Post I.T. - Washington Post Technology Blog Frank Ahrens Sara Goo Sam Diaz Mike Musgrove Alan Sipress Yuki Noguchi Post I.T.
Tech Podcast
The Bloggers
Subscribe to this Blog

Gov. Palin's Alleged Hacker Indicted; Password Was 'Popcorn'

A 20-year-old student at the University of Tennessee has been indicted for breaking into one of the email accounts of Gov. Sarah Palin and then posting screenshots of personal information obtained there to a public Web-site.

David Kernell, the son of a Democratic state lawmaker, was led into a Knoxville federal court wearing handcuffs and shackles on his ankles today and was released without posting bond, according to the Associated Press.

According to the indictment, Kernell broke into the account,, by using Yahoo's password recovery tool. After researching and correctly answering a series of personal questions from Yahoo, Kernell was allowed to reset the password. He chose 'popcorn,' according to the indictment.

The personal information he discovered there included the email addresses of family members, pictures of family members and Gov. Palin's address book for her Yahoo email account. It was posted on

Learning of an investigation, Kernell "removed, altered, concealed and covered up files on his laptop computer," the indictment says.

Trial is set for Dec. 16. He faces a maximum of five years in prison, a $250,000 fine and three years of supervised release.

By Peter Whoriskey  |  October 8, 2008; 3:05 PM ET  | Category:  Peter Whoriskey
Previous: Fallout 3 Hits Metro Center | Next: FCC Wants to Know If Gov't Paid Military Officers To Sell War

Add Post I.T. to Your Site
Stay on top of the latest Post I.T. news! This easy-to-use widget is simple to add to your own Web site and will update every time there's a new installment of Post I.T.
Get This Widget >>

Blogs That Reference This Entry

TrackBack URL for this entry:


Please email us to report offensive comments.

I wonder, If the son of a GOP lawmaker had commited the same crime against Senator Obama, would the media be so quick to ignore it? Or would it be on every channel and every newspaper described as a right wing conspiracy?

Posted by: | October 8, 2008 3:41 PM

'Popcorn' is about all that keeps Sarah Palin's brain glued together. Using public email clients for State business, ouch.

David Kernell should get a medal. Sarah should have gotten a drubbing.

Posted by: TPS | October 8, 2008 3:43 PM

Perhaps Palin should count herself lucky for not coming under more scrutiny for using an unsecured email account for government business (that is also against the law)

Posted by: is a GOP Idiot Pawn | October 8, 2008 3:45 PM

Ridiculous. What legal recourse do I get when someone breaks into my yahoo mail account? I believe the legal advice to me would be, "Get another account and use a stronger password."

Posted by: Steve W. | October 8, 2008 3:47 PM

I wonder, If the son of a GOP lawmaker had commited the same crime against Senator Obama, would the media be so quick to ignore it? Or would it be on every channel and every newspaper described as a right wing conspiracy?


It wouldn't have been ignored. It would have been "spun", evidence planted, judges bought, and some innocent kid would be in jail right now after being labeled as the "white Al-Qaeda". Everyone knows how the GOP operates.

Posted by: Bob | October 8, 2008 3:48 PM

I hope the court goes easy on the kid, but he did break the law. Speaking of breaking the law, when will Palin be prosecuted for using an unsecured e-mail account to conduct official government business?

Posted by: ps99 | October 8, 2008 3:49 PM

The worst part about this is that Palin was using the Yahoo account as a way to get official business around the Freedom of Information Act. That's a much larger issue all together.

Posted by: Trashman | October 8, 2008 3:49 PM

It's Time to start putting IT/security people in jail! (I'm serious!!)
if almost any of "A 20-year-old student" can EZ-ly break security barriers.
It have to be some kind of Accountability
... or I asking for too much?!
I do NOT think it's right to do (breaking into someone email accounts),
But I also do NOT think it's right to dump ALL responsibilities from IT to the kids!!
(well, overgrown maybe, but still kids.)

Posted by: Vladimir Orlovsky | October 8, 2008 3:50 PM

This headline is misleading - it implies 'popcorn' was Palin's original password

Posted by: Ted | October 8, 2008 3:51 PM

The kid answered questions correctly! That's not hacking, that's 3rd grade skill-level!

If Palin gets justice for leaving her crap out in the open, why can't I get money from our Federal Government when someone reads a diary I leave out on a park bench???

If this kid gets in trouble I will be sooooo pissed.

Posted by: Jim Dean | October 8, 2008 3:54 PM

According to the statutes Kernell is charged under, the second party (he who changed the password to protect Palin from further email leaks) is just as guilty. He too "intentionally accessed a computer without authorization".

Posted by: Steve W. | October 8, 2008 3:55 PM

There are 587 headlines about this story,
explain how that constitutes being ignored.

Posted by: watcher | October 8, 2008 3:55 PM

Palin was not using the account for government business. He was hoping for something incriminating but could find nothing but family pictures and correspondence.

Also, Popcorn was not her password, it was what the hacker set it to upon entry into her account.

Posted by: Goliath | October 8, 2008 3:59 PM

Popcorn Kernell, get it?

Posted by: tee-hee | October 8, 2008 4:02 PM

At least Palin knows how to use email, even if it's the wrong one to use for official gov. business. I doubt McCain even knows how to do that (he admits his wife is who handles anything that has to do with a computer). If he remains in the technological past because he is scared of computers, how can we expect him to deal with the modern world and all the changes that it brings?

Posted by: elemental | October 8, 2008 4:05 PM

There was no government correspondence in Palin's Yahoo mail. The perpetrator, who CHANGED THE PASSWORD HIMSELF TO "POPCORN," even admitted online that he couldn't find any official business in the account. Then he realized what he had done and tried to cover it up ala Nixon. The idiot should know better than go swimming in shark-infested waters and I hope he and his liberal daddy pay a large fine.

Posted by: Vince | October 8, 2008 4:06 PM

There are many very innocent reasons why people use their personal email accounts to communicate "company" or "government" business. It does not mean she was trying to evade the Freedom of Information Act. And besides, there was nothing disclosed by this 3rd grade hacker that really constitues Government business. Palin was the injured party here, you libs just can't stand it.

Posted by: Merrell | October 8, 2008 4:08 PM

"popcorn" (not "Popcorn") is a standard password used on 4chan's random board (aka "/b"/). It's actually a reference to an SNL "swinger" skit where Tina Fey's "safe word" is popcorn.

just fyi...

ps - the headline is misleading, but I suspect it is intentionally so given the biased nature of this publication.

Posted by: rs | October 8, 2008 4:15 PM

elemental---McCain cannot use a keyboard for the same reason he cannot comb his hair---his arms and hand were repeatedly broken in VC captivity. Even Biden disavowed that ad. 3rd grade research, eh? This was a personal e-mail hacked for dirt by the son of a Democrat politician...but of course the Republican crime victim was the culpable one. Don't think for yourself, whatever you do.

Posted by: Uncle Bill | October 8, 2008 4:17 PM

Liberal Democrats claim to be "concerned" about our enemies' security when law inforcement might need to monitor emails but ignore it when they do the snooping. This "kid" needs to be prosecuted and sent to jail.

Posted by: ron | October 8, 2008 4:18 PM

IT Security cannot protect idiots such as yourself, Vlad, from doing stupid things.

Posted by: Anyone | October 8, 2008 4:22 PM

They should slice off his fingers one by one and rip out his ears, and,...............

Give him some community service time to reflect on what he did wrong.

Posted by: Olddog | October 8, 2008 4:23 PM

illegal is illegal and obviously he should be punished... probation seems simple enough for something like this.

as a "lib" I do LOVE the fact that it was sooo easily done. This shows you how naive Palin is, that she would choose quetions that are easy for anyone to guess. Anyone of us could have hacked her email if we really wanted to, this kid thought of it first.

