By Dan Goodin in San Francisco
18th September 2008
Memo to law enforcement investigators tracking down who broke into Sarah
Palin's Yahoo email account: Gabriel Ramuglia might be a good place to
The 25-year-old webmaster and entrepreneur is the operator of
Ctunnel.com, the browsing proxy service used by the group that hacked
into the vice presidential candidate's personal email account and
exposed its contents to the world. While he has yet to examine his logs,
he says there's a good chance they will lead to those responsible,
thanks to some carelessness on their part.
"Usually, this sort of thing would be hard to track down because it's
Yahoo email, and a lot of people use my service for that," he told El
Reg in a phone interview. "Since they were dumb enough to post a full
screenshot that showed most of the [Ctunnel.com] URL, I should be able
to find that in my log."
Ramuglia got into the proxy business a few years ago, after schools
began blocking access to an online game site he used to co-own. Pretty
soon, people began using the proxy service to access YouTube, Gmail,
MySpace, and dozens of other sites that are routinely blocked by IT
To prevent abuse of the service - such as the occasional bomb threat or
other illegal act that's been known to happen - Ramuglia logs each
user's IP address, along with the time and web destination. That often
isn't enough to track down people who access extremely popular websites.
But in this case, the perpetrators included a whole string of
random-looking characters when posting screenshots of Palin's hacked
account. That will probably be enough for him to pinpoint the proverbial
needle in the haystack.
The information at the moment is on a server at a Chicago colocation
site owned by FDC Servers. Logs are automatically flushed after seven
days, so the clock is ticking for law enforcement, who presumably are
under intense pressure to protect the privacy of a candidate for the
White House. Of course, there's always the possibility that Ctunnel.com
was only one of multiple anonymization services the email hackers used
to cover their tracks, but there's only one way to find out.
Ramuglia said if he is contacted by law enforcement officials he will
probably give them the information they seek. At time of writing, he's
received no inquiries from any law enforcement agencies, he said.
The breach of Palin's account "is pretty clearly against my terms of
service," he said. "As exciting as it is to be in the news, this is not
the type of activity I can encourage by any means."
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!