A 20-year old college student from Tennessee, so far known only by his alias “Rubico” and who claims to be the hacker who broke into presidential running mate Sarah Palin’s e-mail account and published screenshots of her Inbox online, posted a first-person account of how he did it on the 4chan.org forums. If true, the answer is embarrassingly simple:

Rubico says he cracked Palin's account in just under 45 minutes using only the Yahoo password recovery form, and simple web searching. Yahoo, like many other free web mail services today, has the feature of helping a user who has forgotten their password to recover it by giving the answers to a series of questions, answers who only the user is supposedly privy to.

Nevertheless it was a matter of 15 seconds for Rubico to look up Palin’s birthday on Wikipedia and a few minutes to use the U.S. postal service website to find out the only two zip codes in Wasilla, Alaska. The only part that gave the young “hacker” any amount of trouble was the answer to the question of where Palin had met her husband. Looking up publicly available biographical information about Palin, Rubico was able to find out that she and her future husband had eloped after college, and further research yielded that they had met in high school. A few combinations of words later the correct answer, “Wasilla High” was entered. Rubico then reset the Alaska governor’s password to “popcorn” and entered the account.

The simple manner by which Gov. Palin’s account was broken into highlights the inherent weakness of such security systems, considering how most web-mail services and other websites have the option of letting the users retrieve forgotten account data by way of such ‘security questions’.

Rubico says he found "nothing incriminating, nothing that would derail her campaign as I had hoped. All I saw was personal stuff, some clerical stuff from when she was governor… and pictures of her family." Even so, one can notice the irony inherent here:

Before her account was hacked, Governor Palin had come under criticism for the use of private e-mail addresses to conduct state business, an act forbidden by law. Even though the account was broken into to find illicit activities Palin may have hidden from the public, the hack has managed to highlight another reason for which that law was put into effect: such personal e-mail addresses are unsafe and relatively easy to break in to, as amply demonstrated.

If you’re a state official and you carelessly expose sensitive information, you jeopardize the state. Let’s not forget what happened in 2000 with then-CIA director John M. Deutch, when he was discovered to have been accessing his CIA e-mail account from home; if any state secrets have been leaked by his recklessness, it was impossible to trace.