Application security, Breach, Data Security, Malware, Network Security

Hacker answered personal questions to steal Palin password

The hacker who broke into GOP vice presidential candidate Sarah Palin's email correctly answered a few personal questions about the Alaska governor to gain access to her Yahoo email account, according to a first-person account posted to an internet forum.

The account, which has since been removed from the 4chan forum but posted elsewhere on the internet, said the hacker -- identified by the handle "Rubico" -- was able to force Yahoo to reveal Palin's password by claiming to have forgotten it.

To retrieve the password, Yahoo required that the hacker provide Palin's birthday and zip code, both of which were easily obtainable through Wikipedia and a Google search, the account said.

Yahoo also asked the hacker -- reportedly part of a group called Anonymous -- to answer a so-called secret question: Where did Palin meet her spouse? The hacker said this required a more time-consuming Google search.

"I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high," the hacker wrote on Wednesday. ”I promptly changed the password to 'popcorn' and took a cold shower..."

The FBI and Secret Service are investigating, and, according to reports, are working with the provider of a web proxy service, Ctunnel, which the hacker used to help hide the intrusion. The company bills itself as a way for users to evade internet filtering controls.

Meanwhile, cybercriminals are trying to cash in on the hacking incident, Ian Amit, director of security research at Aladdin Knowledge Systems, told on Thursday.

Researchers at the Israel-based firm have detected at least one instance in which a search for screenshots of Palin's personal emails could result in users' machines getting slammed with a trojan.

In a forum post on one of the sites returned through a Google search, someone claimed to have a screenshot of the hacked account, but it was actually a .zip file that contained a trojan.

If users are vulnerable to either a recently patched QuickTime or Windows Media vulnerability and they try to open the file, their machine likely would be infected, Amit said. The malware also contains a fake anti-virus application that could be "activated" if the user pays a certain amount of money.

"It's a classic example of user-generated content that is very hard to vet and to scrutinize," he said.

Amit said criminals are using popular search terms to target users, much like web advertisers do.

"It's just an indication that the criminals are using the same practices as any big legitimate business would do," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.