Posted by: Josqueline | October 8, 2008 4:24 PM

What the guy did was wrong, but I have a couple friends who had their emails broken into by people at school. Take a guess at what kind of legal recourse happened? It wasn't 5 years and $250K, thats for sure. There should be some sort of consequence, but it shouldn't be much more than a slap on the wrist. If it was a government email, then we could talk about a more serious punishment, but not for breaking into a email.

I also understand that private information was disclosed as well, and that needs to be a seperate charge. I don't think putting some emails on a couple forums deserves much more than a thousand bucks or so, though. Also, the pictures are perfectly fine to post around so long as they do not show the individuals in a way that degrades them.

Posted by: Jason | October 8, 2008 4:25 PM

There are no innocent reasons why people use their personal email accounts to communicate "government" business, doing that is simply illegal. And for those of you claiming that there were no government documents in her yahoo account. Fail, there were and here are a couple examples. Please quit trying to reinvent the truth.

Some emails exposed were “Draft letter to Governor Schwarzenegger / Container Tax,”“FW: Motor Fuel Tax Suspension,” and “FW: CONFIDENTIAL Ethics Matter.”

Posted by: a guy | October 8, 2008 4:28 PM

Yeah, nothing like good 'ol law inforcement. Learn to spell, ron, or get outa the gene pool.

Posted by: CantripGhost | October 8, 2008 4:28 PM

Why did it take over 50 posts before somone actually went and looked up some of the exposed emails (still on the web)? kudos, a guy, for actually doing research.

Posted by: CantripGhost | October 8, 2008 4:31 PM

Come on, are people so eager to knock others down that they miss the point here. Gov. Palin used her title for her personal email account. SHAME ON DAVID FOR HACKING INTO ANYONE'S EMAIL.
We will never get good people running for office if we do not draw lines somewhere.This a violation of our rights; hers yesterday, mine today and yours tomorrow.Must we all live in fear of unethical people?

Posted by: Lalita | October 8, 2008 4:34 PM

the funny thing is, the feds stated that they had already hacked another of her emails to search for evidence of any wrongdoing. So I guess the kid is a criminal because he wasn't a fed or his hacking was not for the same reason????

Posted by: jpd | October 8, 2008 4:36 PM

Has anyone actually read this article?? It says that the information found in the email account was PERSONAL - family photos, personal emails, etc. Where does it state anywhere that Palin used this account for government purposes? Why wouldn't she have an Yahoo account for personal use? Why don't you look at the facts before making judgments - as usual.

Posted by: Michael | October 8, 2008 4:38 PM

Let the Gov. hang the bastard and set an example for all hackers.

Posted by: Lynn | October 8, 2008 4:40 PM

@Lynn-Let the Gov. hang the bastard and set an example for all hackers
Do you have teeth missing? Put your shoes back on and quit making babies.

Posted by: Anonymous | October 8, 2008 4:43 PM

Classic example of how the United States has two justice systems, one for high profile / rich persons, and another for the rest of us.

Had someone broken into MY yahoo email account, they would not be led in handcuffs into a courtroom. They likely wouldn't even be charged.

But will this kid be put in jail, where he will more than likely be raped over and over, because he decided to use Yahoo's password recovery feature on Mrs. Palin's account? You betcha!

Posted by: A Canadian | October 8, 2008 4:44 PM

@ A Canadian

"Classic example of how the United States has two justice systems, one for high profile / rich persons, and another for the rest of us."

Obviously, you are not one of the rest of us.

Posted by: Jason | October 8, 2008 4:52 PM

A few people did this to me in high school. Can anyone explain why they were not arrested?

And why are yahoo's "hacking" instructions on their log in page? Shouldn't they and the media channels that divulged private information also be held accountable?

Posted by: fred | October 8, 2008 4:55 PM

@ A Canadian

"But will this kid be put in jail, where he will more than likely be raped over and over,..."

Then he will never forget what lands him in jail. A good lesson indeed.

