The 20-year-old son of a Tennessee state Democratic representative plead not guilty Wednesday after being indicted for purportedly hacking into an e-mail account belonging to Republican vice-presidential nominee Sarah Palin.
David Kernell, the son of Rep. Mike Kernell of Memphis, turned himself in Wednesday and appeared before U.S. Magistrate Judge C. Clifford Shirley, according to local media reports.
He was released on bond, and a trial date was set for Dec. 16. If convicted, he faces a maximum five years in prison and a fine up to $250,000.
The Justice Department said a federal grand jury had indicted David Kernell on Tuesday on a single count of “intentionally accessing without authorization” Mrs. Palin’s e-mail account, after her address was revealed in news reports.
The case highlights a situation where laws forbid officials from using government resources, including e-mail, for political purposes, but security vulnerabilities dog the use of personal accounts, such as Mrs. Palin’s Yahoo account.
The indictment says that “on or about Sept. 16,” David Kernell “gained unauthorized access to the e-mail account … by resetting the password … Specifically, he reset the password to ‘popcorn’ by researching and correctly answering a series of personal security questions.”
The security questions, a feature common to most free Internet e-mail services, are designed to help those who have forgotten their password and do not have access to an alternative e-mail account to which a special password reset code can be sent.
For Yahoo accounts such as Mrs. Palin’s, the questions are date of birth, ZIP code and one other security question settable by the account holder. In Mrs. Palin’s case this was “Where did you meet your spouse?” according to an account of the hack that was posted — along with screen shots, personal photos and other details from the account — on the Internet, purportedly by David Kernell.
“It took seriously 45 mins on Wikipedia and Google to find the info,” says the posting. “Birthday? Fifteen seconds on Wikipedia; zip code? Well she had always been from Wasilla, and it only has 2 zip codes (thanks online postal service!)”
The “where did you meet your spouse?” question was “somewhat harder,” says the posting. “I found out later through more research that they met at high school, so I did variations of that, high, high school, [and] eventually hit on ‘Wasilla High.’ I promptly changed the password to ‘popcorn’ and took a cold shower …”
Although the screen shots that the indictment says David Kernell posted on the Web show he was using a special anonymizing Internet service to access Mrs. Palin’s e-mail, the account of the hack was posted under an online nickname, or handle, that he had used elsewhere and could be associated with his e-mail address.
“Note to criminals,” wrote one commentator on tech news and commentary Web site Slashdot, after bloggers had linked the handle with David Kernell’s e-mail address, “If you want to get away with something, don’t brag about how you did it!”
Mrs. Palin’s personal address was revealed in news accounts after government transparency campaigners in Alaska sued for e-mail records of her aides and found that they were communicating with the governor via her Yahoo account, rather than her official state one, according to the Anchorage Daily News.
It is common for certain senior officials in the U.S. government to maintain nongovernemental e-mail accounts, because a federal law called the Hatch Act prohibits the use of government resources for any political activities.