Palin’s email debacle highlights security risks

Sarah Palin’s Yahoo email was hacked by a group calling itself “Anonymous”, which depending on your point of view, are either a group of “hacktivists” or self-righteous cyber-vigilantes with too much time on their hands. Her emails were posted on Wikileaks.

Naturally, there is outrage all around the Alaska statehouse at the intrusion, but that belies what should be the main focal point here: What on earth was Sarah Palin doing using a Yahoo address for state business? Were the security people up there all too busy shooting moose to advise the governor on basic security policy and compliance issues? Yes, Yahoo email can be hacked, and a lot easier than hacking properly archived email on a state server behind a firewall, which is where those emails should have been. The attackers more than likely used a simple brute force or a dictionary attack. Breaking into a free public email just isn’t that hard, and you don’t have to be a rocket scientist to do it. Even if you don’t know how, you can hire an underground hacker off the Internet to do it for you, for a surprisingly small fee.

There are two issues here; the first that email archives should be secure, and second, federal and state governments have to comply with certain public records regulations regarding transparency. An email, in the context of government operations, is an official record and has to be treated as such. Using personal email addresses for government business is an obvious way to try to circumvent that transparency.

Read the rest of this story

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies