NewsBusters looks into my original Palin email scandal post. Here are their concerns and my response

Here’s the original post.

And here’s NewsBuster’s concerns:

  • I haven’t seen any evidence that the screenshot mentioned above was taken by “rubico.” It could be it was taken by the person who changed the password and informed Palin’s friend.
  • Even if it is, rubico was likely using a proxy when he/she came in to NewsBusters so all we’d have is rubico’s proxy’s IP.
  • We don’t know necessarily what time zone Palin had set on her Yahoo account. Could be she had set it for Alaska time which is 4 hours behind our server which is on Eastern time, could be she left it at the default which is Pacific Time as I remember.
  • We don’t know when the person who took the screenshot visited our NB page. Could be it was the 15th, could be it was the 16th. The screenshot in question could have been taken long after the email password was changed. We also don’t know when our NB visitor came in here in relation to the screenshot.

Let me go through these concerns one by one because they have all crossed my mind at one point or another:

1. I am absolutely positive that the screenshot NB is talking about IS from Rubico himself. I make this judgment based off of what Michelle Malkin (and others) have been reporting about what Rubico said on 4chan.com and what appears in the screenshot. You see, Rubico says while looking for an answer to one of the security questions he searched for the term “palin husband eloped” (which is what the search term is in the screenshot) on google and guess what the number two ranking site for that term is? Yup, Classless Alan Colmes: OMG the Palins Eloped! by NewsBusters (its the #1 result for palin eloped). And it seems really unlikely that anybody else other than Rubico would care to be doing the research that is evident in the screenshot i referenced. Also if you go through the other screen shots posted on Gawker you can easily tell which ones are from Rubico and which ones are from the so called “white knight”. All you need to do is look at the URL in each screen shot, the ones by the “white knight” are not sheilded by a proxy where as all of the Rubico screenshots are sheilded by ctunnel.com’s proxy service.

2. I thought that for a second as evidenced by the first update. However, after some further observation I can now say confidently that he was NOT sheilded by a proxy when viewing the NewsBusters post, he only used the proxy on the yahoo site. There is a simple way to tell, all you have to do is look at the tabs in the screenshot. Unlike the yahoo, which shows the proxy url as the title of the tab, the Newsbusters tab shows the actual title of the story. Therefor he was NOT using a proxy to visit the NewsBusters post. Let me use some pictures to illustrate what I’m talking about:

Here is the close up of Rubico’s screenshot (Click on the pictures for their full size versions):

And here is what the tab looks like when you visit the NewsBusters post through the ctunnel.com proxy Rubico used to hack Palin’s email:

And here is a comparison of Rubico’s non-proxy visit to NewsBusters and my proxied visit (Rubico is on top and my visit is on the bottom):

So as you can see through the pictures… he wasn’t using a proxy to visit NewsBusters. Which means they do have his actual IP address, somewhere.

3. Yea the time zone thing could be a minor problem. I guess it means that NewsBusters would have to check their logs for a visitor from the University of Tennesse, where David Kernell goes to school, at 4:23am EST and Pacific Time which I guess would be 8:23 am EST. But I would assume that’s possible? I don’t understand why it wouldn’t be?

But while I can’t be positive about the time zone for the email in the screenshot I think that we can safely guess that it is EST because, according to a report by Malkin, the original post by the hacker came around 4am EST (4chan.com shows times in EST) on Tuesday. If the email had referred to Pacific Time then the earliest Rubico could’ve posted something would’ve been 8:23 am EST.

4. Well, according to a tech-savvy guest over at Malkin:

Sarah Palin’s email account was hacked by one person. Not a group.

This person read her emails, then posted the username and password on /b/. This happened at about 4 in the morning on Tuesday.

Combine that with what Rubico said himself (again via Malkin):

THIS internet was serious business, yes I was behind a proxy, only one, if this s*** ever got to the FBI I was f*****, I panicked, i still wanted the stuff out there but I didn’t know how to rapids*** all that stuff, so I posted the pass on /b/, and then promptly deleted everything, and unplugged my internet and just sat there in a comatose state”.

Basically what he’s saying in this later post (from Wednesday) is that he almost immediately uploaded the info he had and then deleted everything because he got scared. That would mean that his screenshot must have come from sometime after 4:23 am EST and sometime before 5am EST. But since the visit to the NewsBusters website was for research on the answer to a Yahoo mail security question I would assume that it came sometime before 4:23 am EST and he probably only registered 1 pageview, since he would only have been interested in one piece of information from NewsBusters, where Todd and Sarah Palin met.

After all of this I really think there are several things we can learn about these screenshots. They are, in fact, from Rubico. They show he is on a NewsBusters post while hacking into Palin’s email. They show that he is NOT using a proxy to view the NewsBuster post. They give us a specific time frame that he was on the NewsBusters post. Those things are important because they mean that NewsBusters, most likely, can figure out if David Kernell (or rather someone from the University of Tennessee, who I would assume is David Kernell) was on that specific post durring that specific time frame. Is it evidence that you could use in court? Certainly not, but is it enough to get one step closer to convincing me and put a clearer focus on Kernell? Absolutely.

