Monday morning, the FBI closed in on one of the greatest criminal masterminds of the 21st century - Josh Holly. What was Holly’s great crime? Breaking into pop starlet Miley Cyrus’s email account and distributing risque pictures that were found in the sent items section.
The news comes not long after it was discovered that the son of Democratic Tennessee State Representative Mike Kernell, David Kernell, hacked into Vice Presidential Republican nominee Sarah Palin’s email in an effort to find incriminating documents and expose them to the world.
The two cases don’t have too much in common other than the fact that they’re two examples of high-profile email hackings… or do they?
Wired’s Threat Level has been covering the story as it developed and summarizes the method that Holly used to gain access to Miley’s GMail account thusly:
Holly told Threat Level he stole about a dozen Cyrus pictures but only published the most provocative ones. He said he got access to Cyrus’s Gmail account after obtaining unauthorized access to a MySpace administrative panel where he found passwords for MySpace accounts stored in cleartext. He found the password Cyrus used for her MySpace account — Loco92 — and tried it on a Gmail account Cyrus was known to use. The password worked on that account as well, but only for a couple of weeks before it was changed.
Conversely, Sarah Palin’s Yahoo mail account was compromised by David Kernell’s “brute force” attempts of simply guessing the challenge questions, and was then served up an interface to reset the password from the web interface.
So far, the similarities are only on the surface. Sure, I suppose there could be an interesting case made that web-based mail products are inherently insecure or some such nonsense, or the need to properly utilize and organize your passwords so they can be less easily hacked.
What’s more interesting is a point I saw brought up by Mike Massnick last week with regard to the Sarah Palin incident, and it could have direct bearing on this case as well:
“…Orrin Kerr suggests the entire indictment is legally flawed. Specifically, the statute used, claims that the intrusion is only a felony if used to further a criminal activity. ”
“As Kerr notes, it’s not clear what criminal activity was “furthered” by hacking into the email — unless you read the whole thing recursively, such that the act itself is illegal, and thus doing it is furthering that illegal act. But, obviously, that’s legally problematic. So once again, it looks like a situation where plenty of people believe that the act was illegal (very reasonably so, I might argue), but the feds are having trouble finding a law that actually makes it illegal. ”
The question then becomes whether it’s open season on high profile emails. Generally, I’m against the legislature coming in and making laws against things online, but it seems a fairly simple task to say “Hey, email hacking? Yeah, that’s illegal now.”
There are laws against interfering with the delivery of the US Postal Service, so most of us simply assume that those laws would similarly apply to emails, but it appears that isn’t exactly the case. Beyond the legal assumption, it seems common sense that we should have a reasonable expectation of privacy with our email accounts, doesn’t it?
Related Articles at Mashable | All That's New on the Web:
Miley Cyrus and Her Social Media Save
7 Resources for Learning More About Republican VP Candidate Sarah Palin
7 More Facts about Sarah Palin
T-Pain Launches Online-Only Record Label
Never Mind Swiftboating How About SwiftGoogling
Miley’s MySpace: A Wake-Up Call for Parents?
PicApp Makes it Easy to Legally Blog the Latest Britney and Lindsay Pictures