September 18, 2008

We Can't Have Nice Things - Hacking Palin Follow-Up

Trivia - lolcats and the rickroll were started at 4-chan. Michele Malkin didn't quite know what 4-chan was, or what /b/ was, or who Anonymous was, so she blamed Gawker, who were only posting the stuff. (Not to say that no one at Gawker is also anonymous - lots of people are.) Someone very kind has taken the time to explain it all, straight from the horse's mouth, and now he's going to have to kill all of you. "I missed the original incident, but monitored the discussion and repostings afterward to see what I could learn about what had happened and who was responsible. There are several misconceptions and errors in most accounts of this story, including your post. Most significantly, the perpetrator(s) were not members of an infamous group of hackers. I don’t blame you for misunderstanding this, because in all the media coverage regarding the war with Scientology the media has completely failed to explain what Anonymous is. Anonymous is not exactly a group. It is people using the umbrella of a web discussion board for cover to be as offensive, funny, strange, or whatever as they want. Here’s the short version: there is a site called 4chan.org. It is an image posting site based on a popular Japanese site. The site contains multiple boards, each of which is dedicated to a particular subject. The most notorious of these boards is called /b/. /b/ is the board dedicated to random images. /b/tards, as its denizens are called, are interested only in their own amusement. Their sense of humor runs the gamut from sick to cruel to merely strange. Lolcats, as made famous by http://www.icanhascheezburger.com, originated on /b/. A lot of memes start there. There is a lot of racist humor — pictures of excited and happy black people in proximity to fried chicken abound. There is a lot of pornography. Sometimes it’s child pornography, although posting that is moderator grounds for banning — no, it’s not a pedophile ring; /b/tards post it because they think doing so is funny. 4chan does not log participants. Most people don’t use or have usernames, and post instead as “Anonymous.” And every so often, a number of /b/’s anonymous denizens decide to make somebody’s life hell. Sometimes it’s a random person who offends /b/’s sense of propriety. Sometimes it’s a forum dedicated to a serious topic. Sometimes it’s Scientology. And Tuesday, it was Sarah Palin. Or it would have been. Sarah Palin’s email account was hacked by one person. Not a group. This person read her emails, then posted the username and password on /b/. This happened at about 4 in the morning on Tuesday. The idea was that the sea of Anonymous /b/tards would download the emails, upload porn, and cause all manner of mischief. Anonymous is not a group of hackers. Anonymous is more like gremlins. They are hyperactive adolescents in search of amusement and joy, which they often get by upsetting people and making messes. That’s what was happening here. Anonymous did not hack the account. A hacker tried to throw Sarah Palin to Anonymous. Not all of Anonymous was having it. One person threw a crowbar in the works. Other /b/tards were displeased to miss a chance at the lulz. The moderators stepped in. The thread was deleted. Later, other individuals created threads reposting screencaps of emails and the inbox, and put together a collection of these files. All mentions of these were purged by the moderators. So then some bright /b/tards decided to email what little stuff they had to the media. That’s pretty much it. This afternoon, in a thread that was later deleted, an individual claiming to be the original poster gave his account of what happened. I’ve attached screencaps. Here’s the text. The original poster used the name “rubico.” The linked email address for the poster was rubico10@yahoo.com. This is what rubico said: rubico 09/17/08(Wed)12:57:22 No.85782652 Hello, /b/ as many of you might already know, last night sarah palin’s yahoo was “hacked” and caps were posted on /b/, i am the lurker who did it, and i would like to tell the story. In the past couple days news had come to light about palin using a yahoo mail account, it was in news stories and such, a thread was started full of newfags trying to do something that would not get this off the ground, for the next 2 hours the acct was locked from password recovery presumably from all this bullshit spamming. after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!) the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs. I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower… >> rubico 09/17/08(Wed)12:58:04 No.85782727 this is all verifiable if some anal /b/tard wants to think Im a troll, and there isn’t any hard proof to the contrary, but anyone who had followed the thread from the beginning to the 404 will know I probably am not, the picture I posted this topic with is the same one as the original thread. I read though the emails… ALL OF THEM… before I posted, and what I concluded was anticlimactic, there was nothing there, nothing incriminating, nothing that would derail her campaign as I had hoped, all I saw was personal stuff, some clerical stuff from when she was governor…. And pictures of her family I then started a topic on /b/, peeps asked for pics or gtfo and I obliged, then it started to get big Earlier it was just some prank to me, I really wanted to get something incriminating which I was sure there would be, just like all of you anon out there that you think there was some missed opportunity of glory, well there WAS NOTHING, I read everything, every little blackberry confirmation… all the pictures, and there was nothing, and it finally set in, THIS internet was serious business, yes I was behind a proxy, only one, if this shit ever got to the FBI I was fucked, I panicked, i still wanted the stuff out there but I didn’t know how to rapidshit all that stuff, so I posted the pass on /b/, and then promptly deleted everything, and unplugged my internet and just sat there in a comatose state Then the white knight fucker came along, and did it in for everyone, I trusted /b/ with that email password, I had gotten done what I could do well, then passed the torch , all to be let down by the douchebaggery, good job /b/, this is why we cant have nice things ________________________________________ The “white knight fucker” was the /b/tard who thought that going through Sarah Palin’s email wasn’t cool. He logged in, changed the password, and sent an email to a friend of Palin’s warning her and letting her know the new password. Unfortunately, he then posted a screenshot of this email to let the other /b/tards know their fun was over. He failed to blank the password, and they all tried to log in and change the password — which tripped the automated Yahoo! freeze. Since then, the account has been deleted. “Rapidshit” refers to rapidshare.com — i.e., rubico wanted to download the emails, put them into one file, and put that file up on rapidshare for /b/tards and the world at large to download. But he panicked, or didn’t know how to download the emails, and so pawned that task off on Anonymous, which he didn’t realize wasn’t monolithic and in his favor. As Paul Harvey would say, “And now you know…. the rest of the story.”" So. There it is. And now you must die. Either that or /b/'s going to order you a buttload of pizza and then laugh at you at Encyclopaedia Dramatica. One or the other. Scuttlebutt is that Rubico was a Democrat Congressman's son. I don't know yet.