Also, on a side note, NewsBusters said: “We have the log files at our disposal should the feds come asking for more details. I’m not holding my breath for a request, however, based on the above reasons.”

Now, I still agree that the feds most likely will not be looking into this lead because of how circumstantial it is but I decided that I should submit my original post to the FBI. I figured it couldn’t hurt…

And shortly after I submitted my original post as a tip I got an interesting visitor to that post.

Here is a screenshot of that visit:

Yup… the Department of Justice. And they only looked at that site. And they looked at the full size versions of every picture.

Probably a coincidence…

But still Interesting, isn’t it?

UPDATE: Check out this hilarious tirade from the LA Times… they complain that the conservative blog-o-sphere is jumping to conclusions to fast and without enough evidence. Oh LAT, you’re ironic outrage makes me giggle. (but let’s not disregard their point completely, let’s all keep in mind that there is no hard proof against anyone, yet)(Allah made this point already)

BIG UPDATE: FBI searched David Kernell’s apartment?

Palin hacker, Rubico, was on NewsBusters while taking pictures of her E-Mail

So, I guess I’m the first to look really closely at some of those screen shots the hacker, Rubico, posted on the internet. Either that or I should have done a lot more digging before posting this…

Either way it seems that Rubico was looking at one of the biggest conservative blogs out there, NewsBusters. And he was looking at a specific post on NewsBusters none the less…

Seems plain as day to me but you guys can judge for yourselves, keep in mind that the Rubico pictures are most likely screen shots of screen shots since I got them off of Gawker.com who got it from posters on 4chan.com where Rubico posted the pictures. That would most likely account for why they are so blurry compared to my screen shots…

Here is the full screen shot from Rubico (click on the images to see them full size):

UPDATE: I have found a higher quality image of the screen capture that Rubio posted online. Click here to view it full screen.

Here is the same picture zoomed in and cropped:

Now, yes they are blurry but simply looking at the fourth tab made me think that it looked like a tab that was open to an article on NewsBusters. So I went and did a search for the words I could make out which where “Classless Alan Colmes” because that’s what it seemed like and because I remembered there being a recent NewsBusters article on some baseless attacks Alan Colmes had made recently. What did I find? A post called “Classless Alan Colmes: OMG, the Palins Eloped“.

And furthermore, when you open that post in Firefox (like Rubico) with five other tabs open (like Rubico) you get this (I edited out some stuff to be on the safe side):

Here it is upclose:

Now, here’s the two close ups on top of one another (My screen shot is on top and Rubico’s is on the bottom):

Identical…

So then, why was Rubico on NewsBusters? And more specifically why that article?

Well, if what Malkin has been reporting is true, my best guess is that Rubico, since he said he was looking for dirt on Palin, was looking into Alan Colmes’ claim that the Palins eloped because Sarah was pregnant and not to save money.

Of course, its easy for us rational people to realize that, even if Colmes’ pathetic accusations were true, Sarah Palin probably wasn’t casually discussing the secret reason behind her wedding somewhere in her last 174 emails. But, hey, its also easy for us rational people to realize that hacking into the private email account of an elected official running for vice president is a terrible idea that entails drastic consequences… you know, like jail time.

But besides all of that, the reason I started looking so closely at those screen shots was to hopefully get some clues as to who this hacker was… Well, while it might not seem like it right away, this may help to do that.

How, you might ask? Well, in the screen shot where you can tell that the hacker is looking at NewsBusters there is a clue as to the general time when he was looking at the site. That time would be somewhere around 4:23 am based off of the last email received, which was undoubtedly recieved shortly after the hacker logged in since it is a password change notification. Now, that probably isn’t enough information to pinpoint who the person is.

But when you combine that information with the speculation that David Kernell may have been the one who hacked Palin’s email you can at least prove that theory right or wrong to a certain degree.

All NewsBusters would need to do, assuming they still have the visitor data for that post from two days ago, which is admittedly a big assumption, is check out their visitor logs for around 4:23 am EST and look for a visitor from the University of Tennessee who looked at “Classless Alan Colmes: OMG the Palins Eloped”.

If that visitor exists that would all but prove, for me at least, that it was David Kernell who hacked Sarah Palin’s email.

So what do you say NewsBusters? Will (can) you look for this visit? I would love to hear back from you guys on this one…

UPDATE: After some more thinking and some sleep I’ve refined a couple of things in my theory. After looking over Malkin’s story again I realized that Rubico was probably looking for an answer to one of the security questions in order to change the account’s password. And also Newsbusters may not be able to look for a visit from the University of Tennessee since the hacker used a proxy to visit the yahoo mail site. However, it is very possible that he only used that proxy to visit yahoo and not the other sites opened in the screenshot of his Firefox. So maybe my original theory stands, except that the visitor would have shown up sometime before 4:23 am EST since he was looking for answers to security questions.

UPDATE: Looks like Newsbusters has picked up my story. They seem to be a lot more skeptical about whether they can help Id the hacker. Here is a post with their concerns and my response.

Investigation UPDATE: Ongoing…

INDICTMENT UPDATE: Looks like the feds have caught Rubico, aka David Kernell