Report: FBI searches Tenn. student's apartment in Palin hacking case

FBI agents served a search warrant Sunday at the Knoxville, Tenn., apartment of a college student whom Internet sleuths last week had named as the hacker who accessed Gov. Sarah Palin's e-mail account, a local television station reported.

But the Georgia man who runs the proxy service used to mask the hacker's identity said that the IP address he's traced "doesn't look consistent" with reports in the media that have focused on David Kernell.

According to a report by WBIR, Knoxville's NBC affiliate, agents served the warrant early Sunday at the residence of Kernell, 20. He is the son of Mike Kernell, a Democratic state legislator from Memphis.

A witness told WBIR that the agents arrived at The Commons of Knoxville early Sunday, and spent about one-and-a-half to two hours searching Kernell's apartment. The witness also said that Kernell's roommates were subpoenaed and must testify this week in Chattanooga.

Kernell, a student at the University of Tennessee-Knoxville, was linked to the hack of Palin's account on blogs and message boards after someone identified only as "rubico" posted a message on a popular board claiming to have accessed Palin's account by using Yahoo's password reset feature. Others subsequently connected the rubico handle to the e-mail address "rubico10@yahoo.com," which was in turn linked to Kernell through Internet searches that uncovered connections between him, the username and the e-mail address on such sites as YouTube.

Last week, Kernell's father confirmed that his son was the person being named on blogs and boards in connection with the Palin hack.

The U.S. Department of Justice also confirmed there has been "investigatory activity" in Knoxville regarding the Palin case, said the WBIR report. No charges, however, have been filed, and the warrant was not publicly available, the DOJ spokeswoman told the television station.

A search conducted Sunday by Computerworld on the federal court system's electronic database revealed no complaints or warrants issued against Kernell.

And Gabriel Ramuglia, the webmaster of Ctunnel, an Athens, Ga.-based proxy service used by the hacker, said Sunday that he wasn't sure the FBI was investigating the right man.

At the FBI's request, Ramuglia had searched the Ctunnel logs for evidence of the Palin account hack. He reported his findings to the agency Saturday.

On Sunday, he confirmed he had identified the IP address used by the person who broke into the Palin account. "It seems that the user in question did access the account using Ctunnel," Ramuglia said, "and I have the IP address of that user."

He also said that the FBI had leads of its own. "They already had a kind of idea who it was, because they gave me an IP address to look for," he said, which made it much easier to locate the section of his logs pertinent to the Palin hack.

But he couldn't link Kernell to that IP address.

"Because I'm not in contact with the Internet service provider, I'm not 100% sure of where the IP is based," he said. "But from what I can tell, the IP address doesn't look consistent with the media reports."

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.