Sarah Palin’s email hacker sentenced to 366 days in custody

Graham Cluley
Graham Cluley
@[email protected]

David Kernell
The student who broke into Sarah Palin’s personal Yahoo email account, as she was running her campaign to become the US Vice President, has been sentenced to a year and one day in custody.

In September 2008, David C Kernell, who went by the internet handle of “Rubico”, posted examples of Palin’s private emails, addresses of her contacts, and family photos on Wikileaks, and bragged that hacking into the vice-presidential candidate’s Yahoo account was child’s play.

Sarah Palin email

Sarah Palin left her Yahoo account vulnerable to attack because she choose to make her “secret questions” her date of birth, her postal code, and information about where she met her husband – all information which David Kernell was able to glean quickly by using Google and Wikipedia.

Sign up to our free newsletter.
Security news, advice, and tips.

How Sarah Palin's email address was hacked

Palin went on to claim that the email hack paralysed her campaign to become the USA’s first female vice president.

Furthermore, Bristol Palin – the daughter of the former Alaskan governor – testified that she was harassed as a result of the security breach.

Kernell, the son of state democratic representative Mike Kernell, could have potentially faced up to 20 years in prison for the obstruction of justice conviction – brought about because he deleted evidence from his hard drive – and an additional year for the unauthorised access to Palin’s account.

Here’s a video I made at the time of the incident, showing how both Paris Hilton and Sarah Palin have been caught out by choosing naive answers to “secret questions”:


David Kernell, meanwhile, will have plenty of time to think about his actions – 366 days, in fact, which he will need to serve in either a federal prison or a halfway house.

With luck, others will learn something from this story and realise that hacking into the email accounts of others is never acceptable.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.