Definition of Hacking
Right now thousands of headlines are blaring “Sarah Palin’s email HACKED.” Just like with aviation stories, the terms used are grossly exaggerated or just plain wrong. The most commonly used or overheard words are headlined as fact, in a mad rush to break the story. Speaking of juicy stories, Bristol Palin’s voicemail is also on the Gawker site.
Reading the comments on the Anchorage Daily News article I spotted this insightful comment by Mark, (comment 94 at 5:25pm,) describing how this really may not be hacking, and some good reasons to refrain from using personal email for business purposes.
This, frankly, is not hacking in the true, high-tech sense. It’s child’s play. I say this as a system administrator, who has seen this technique commonly used by young teens to hijack other teen’s weblogs, gaming accounts, and the like.
There are settings in Yahoo! and other services that let you secure your email account at a higher level, but if you don’t have this set up and don’t routinely use highly secure, complex, unguessable passwords (using no words, and a combination of upper and lowercase letters, and numbers) you can exploit someone’s email, and use that exploit to exploit their online banking, online stock trading, or any other online account that uses that email address for “forgotten password” notifications. You can literally change their passwords, lock them out of their online accounts, and drain their entire life savings!
Frankly, it’s grossly irresponsible to use such an account for official state business! Gov. Palin should consider herself lucky that the hackers weren’t malicious… or worse yet, from a foriegn intelligence agency! If these kids can hack her Yahoo account, it is entirely possible that online intelligence agents from other countries could do so, and may even have already done so without alerting Palin to their handiwork, as these hackers did. They literally could read every piece of email that comes across her desk, and use those emails and a bit of research to determine the online accounts of other state and Federal politicians and hack into them in the same easy manner! The governor may have already compromised dozens of online accounts belonging to people throughout the U.S. government, and once you know a person’s common login and/or password, you can easily exploit those accounts, including logging in to any private state and federal sites they might have access to! The potential security implications are enormous, as are the implications for other abuses such as using the contents of government emails for insider trading, etc.
That’s why there’s a strong need to stay on government-owned domains, ideally run by a competent systems admininstrator who will put proper security procedures in place, require long, secure passwords that are routinely changed, etc.
Wow – Maybe I’ll take back my post bashing newspaper comments...