/b/een found guilty April 30, 2010 2:38 PM   Subscribe

Update: David Kernell--the student who broke into Sarah Palin's e-mail account--has been found guilty.
posted by mattdidthat to MetaFilter-Related at 2:38 PM (56 comments total)

This post was deleted for the following reason: Poster's Request -- frimble



just you
posted by found missing at 2:43 PM on April 30, 2010 [1 favorite]


Free Kernell sounds like a Linux promo.
posted by klangklangston at 2:44 PM on April 30, 2010 [10 favorites]


kernel--also makes you think of "popcorn", which apparently was her password.
posted by found missing at 2:46 PM on April 30, 2010


Is it just me, or is "obstruction of justice" (felony, up to 20 years) a catch-all charged used to screw people who've committed minor crimes in the U.S.?

"Obstruction of justice" is the law against covering up your crimes. Sometimes it is easier to prove you tried to hide the evidence than to prove that you did the crime. In this case he tried to wipe the computer clean after he realized what he did.
posted by smackfu at 2:53 PM on April 30, 2010


Well, that's the tricky bit. The other two charges (wire fraud and identity theft) are surely not misdemeanors.
posted by smackfu at 3:02 PM on April 30, 2010


This is an obstruction of MetaTalk.
posted by gman at 3:05 PM on April 30, 2010 [6 favorites]


I feel like Congress is really bad at framing computer crimes. Stealing someone's email should probably be criminal, but "identity theft"? And then the guy who was convicted of "denial of service" for refusing to turn over user passwords to his boss?
posted by grobstein at 3:14 PM on April 30, 2010 [3 favorites]


In this case he tried to wipe the computer clean after he realized what he did.

Idiot. First, assuming you're going to do something as likely to land you in the shit as this, you do it from an internet cafe or something and you pay cash. Second, if that was too much trouble for you and you did it from your own hardware, you don't "wipe the computer clean". You take out the hard drive and RAM, dissasemble them, crush the pieces with a sledgehammer, soak the crushed pieces in bleach or something for a while, and then dump the crushed, soaked, mini-pieces in the middle of a landfill while no one is watching.
posted by Justinian at 3:33 PM on April 30, 2010 [24 favorites]


Shoot, I forgot a vital step; report the computer stolen ASAP.
posted by Justinian at 3:37 PM on April 30, 2010


So did his wipe prove ineffective? Or did they get evidence from somewhere between his machine and Palin's? I have not been following this much.
posted by Danf at 3:37 PM on April 30, 2010


Danf, he was pretty naive in the way he went about disseminating the information. He put it up on 4chan and elsewhere from his own computer, routing his web requests through just a single U.S. domestic proxy server to obfuscate things. And the screenshots he posted showed enough of the unique URLs that were generated during his use of the proxy that when the owner of said proxy service was induced (or subpoena'ed) to review his logs, he was able to tie those URLs back to the originating IP. From there, all the FBI had to do was get the broadband subscriber info associated with the originating IP address, and the guy was toast. I'd imagine it took them all of a day or two to find him.
posted by killdevil at 3:47 PM on April 30, 2010


Wow, justinian is like the computer scarabic.
posted by FelliniBlank at 3:54 PM on April 30, 2010 [33 favorites]


Obstruction of justice? But he violated her freedom of speech!

Somehow.

I mean, that's the usual catchall, isn't it?
posted by jabberjaw at 4:03 PM on April 30, 2010


do nothing more than try to get rid of the evidence, you've suddenly committed a huge crime, and that seems really disproportionate

this is actually interesting, and I have another of my dumb questions for you folks--in the US, how far does your right to not incriminate yourself go? Does that just apply to questioning in court, or are you required to provide self-incriminating evidence sometimes? So beyond the crime in breaking into someone else's email account, he gets in trouble for clearing his own hard drive whose content could incriminate himself or something? Is he obligated to leave it as-is after committing the crime?

