Sarah Palin hacker suspect had spyware-infected PC

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

The 21-year-old student accused of hacking into Vice Presidential hopeful Sarah Palin’s Yahoo account was working on a spyware-infected computer, according to his legal team.

David Kernell was mid-way through a student party in September 2008, when the FBI swooped on his apartment in the city of Knoxville, Tennessee. The son of state democratic representative Mike Kernell, and student at the University of Tennessee, had been identified on the internet as being linked to a hack on Sarah Palin’s [email protected] email account, which saw examples of her emails, addresses of her contacts, and family photos posted on Wikileaks.

An email from Sarah Palin's Yahoo account

Sarah Palin recently claimed that the hack disrupted the ultimately unsuccessful Republican Presidential campaign.

Sign up to our free newsletter.
Security news, advice, and tips.

Now it is reported that defence attorneys claim that Kernell’s Acer laptop had been itself compromised by hackers.

“The program, which was installed by an unknown method before the computer ever came into Mr. Kernell’s possession, uses sophisticated technology to record and report personal information without the user’s knowledge,” his attorneys stated, in a motion filed on 30 November.

Details of precisely which piece of malware is claimed to have been found on the laptop has not been revealed, but it certainly raises some interesting questions.

After all, if Kernell was able to prove that a remote hacker had interfered with – and possibly had control over – his PC, then would it be too much of a stretch to argue that there is reasonable doubt that it was actually him who broke into Sarah Palin’s Yahoo account?

After all, anything that Kernell could have typed on his laptop keyboard could just as easily have been done by a remote hacker via malware and would look no different to the outside world.

I have no insight into whether this is a line of defence that Kernell’s legal team might choose to take, but we have certainly other examples of alleged hackers playing the card of “I was hacked myself”.

For instance, in 2003, teenager hacker Aaron Caffrey walked free from court after being cleared of trying to bring down the Port of Houston in Texas by hacking into its computer systems. Caffrey, who admitted being a member of a group called Allied Haxor Elite, claimed that unidentified hackers broke into his computer and launched the attack script against the port. The jury chose to accept Caffrey’s story, even though prosecution expert witnesses could find no evidence that his computer had ever been broken into.

Kernell’s trial is set to begin on 20th April 2010.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.