University of Tennessee Student Implicated in Palin Email Hack

Bob Preston
KNOXVILLE, Tenn. — The FBI is investigating the son of a Tennessee state representative in connection with the hack of one of GOP vice-presidential candidate Sarah Palin's email accounts.

University of Tennessee student David Kernell was served with a federal search warrant at his apartment in Knoxville, Tenn.

Kernell is the son of Tennessee state representative Mike Kernell, D-Memphis.

Two unidentified sources divulged this information to Knoxville NBC affiliate WBIR TV. A Department of Justice official confirmed that the FBI is in town and investigating, but she wouldn't confirm that any search warrants had been issued or who is under investigation.

Rumors had been circulating online about a Tennessee student being involved in the hack, but official word only broke this morning.

Some online reports suggested that Kernell's roommates fled the scene with federal officials arrived. The roommates have received subpoenas and are set to testify in Chattanooga, Tenn., this week.

Kernell himself has not been charged. A grand jury is reportedly set to convene tomorrow.

Gov. Palin, R-Alaska, had one of her Yahoo accounts hacked last week when a user on the rowdy Internet message board 4Chan.org contacted Yahoo and reset her password by answering a few simple security questions.

The hacker later returned to 4Chan.org to boast of his exploits, calling himself "Rubico." Online reports converged around Kernell, whose father has confirmed that he is being investigated.

The incident has raised questions about online security. Roger A. Grimes, a security expert who writes for InfoWorld.com, said that no amount of good programming can make up for lousy security questions.

"If your password reset feature is weak (and most are), then the security of your account has nothing to do with anything else besides those few questions," he said.

"It doesn't matter how good the vendor's other security features are, it doesn't matter how long and complex your password is, it doesn't matter how secure their coding is and whether they use SDL programming,” Grimes added. “All that matters is how common the questions and answers are.

Related: