hacked because the thief knew that her pet Chihuahua was named Tinkerbell.
Palin likely won’t be the last politician whose e-mail gets hacked. Until now, this has been rare mainly because big-time pols don’t e-mail—despite inventing the BlackBerry, McCain abstains from e-mail, as do George W. Bush and Bill Clinton, who sent just two messages during his time in the White House (and one was a test e-mail).
But other politicians are addicted to e-mail: Barack Obama, Hillary Clinton, Mitt Romney, and Al Gore are always on their BlackBerrys. The BlackBerry is known to be tough to hack; that is, it’s shown no major tech vulnerabilities that would allow easy access by intruders. But keeping all devices safe from attackers takes work—choosing strong passwords, changing them often, making sure you haven’t left them lying around somewhere. Politicians are probably no better at that than you or I. And we know all their pets’ names.