I'm probably looking at this all wrong. It's Friday and I'm an hour from going home, it happens.
posted by Kirk Grim at 4:08 PM on April 30, 2010 [1 favorite]


This is just like that movie Hackers!
posted by Artw at 4:09 PM on April 30, 2010


Except with less 19 year old Angelina Jolie?
posted by Justinian at 4:14 PM on April 30, 2010


NICE UPDATE THANKS
But your tags and your category do not correlate.
posted by carsonb at 4:14 PM on April 30, 2010


do nothing more than try to get rid of the evidence, you've suddenly committed a huge crime, and that seems really disproportionate

this is actually interesting, and I have another of my dumb questions for you folks--in the US, how far does your right to not incriminate yourself go? Does that just apply to questioning in court, or are you required to provide self-incriminating evidence sometimes? So beyond the crime in breaking into someone else's email account, he gets in trouble for clearing his own hard drive whose content could incriminate himself or something? Is he obligated to leave it as-is after committing the crime?

I'm probably looking at this all wrong. It's Friday and I'm an hour from going home, it happens.


Basically, you can't be compelled to speak against yourself. You can be compelled to produce any physical evidence, and things that you've already said may be evidence against you as well.

The "self-incrimination" rule doesn't protect the contents of your hard drive, your files, or your body for that matter. It's really only about preventing inquisitorial proceedings by courts and law enforcement.
posted by grobstein at 4:15 PM on April 30, 2010


I loved the expert on Fox News explaining this awhile back...

"So tell us, how could something like this happen? How was this guy able to gain such high level access to the account of a well known political figure and do this kind of HACKING?"

"Well...(sheepish look) Yahoo has a password recovery system where you can set up personal questions so that if you forget your password, you can answer these questions and have the password sent to you. In this case, the Hacker used what's known as a 'Google query' to find those answers, such as Mrs Palin's current zip code, and the town in which she met her spouse."

wooo, that's some high level haX0r right there, yo.
posted by First Post at 4:18 PM on April 30, 2010 [14 favorites]


It's always seemed grossly unfair to me that we can be punished for failing to adhere to a body of rules that require professional training to fully understand.
posted by chrismear at 4:25 PM on April 30, 2010 [13 favorites]


You take out the hard drive and RAM, dissasemble them, crush the pieces with a sledgehammer, soak the crushed pieces in bleach or something for a while, and then dump the crushed, soaked, mini-pieces in the middle of a landfill while no one is watching.

A charcoal barbecue + hair dryer will turn the pieces into a nice puddle of metal.
posted by Tenuki at 4:27 PM on April 30, 2010


He read through Sarah Palin's emails. A bunch of them.

Is that not enough punishment?
posted by Hardcore Poser at 4:31 PM on April 30, 2010 [12 favorites]


Idiot. First, assuming you're going to do something as likely to land you in the shit as this, you do it from an internet cafe or something and you pay cash.

In any built-up area where there's an internet cafe there is likely to be a security camera in relatively close proximity. My plan would be:

(1) Purchase older-model laptop via eBay. Purchase older-model brand X wireless PC card on eBay too; plan to use it instead of the built-in wireless hardware, whose MAC address might otherwise expose aspects of the computer's provenance to investigators. Prepare a bootable Ubuntu Linux CD or DVD to boot from.

(2) Drive to a suburban area near a large city about 4 hours from where you live. Drive around until you find an area of high-density apartments or townhouses and plenty of unobtrusive street parking. Park.

(3) Fire up the laptop, configure Firefox to access the Web via an anonymous proxy server in a developing central or southeast Asian country (there are lots). Now, connect to one of the open wireless access points that's sure to be visible. Next, load up a second anonymizing Web-level proxy in your browser window, preferably located in a different developing country. Now you're behind a chain of two proxy servers (the first being HTTP-level and set via Firefox prefs, the second being Web-level). I suppose you could add a couple more Web-level proxies to the chain if you didn't mind the glacial load times.

(4) Visit a free Russian webmail provider and register a new account.

(5) Email material to Wikileaks. Immediately shut down the laptop, take out the battery, drive home.

(6) Take the laptop completely apart. Mix the now unrecognizable bits and pieces into several bags of kitchen garbage, nonchalantly put the bags out for residential trash pickup, and you're done.
posted by killdevil at 4:48 PM on April 30, 2010 [48 favorites]


Justinian writes "Idiot. First, assuming you're going to do something as likely to land you in the shit as this, you do it from an internet cafe or something and you pay cash."

This is the first problem. I bet he was just goofing around without any serious intent and boom ACCESS GRANTED.

