[author: Michele Bowman]
The U.S. Supreme Court on Oct. 1 declined to review the felony criminal conviction of the son of a Democratic Tennessee state legislator who hacked into the email account of 2008 Republican vice presidential candidate Sarah Palin and posted her emails and login information on the Internet.
David Kernell served a year and a day in federal prison in Kentucky and is currently on probation. Kernell’s case was “honored” on Oct. 3 as the biggest controversy in the history of 4chan, the website where he posted Palin’s information, according to one news source.
Password Recovery Feature Used
Kernell was an economics student at the University of Kentucky in 2008, when Sarah Palin was running for vice president with Republican John McCain. (David’s father is Mike Kernell, who has represented Shelby County, Tenn., where Memphis is located, for the last 38 years.)
A savvy online user of 4chan, an Internet message board known for its subversive content, Kernell hacked into Palin’s Yahoo! email account, using the site’s password recovery feature. He then posted the password to her account, as well as screenshots of her emails, to the site (and to Wikileaks.org).
4chan is perhaps best known for launching now well-known Internet memes like lolcats (as on this site) and Rickrolling. One million posts a day address topics from video games and technology to adult content labeled “NSFW” (not safe for work) on the site.
But savvy on 4chan does not necessarily translate to savvy in the real world, and Kernell also made the mistake of commenting online that he was afraid the FBI would investigate. He then tried to delete all the evidence, trashing his temporary Internet files, removing his browser, and defragmenting his hard drive, according to a news source that covers cybercrime.
But the FBI did in fact investigate, and they found a post he’d made to 4chan bragging about his hack.
SOX Hammer Brought Down
That last move was what ultimately resulted in a criminal conviction for the felony of destroying records in contemplation of an investigation, in violation of the Sarbanes-Oxley Act (known as SOX) – a federal law passed in 2002 in response to accounting scandals at major corporations such as Enron and WorldCom. Under SOX, top brass at publicly traded companies must certify the accuracy of financial information the company makes public.
Another lesser-known provision of the law is quite broad and has reportedly been used to snare several cyber criminals, including a woman who destroyed her boyfriend’s child porn CD collection, a man who destroyed a hard drive when he found out federal agents wanted to talk to him, and a man who deleted child pornography from a flash drive as police approached his home.
What makes Kernell’s case different though – and, according to his lawyers, worthy of the Supreme Court’s attention – is that in each of those cases, the defendants knew an investigation was actually happening.
Appealing his conviction under SOX section 1519 for “anticipatory obstruction of justice,” Kernell argued to the 6th U.S. Circuit Court of Appeals that the provision is unconstitutionally vague and could not be used to convict someone for obstructing an investigation that had not yet begun.
But a panel of the 6th Circuit said that because Kernell acknowledged online that he anticipated an investigation, his conviction would stand. And now that the Supreme Court has supported their decision by denying certiorari (refusing to hear the case).
Kernell’s case serves as a serious lesson for hackers who think taunting the FBI online is worth a laugh. It’s also apparently worth some time in federal prison.
Do you think David Kernell deserved to spend a year in prison for hacking Palin’s email account?
Photo credit: David Kernell, courtesy of Memphis Flyer.