USA

A small lesson in internet security, by Sarah Palin

The police have arrested the student suspected of hacking into Sarah Palin's inbox on 16 September. Our Observer, an internet security expert, explains why you should be wary of webmail. Read more...

Advertising

The police have arrested the student suspected of hacking into Sarah Palin's inbox on 16 September. Our Observer, an internet security expert, explains why you should be wary of webmail.

The mails that were published online didn't reveal anything particularly sensitive, but the politician has been strongly criticised for having used her personal email for professional subjects, risking the disclosure of state secrets. As a governor, she has a secure ".gov" email address which she can check at any time, for example using a Blackberry. But she preferred to secure her messages her own way, not wanting them to remain on the government servers, according to The New York Times.

On Sunday, the FBI arrested a suspect. And the hacker, student David Kernell, just so happens to be the son of a Democratic deputy in Tennessee. Agents found him bragging, under a penname, on a discussion forum. Not such an IT genius then - how did he manage to hack Sarah Palin's Yahoo account?

"You can protect yourself against most attacks by using two simple techniques"

Dmitri Vitaliev is an expert in IT security. He wrote the online manual "Digital Security and Privacy for Human Rights Defenders".

There are two very easy ways to hack into a webmail account. The first, which is probably what they used to hack Palin's Yahoo account, is to simply guess the answers to the questions asked when you've forgotten your password. Typical questions are things like your favourite colour or the name of your pet. If someone gives this information, which is generally public when it comes to political figures, it's then possible to change the password.

The second tactic, which doesn't take much technical competence either, is to directly access the person's computer. Most people save their passwords on their navigator, thinking they're the only user.

These are the most simple and commonly used ways. But there are also more sophisticated techniques. For example, you can send an email to the person you're trying to spy on, which contains a virus that then sends back information from their computer, including their emails. Another way, if you're well connected or have the means, is to ask someone at Yahoo (or whichever internet service provider), to tap a person's connection. These are just the most popular techniques; there are others.

You can protect yourself against most attacks by using two simple techniques - firstly, never save your passwords onto your navigator. And to protect yourself from viruses, never open an attachment unless you're sure of what it is. For more detailed advice, see my guide."