Justinian writes "Second, if that was too much trouble for you and you did it from your own hardware, you don't 'wipe the computer clean'. You take out the hard drive and RAM, dissasemble them, crush the pieces with a sledgehammer, soak the crushed pieces in bleach or something for a while, and then dump the crushed, soaked, mini-pieces in the middle of a landfill while no one is watching."

This is way too complicated. RAM doesn't need to be removed in practically all cases. Just grind the hard drive up with a bench or angle grinder and then flush the dust. Wouldn't take more than couple minutes and god himself couldn't recover that data. Considering all the press data recovered of of discarded hard drives is getting you wouldn't have much trouble with plausible deny ability. I bet you could even find a government recommendation along those lines for disposing of equipment.

Though Tenuki's method does have a certain Red Greenishness to recommend it.
posted by Mitheral at 4:48 PM on April 30, 2010


So did his wipe prove ineffective?

Well, he didn't actually get around to reformatting the drive. According to the FBI, he cleared the browser history, uninstalled some stuff, and ran a "free disk space" wiper. And discussed it with a friend, which was a bad idea too.

Funny thing was that apparently he had some malware that was logging all his web access, that the forensic guy found. Oops.
posted by smackfu at 4:51 PM on April 30, 2010 [1 favorite]


wooo, that's some high level haX0r right there, yo.

It's actually about the most common way of breaking into a system, and one of its main exponents is none other than uber-hacker Kevin Mitnick.

Falling under the general umbrella of "social engineering", you can get into a frightening proportion of accounts just by finding out a user's favourite sporting team or the name of their pet, for example.

Why bother with tricky technical hacking when it's often so easy just to find out somebody's password, or the answer to their secret question?
posted by UbuRoivas at 5:02 PM on April 30, 2010


(6) Take the laptop completely apart and use an ordinary power drill to drill right through the hard drive a few times. Mix the now unrecognizable bits and pieces into several bags of kitchen garbage, nonchalantly put the bags out for residential trash pickup, and you're done.
posted by UbuRoivas at 5:05 PM on April 30, 2010


[King Roland has given in to Dark Helmet's threats, and is telling him the combination to the "air shield"]
Roland: One.
Dark Helmet: One.
Colonel Sandurz: One.
Roland: Two.
Dark Helmet: Two.
Colonel Sandurz: Two.
Roland: Three.
Dark Helmet: Three.
Colonel Sandurz: Three.
Roland: Four.
Dark Helmet: Four.
Colonel Sandurz: Four.
Roland: Five.
Dark Helmet: Five.
Colonel Sandurz: Five.
Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

Later

President Skroob: Did it work? Where's the king?
Dark Helmet: It worked, sir. We have the combination.
President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?
Colonel Sandurz: 1-2-3-4-5
President Skroob: 1-2-3-4-5?
Colonel Sandurz: Yes!
President Skroob: That's amazing. I've got the same combination on my luggage.
Dark Helmet, Colonel Sandurz: [looks at each other]
posted by nevercalm at 5:13 PM on April 30, 2010 [3 favorites]


(6) Take the laptop completely apart and use an ordinary power drill to drill right through the hard drive a few times. Mix the now unrecognizable bits and pieces into several bags of kitchen garbage, nonchalantly put the bags out for residential trash pickup, and you're done.

Ahh, but you're forgetting that we booted up the thing using an Ubuntu boot CD, and never touched the hard drive. If ever recovered, it will be discovered to contain nothing but the previous owner's wierd animal porn.
posted by killdevil at 5:29 PM on April 30, 2010 [1 favorite]


Why bother with tricky technical hacking when it's often so easy just to find out somebody's password, or the answer to their secret question?

That's what makes all these how-to-dispose-of-a-body-srsly type comments sorta funny tho (as well as the whole "criminal mastermind" angle the news seems to be taking with the whole thing). Even in using basic social engineering methodology, most such people wouldn't then be like "hey 4chan, woo lookit what I found!"
posted by First Post at 6:04 PM on April 30, 2010


He forget to get behind 7 proxies.
posted by Tenuki at 6:04 PM on April 30, 2010 [2 favorites]


Is it just me, or is "obstruction of justice" (felony, up to 20 years) a catch-all charged used to screw people who've committed minor crimes in the U.S.?