5 comments:

AnnieMcPhee said...

So if someone breaks and enters your house, it's still breaking and entering whether they bust out a window or take a key from under the mat and open the door. Which is the real world equivalent of this hacking. Or of taping the doors open in the Watergate Hotel so they could get in later. So if they catch Rubico will he still go to jail for hacking? Even though he didn't break anything?

vesta44 said...

I don't remember if the government has gotten around to making hacking a crime, but if they have, yeah, he can go to jail if they ever figure out who he is. And even though he was behind a proxy server, another hacker could find him easily enough.
What I want to know, though, is why the fuck a governor would use Yahoo email for governmental business when Yahoo is notorious for being so easily hacked. Why the hell did she not use the official governmental email, which is way more secure? Is she that fucking stupid about internet security and secure passwords? Did no one ever tell her that you should NEVER use personally identifiable information as a password? Or did she just not give a rat's ass that she could have been putting government business out there for the whole damned world to see? She's just lucky she didn't have anything incriminating on there.

vesta44 said...

Forgot to add that I've been online for 10 years, and that was one of the first lessons I learned, the hard way> A friend showed me how easy it was to figure out my password, so now I use nonsense letters/numbers in random order for passwords, and write them down on a piece of paper I keep hidden. It's an easy enough mistake to make if you haven't been online very long, but I know when I had to log onto the internet at a couple of jobs I had, we were given instructions on how to create passwords that were difficult to figure out so that hackers couldn't get into company computers through our passwords.

AnnieMcPhee said...

Because she wasn't using it for business; as he said, the only things on there were personal emails, pictures, and some purely clerical stuff (filing instructions, for example.) No government business. So I'm not really seeing any stupid here. Except of course, using her high school and a date as the password when you're a VP candidate and Alinski disciples are on the loose as well as internet snoops. But again, there was nothing damaging in the whole account and nothing that shouldn't have been on a personal account, so there's not much harm done. Except that it's scary, of course. And that the perp could go to jail.

And this is supposedly why Presidents and Vice Presidents don't use email for business or personal. Too insecure. Which all begs the question of which way the left wants it - do they want someone who doesn't use the internet (like McCain, who they've been railing on for the same reason, even though there's no reason to) or someone who does (Palin.) Can't have it both ways.

Anonymous said...

Wow! That was quite illuminating. Thanks for pointing me here, AC.

BTW, I enjoyed the previous financial blog, too.

*waves*

ilja