Feeds

Palin email hacker asks judge for leniency

'Youth and emotional condition' cited

SANS - Survey on application security programs

The man convicted of breaching then vice presidential candidate Sarah Palin's Yahoo Mail account has asked a federal judge to spare him a prison sentence and instead put him on probation.

David C. Kernell's request for a downward departure comes six months after a federal jury found him guilty of felony obstruction of justice and a misdemeanor count of unauthorized access to a computer. The same jury acquitted Kernell on a felony charge of wire fraud and deadlocked on a charge of identity theft.

The conviction carries a maximum sentence of 20 years in prison and a $250,000 fine. Sentencing guidelines in the case recommend that Kernell receive 15 to 21 months in prison, and the government has asked for 18 months. Sentencing is scheduled for November 12.

In a memorandum filed on Tuesday, Kernell's attorneys argued that although their client deleted some computer files after accessing Palin's account, he should not go to prison because he allowed much of the data to be preserved.

“The proof showed that Mr. Kernell very quickly took actions that resulted in the evidence being preserved,” the document, filed on Tuesday in US District Court in Knoxville, stated. “When Mr. Kernel's impulsive conduct is balanced against the preservation of the computer, his conduct is mitigated in comparison with conduct covered by the obstruction guideline.”

The court memorandum went on to cite other considerations that called for a lighter sentence.

“Mr. Kernell's behavior was an aberration from his normal course of conduct,” the memorandum stated. “Mr. Kernell's youth and emotional condition justify a departure pursuant to” sentencing guidelines.

The conviction stems from the September 2008 breach of Palin's Yahoo Mail account and the posting of some of its contents to Wikileaks. A hacker who went by the moniker Rubico posted a first-person account that was ultimately traced to Kernell, who is the son of a Democratic state legislator.

Kernell accessed Palin’s Yahoo! email account by correctly answering her security questions after researching the answers online. He then reset the password and posted it on 4chan.org so other users could access the account.

In a sentencing memorandum filed on Wednesday, federal prosecutors outlined a series of steps Kernell took following the hack to cover his tracks. They included the deleting of images and emails he downloaded from Palin's account, the removal of temporary internet files, and running a disk defragmenter.

“As a result of these actions, when the defendant’s laptop is seized pursuant to a search warrant, a substantial amount of data was unrecoverable from the hard drive,” prosecutors wrote. “As shown at trial, in many instances, only partial images remained from the Governor’s account.” ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.