At that point the question becomes not what the charges are but how good of an attorney can you afford.
posted by crapmatic at 6:08 PM on April 30, 2010 [1 favorite]


In any built-up area where there's an internet cafe there is likely to be a security camera in relatively close proximity.

Sure, but that doesn't matter for a case like this. All nearby security cameras could do is identify a large group of people who were near the location where the "hacking" occured at the time it occured. But so what if you're in that group?

You wouldn't want to plan your evil hidden backpack nuking of a major city this way because there would be other evidence which your presence on security cameras near the cafe might lead the authorities to and they would never, ever stop looking until they caught you. And you might get disappeared to Guantanamo or something even on flimsy evidence. But unless you are a moron who goes around posting your exploits to /b/ and such (like the perp in question) there is no other evidence of what occurred in a relatively simple and minor crime like in we have here. The crime is begun, committed, and completed entirely at the computer in the internet cafe with no evidence of any sort located elsewhere for the authorities to find elsewhere.

But, hey, to be extra safe you could wear a trivial "disguise" like a baseball cap, (realistic) wig, and sunglasses. I think that's more likely to draw attention than anything else.

Just grind the hard drive up with a bench or angle grinder and then flush the dust.

That would do it. Of course if you're using your own computer or using a computer in a location that can be tied to you in a direct manner (your home, office, or Starbucks you frequent daily) then you're already doing it wrong.
posted by Justinian at 6:49 PM on April 30, 2010


Brought to you by the Department of Redundancy Department.
posted by Justinian at 6:51 PM on April 30, 2010 [2 favorites]


Or you can just download Tor Browser Bundle and not resort to this CIA stuff.
posted by geoff. at 7:03 PM on April 30, 2010


It's always seemed grossly unfair to me that we can be punished for failing to adhere to a body of rules that require professional training to fully understand.

It doesn't take a professional to know that logging into a computer system without permission is a crime.

Is it just me, or is "obstruction of justice" (felony, up to 20 years) a catch-all charged used to screw people who've committed minor crimes in the U.S.?

A functional justice system is important for a free and fair and just society. Obstructing that is bad.
posted by gjc at 7:11 PM on April 30, 2010


Funny thing was that apparently he had some malware that was logging all his web access, that the forensic guy found. Oops.

That's fucking hilarious.

Why bother with tricky technical hacking when it's often so easy just to find out somebody's password, or the answer to their secret question?

This is going to sound like asshole bragging, but I bring it up only for purpose of illustration: I used to work for a major multinational corporation. One that you've heard of. One that, if you're in the US, there's a fair chance you've owed money to. They had a technologically airtight web monitoring system that was unspeakably Puritanical. Even technical resources we wanted to help do our jobs were blocked.

I had an SSH tunnel through it in 48 hours, using two phone calls and an email.
posted by middleclasstool at 9:10 PM on April 30, 2010 [2 favorites]


Nuke the laptop from orbit, just to be sure.
posted by hellojed at 9:16 PM on April 30, 2010


While I know that the intrusions happened in different countries, it really frustrated me to witness how the majority of US media handled the Palin mail hack vs. the eMail communication exposed from within the University of East Anglia's Climactic Research Unit, which spawned the so-called "Climategate".

If a crime occurs, it should be reported, and treated, as such. While there is definitely a grey zone - the Pentagon Papers and Watergate break-in come to mind - making political hay out of information exposed by a crime is venal.
posted by Bora Horza Gobuchul at 9:34 PM on April 30, 2010 [1 favorite]


I'm actually surprised that unlawfully accessing computers is only a misdemeanor under Federal law.
posted by C17H19NO3 at 10:14 PM on April 30, 2010


Actually, it can be a felony, depending on what you do, but I was under the impression that it was a felony all around.
posted by C17H19NO3 at 10:14 PM on April 30, 2010


I know what obstruction of justice is, my point is that if you commit a relatively minor crime and then do nothing more than try to get rid of the evidence, you've suddenly committed a huge crime, and that seems really disproportionate.

That's a feature, not a bug. Just like trying to bribe a judge to get off a traffic ticket will get you in way more trouble than the ticket ever would.
posted by rodgerd at 12:58 AM on May 1, 2010


I know now exactly what to do to my machine when I embark on a life of high-stakes Professor Moriarty levels of crime!

