Sarah Palin’s Yahoo email was hacked by a group calling itself “Anonymous”, which depending on your point of view, are either a group of “hacktivists” or self-righteous cyber-vigilantes with too much time on their hands. Her emails were posted on Wikileaks.
Naturally, there is outrage all around the Alaska statehouse at the intrusion, but that belies what should be the main focal point here: What on earth was Sarah Palin doing using a Yahoo address for state business? Were the security people up there all too busy shooting moose to advise the governor on basic security policy and compliance issues? Yes, Yahoo email can be hacked, and a lot easier than hacking properly archived email on a state server behind a firewall, which is where those emails should have been. The attackers more than likely used a simple brute force or a dictionary attack. Breaking into a free public email just isn’t that hard, and you don’t have to be a rocket scientist to do it. Even if you don’t know how, you can hire an underground hacker off the Internet to do it for you, for a surprisingly small fee.
There are two issues here; the first that email archives should be secure, and second, federal and state governments have to comply with certain public records regulations regarding transparency. An email, in the context of government operations, is an official record and has to be treated as such. Using personal email addresses for government business is an obvious way to try to circumvent that transparency.
Getting email hacked on a private corporate or government account is still possible, but less likely, especially if proper procedures are adhered to. This is certainly a major lesson for all corporate and government users, to make sure that employees are not using free public email systems (or free public IM systems either, for that matter). Although the free systems do allow you to save old emails, that’s just not proper archiving in anybody’s book. When users use these free public emails for business, your company could be in violation of one or more regulations, and you could also be putting company information at risk of loss or theft.
Politics aside, the fact of the matter is, the hack was a violation of privacy and a violation of law. But while we can point our fingers at the vigilantes who did the hacking, we must also place blame on Gov. Palin for using sloppy email protocols and bypassing the state’s official email system.