[ISN] Memo to US Secret Service: Net proxy may pinpoint Palin email hackers

From: InfoSec News <alerts_at_private>
Date: Thu, 18 Sep 2008 03:40:09 -0500 (CDT)
http://www.theregister.co.uk/2008/09/18/palin_email_investigation/

By Dan Goodin in San Francisco 
The Register
18th September 2008

Memo to law enforcement investigators tracking down who broke into Sarah 
Palin's Yahoo email account: Gabriel Ramuglia might be a good place to 
start.

The 25-year-old webmaster and entrepreneur is the operator of 
Ctunnel.com, the browsing proxy service used by the group that hacked 
into the vice presidential candidate's personal email account and 
exposed its contents to the world. While he has yet to examine his logs, 
he says there's a good chance they will lead to those responsible, 
thanks to some carelessness on their part.

"Usually, this sort of thing would be hard to track down because it's 
Yahoo email, and a lot of people use my service for that," he told El 
Reg in a phone interview. "Since they were dumb enough to post a full 
screenshot that showed most of the [Ctunnel.com] URL, I should be able 
to find that in my log."

Ramuglia got into the proxy business a few years ago, after schools 
began blocking access to an online game site he used to co-own. Pretty 
soon, people began using the proxy service to access YouTube, Gmail, 
MySpace, and dozens of other sites that are routinely blocked by IT 
departments.

To prevent abuse of the service - such as the occasional bomb threat or 
other illegal act that's been known to happen - Ramuglia logs each 
user's IP address, along with the time and web destination. That often 
isn't enough to track down people who access extremely popular websites. 
But in this case, the perpetrators included a whole string of 
random-looking characters when posting screenshots of Palin's hacked 
account. That will probably be enough for him to pinpoint the proverbial 
needle in the haystack.

The information at the moment is on a server at a Chicago colocation 
site owned by FDC Servers. Logs are automatically flushed after seven 
days, so the clock is ticking for law enforcement, who presumably are 
under intense pressure to protect the privacy of a candidate for the 
White House. Of course, there's always the possibility that Ctunnel.com 
was only one of multiple anonymization services the email hackers used 
to cover their tracks, but there's only one way to find out.

Ramuglia said if he is contacted by law enforcement officials he will 
probably give them the information they seek. At time of writing, he's 
received no inquiries from any law enforcement agencies, he said.

The breach of Palin's account "is pretty clearly against my terms of 
service," he said. "As exciting as it is to be in the news, this is not 
the type of activity I can encourage by any means."


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/
Received on Thu Sep 18 2008 - 01:40:09 PDT

This archive was generated by hypermail 2.2.0 : Thu Sep 18 2008 - 01:52:09 PDT