First, some brief background on me:
I have two bachelors degrees in Computer Science and Information Systems. I was in IT for about six years before moving into IT management (totally different world!) and for much of my college career was deeply fascinated by hackers, hacking, and all that other immature pointless crap.
Hacking has two motives. First is underground corporate warfare. Until recently, the most damaging computer worms and virii ever to spread through the internet were originally designed specifically to attack another corporation's network, exploit known vulnerabilities, and dash consumer confidence in a bid to wipe out the competition. Second, and this is much more common, is what is commonly known as increasing the size of your "E-Peen". Basically, bragging rights and being funny.
Now that we have that out of the way, I want to definitively tell you that while the motivation to get into Sarah Palin's email account fell into the latter category, it does not fit what we commonly define as a hack. Then I'll tell you what it says about her and the campaign.
Calling what happened to her Yahoo! email account a hack is like calling some guy walking into your open front door breaking and entering. It would be like calling someone who jumped out of a moving car the fastest man on earth. It was not a hack, it was the exploitation of a careless person.
I could have "hacked" Sarah Palin's email account.
Here's the details. Every free "consumer level" (yahoo, hotmail, aol) email account has a password recovery feature, except gmail, which has a far superior method. Password recovery simply asks you those generic questions you've filled in a hundred times- your favorite pet, the street you grew up on, etc. If you didn't know the details of this before now and are putting two and two together here- yes, your disgust is valid.
Googling is not a hack. All the "hacker" had to do was google basic information about Sarah Palin- her zipcode in Wasila (there are only two zipcodes in Alaska) and where she met Todd Palin. A couple more google searches led him to the answer- Wasila High School. Good times.
We've established that anyone with a little motivation and the idea to do so could have socially engineered this exploit. Now, let's think about what this means.
It was widely known, and controversial, that she even had this email account in the first place. Speculation was brewing that she was using it for official state business to get around any kind of oversight and stay under the radar. That largely turned out to be false- the kid who got into the account admitted he was rifling around for incriminating emails but found none. So, here is the question: You mean to tell me that during the vetting process, during the post-selection hype, during the period of microscopic analysis everyone was heaping on her, even after the email scandal emerged nobody in that campaign thought to make sure that account was secure? Not to mention anyone in the Alaska state government or her cabinet?
It absolutely blows my mind that a campaign of hundreds of expert politicians with secret service oversight, with undoubtedly a small army of IT professionals, web developers, and consultants let that just breeze right over. Or even if someone did point it out, it never got fixed. It is something I would absolutely get fired from my job for.
These people have no idea what they are doing.
I don't expect either Sarah Palin or John McCain to be tech savvy (although you do NOT have to be a pro to know this stuff), but I expect a certain level of professionalism and foresight in a campaign of hundreds. Haven't they seen what happens to celebs and public officials when they aren't careful with their technology? (See: Paris Hilton phone hack) John McCain is going to pick his cabinet largely from the people helping him in his campaign, just like any good old boy.
But, clearly they haven't a clue.
Heckuva job.
No comments:
Post a Comment