Updated on Wednesday, Oct. 8 at 3:11 p.m. EST
A 20-year-old University of Tennessee student was indicted Tuesday on charges he broke into Republican vice presidential candidate Sarah Palin’s email account — and then publicly posted some of the contents — without permission.
David Kernell, 20, of Knoxville, Tenn., is accused of exploiting Yahoo’s password recovery tool to crack the password for Palin’s account, the U.S. Department of Justice said Wednesday. He also tried to hide his tracks by enlisting the help of a web proxy service.
According to the indictment, Kernell — who used the online alias “rubico” and “rubico10” — reset the password to “popcorn” by correctly answering a number of personal questions that Palin had created to recover her password should she forget it.
These included her birthday, zip code and where she met her husband, Todd. Kernell, in a personal account he posted to an internet forum, said he used simple Google searches to determine the responses.
Authorities said Kernell, once he reset the password, accessed the account, where he read the contents — which included photos and contact information — and made screenshots of a number of emails. He posted several of the messages to whistleblower website Wikileaks, which were picked up by several other news sources.
Kernell also posted the new password to the 4chan forum, authorities said. At least one other person used the code to access Palin’s account.
If convicted, Kernell, the son of Democratic Tennessee state Rep. Mike Kernell, faces up to five years in prison and a $250,000 fine. The elder Kernell has said he had no involvement in the incident, according to published reports.
No trial date was scheduled.
Kernell’s attorney did not immediately respond to a request from SCMagazineUS.com for comment.
Kelley Benander, a Yahoo spokeswoman, declined to comment on the case. Asked by SCMagazineUS.com whether Yahoo has made any changes to its password recovery service since the Palin incident, she said the company is continually working to enhance security processes.