Posted by: Tom | October 8, 2008 5:08 PM

I work as a Network/Security Administrator for an Insurance firm. Yes what he did was illegal its written in the law but people all the time get there personal e-mail accounts hacked and no law enforcement is ever involved. The only reason the FBI was involved was because she is Governor of Alaska, and is the current nomination for VP. The methods he used are trivial to do and just about anyone can do it. And a lot of malicious hackers do. So don't use your dog's name or where you meet your significant other as your secret question. And if you want a story of someone where they were hacked but nothing was done read this blog post from a Security Professional who was broke into. Guess what they still have not found the hacker that did it.

Posted by: robby | October 8, 2008 5:23 PM

He did the country a service in my opinion. NO official government business should be conducted over such a public service! Sarah Palin, the Bush administration, and others feel like it's a good idea because it can help them if they are prosecuted, but why on earth should they need that protection!?! Government emails should be stored on government servers where the are backed up (looking at you Bush), and secure.

If this a normal citizens email address this would be a different matter but as it stands he should be thanked and Palin should be in his current position for putting potentially sensitive material in such an unsafe place.

Posted by: Daniel | October 8, 2008 5:51 PM

can we has 4chan story nao plox.

Posted by: anonymous | October 8, 2008 7:11 PM

The fact that every story mentions the fact that his father is a Democratic lawmaker is not only irrelevant, but misleading.

As someone who is reasonably familiar with 4chan culture (the place to which the email screencaps were posted), he was most likely motivated by "lulz," not politics.

Lulz is the term they use to describe why they pull their various pranks, and it essentially describes their sense of amusement. This is not even the most vicious prank that folks who post their have perpetrated.

Posted by: cathl | October 8, 2008 8:11 PM

so far sarin palin was given credit for going to combat in kuwait when there is no combat in kuwait, her and the first dude have questionable amounts on not filing the correct amount of taxes so therefor undermining their own son going to war.

add that to avoiding being responsible for email as an elected governor by having civilian accounts, is this shackled down kid far more an example than say her or ted stevens?

also when the bush administration "lost" their emails was that not yet another violation of the law that 8 years of the bush administration has brought us?

Posted by: dawg | October 8, 2008 9:27 PM

4chan helped David break Sarah's toys = lulz + 5 years

Posted by: longcat | October 9, 2008 12:23 AM

Even though the article says it was only personal, that is a lie. If you actually look up the articles when it happened and see the screen shots he took, there is obviously state business in those emails. It was not strictly personal at all.

Posted by: jason | October 9, 2008 9:03 AM

I don't condone hacking into anyones email accounts. But Caribou Barbi should not have put state business on a personal email account. Was she trying to circumvent the legality of disclosure by putting information in a personal account? Time will tell...

Posted by: John | October 9, 2008 9:56 AM

The following link you can find ALL the emails and screenshots and Gov Palins address book !

Posted by: Big-T0nY - | October 9, 2008 11:00 AM

Wonder How secure our email accounts are

Posted by: akay | October 11, 2008 2:18 AM

It will be interesting to see how Palins treatment for misusing the property of the State of Alaska differs from that of the naughty boy who read some mail not addressed to him.

"was led into a Knoxville federal court wearing handcuffs and shackes"
To which one does the above apply? ;-)

Posted by: Anonymous | October 11, 2008 12:31 PM

My parents' email account at AOL was phished last month, along with their Amex data, when my 77-year-old mom innocently believed she had to give AOL all that information (mother's maiden name, account number, etc.) A week later Amex called my dad and said they wanted to make sure he really did spend $14,000 at a Best Buy in Virginia.

My father said that the police said they had terrorists to catch, so don't hold your breath on them catching the phisher. I'm sure there's an Al-Qaeda den in Vero Beach.

My parents are McCain supporters, incidentally. They are glad that Palin's hacker is being punished. To me, though, it all seems a bit inequitable. Oh, well.

Posted by: Susan | October 12, 2008 3:09 PM

The comments to this entry are closed.


© 2009 The Washington Post Company