Thanks, Metafilter! Now my reign of terror will be unstoppable! I'd probably be better suited to said life if I weren't the kind of person wracked with guilt even over owing library fines, but that will not stop me from pretending to be an uberhacker!

Of course, you could also just steal someone's iPhone from a bar, could you not? You could do it from that, then drop the iPhone from a distance of two inches which would completely destroy it, if the iPhone is anything like my iPod.
posted by winna at 6:47 AM on May 1, 2010


(1) Purchase older-model laptop via eBay. Purchase older-model brand X wireless PC card on eBay too; plan to use it instead of the built-in wireless hardware, whose MAC address might otherwise expose aspects of the computer's provenance to investigators. Prepare a bootable Ubuntu Linux CD or DVD to boot from.

For something really dangerous, like leaking that Pentagon video, I'd probably go ahead and do everything you suggest. But for something on the Palin-email-hackery level, even trashing the wireless card is probably over-paranoid, as long as you changed the MAC address before connecting. (most of the older cards can have their MACs changed; most of the newer ones can't. If you can't change the MAC, trash the card.)

If you aren't very, very careful, using an open residential AP can put some nice upstanding citizen through months of absolute hell, up to and including jail time. If you know a business with an open AP without video surveillance, that would be a better choice.

Oh, also: don't bring your cell phone with you, and don't buy anything at the business in question on the same day that you release the data. I don't know how long the GPS records can be tracked, but you want to avoid leaving any record that you were in the area.

Oh, and finally: never use the same AP twice for this kind of thing.
posted by Malor at 7:26 AM on May 1, 2010 [1 favorite]


While there is definitely a grey zone - the Pentagon Papers and Watergate break-in come to mind - making political hay out of information exposed by a crime is venal.

Watergate is a gray area?
posted by electroboy at 7:34 AM on May 1, 2010 [1 favorite]




Hmm... I used to have my computer (running linux, obviously) choose a new random mac address (of computer-type) every time it started its networking system (so every time it booted). This happened on a software level; does the new hardware prevent this sort of thing?
posted by kaibutsu at 8:10 AM on May 1, 2010


hm, just when we manage to squelch the gaga along comes palin.
posted by infini at 9:06 AM on May 1, 2010


Watergate is a gray area?


*controls self, with discipline*
posted by infini at 9:06 AM on May 1, 2010


Or you can just download Tor Browser Bundle and not resort to this CIA stuff.

Where computer security is concerned, I generally follow Warren Buffett's sage advice: do not invest in anything you do not fully understand.
posted by killdevil at 12:57 PM on May 1, 2010 [1 favorite]


but wait, this *is* the gray!
posted by infini at 3:41 PM on May 1, 2010


Kennedy was shot right in the gray area, so I see your point.
posted by Mister_A at 5:37 PM on May 1, 2010


and yet McCain is still a free man after unleashing this shrew. where's the justice?
posted by TrialByMedia at 10:53 AM on May 2, 2010


killdevil, you'll need to come with us.
posted by Danf at 8:11 AM on May 3, 2010


I would feel a little better about this as an example of the proper functioning of our legal system if it didn't seem as though law enforcement has no resources whatsoever allocated to investigate crimes of this nature whose victims are just normal people rather than celebrities. Even much more serious computer crimes than email snooping (such as identity fraud and malware distribution) are completely deprioritized.

So when gjc says, "A functional justice system is important for a free and fair and just society. Obstructing that is bad." I wonder how functional this system is.
posted by doteatop at 3:57 PM on May 3, 2010


Is it just me, or is "obstruction of justice" (felony, up to 20 years) a catch-all charged used to screw people who've committed minor crimes in the U.S.?

It appears to be just one of many ways to punish someone more than an honest reading of the law would allow. See also drug users being charged with and convicted of "intent to distribute" even in the total absence of evidence of any such intent, solely based on the amount of drug seized, even if the user can credibly claim or even prove that they personally used that amount regularly.
posted by callmejay at 7:14 AM on May 5, 2010


« Older Meetup in Raleigh/Durham, NC?   |   You didn't really want to eat a home cooked meal... Newer »

This thread has been archived and is closed to new comments