Sarah Palin’s email hacker is imprisoned, against judge’s recommendation

David KernellIt was a computer security story that made headlines around the world, involving the private emails of a woman who could have become Vice President of the United States. And now, it’s ended with a young man sent to a federal prison, hundreds of miles from his family home.

David C Kernell, the hacker who broke into Sarah Palin’s personal Yahoo email account, is reported to have been sent to jail despite a judge’s recommendation that he should not be put behind bars.

In September 2008, Kernell, who went by the internet handle of “Rubico”, posted Palin’s private emails, her online address book, and family photos on Wikileaks, and bragged that hacking into the vice-presidential candidate’s Yahoo account had been child’s play.

Sarah Palin's email

Sign up to our free newsletter.
Security news, advice, and tips.

When Kernell was sentenced last November, Judge Thomas Phillips said that the the son of state democratic representative Mike Kernell should serve his 366 day punishment at a halfway house, describing it as “a sufficient restriction of the defendant’s liberty”.

BBC News, however, reports that US government officials have intervened, and Kernell has begun serving time at federal correctional institute in Ashland, Kentucky.

That’s an institution that’s nearly 300 miles away from his family home in Knoxville, Tennessee.

It’s a pretty miserable end to a story that has run since the height of Palin’s ultimately unsuccessful campaign to become US Vice President. I’m not saying that what Kernell did was right, or that it’s excusable – but it’s always sad to hear about a young man being punished so severely for his naive antics when there are so many organised, financially-motivated cybercriminals at large.

Palin went on to claim to the court that the email hack paralysed her campaign to become the USA’s first female vice president.

Furthermore, Bristol Palin – the daughter of the former Alaskan governor – testified that she was harassed as a result of the security breach.

Sarah Palin’s private communications had been exposed because of her lax attitude to securing her email account (a problem she shares with Paris Hilton, as demonstrated in the video below, which I made at the time of the email breach).

[youtube=http://www.youtube.com/watch?v=Wn70NWTIvI8&w=500&h=311&rel=0]

Palin’s mistake was to choose a very dumb (and easy-to-guess) password reminder. That’s a faux pas that many have made in the past, making it easier for hackers to break into systems.

Make sure you don’t make the same mistakes as David Kernell and Sarah Palin. Don’t access computers and accounts that don’t belong to you, and show greater care over your online security.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.