FBI agents served a search warrant Sunday at the Knoxville, Tenn., apartment of a college student whom Internet sleuths last week had named as the hacker who accessed Gov. Sarah Palin's e-mail account, a local television station reported.
But the Georgia man who runs the proxy service used to mask the hacker's identity said that the IP address he's traced "doesn't look consistent" with reports in the media that have focused on David Kernell.
According to a report by WBIR, Knoxville's NBC affiliate, agents served the warrant early Sunday at the residence of Kernell, 20. He is the son of Mike Kernell, a Democratic state legislator from Memphis.
A witness told WBIR that the agents arrived at The Commons of Knoxville early Sunday, and spent about one-and-a-half to two hours searching Kernell's apartment. The witness also said that Kernell's roommates were subpoenaed and must testify this week in Chattanooga.
Kernell, a student at the University of Tennessee-Knoxville, was linked to the hack of Palin's account on blogs and message boards after someone identified only as "rubico" posted a message on a popular board claiming to have accessed Palin's account by using Yahoo's password reset feature. Others subsequently connected the rubico handle to the e-mail address "rubico10@yahoo.com," which was in turn linked to Kernell through Internet searches that uncovered connections between him, the username and the e-mail address on such sites as YouTube.
Last week, Kernell's father confirmed that his son was the person being named on blogs and boards in connection with the Palin hack.
The U.S. Department of Justice also confirmed there has been "investigatory activity" in Knoxville regarding the Palin case, said the WBIR report. No charges, however, have been filed, and the warrant was not publicly available, the DOJ spokeswoman told the television station.
A search conducted Sunday by Computerworld on the federal court system's electronic database revealed no complaints or warrants issued against Kernell.
And Gabriel Ramuglia, the webmaster of Ctunnel, an Athens, Ga.-based proxy service used by the hacker, said Sunday that he wasn't sure the FBI was investigating the right man.
At the FBI's request, Ramuglia had searched the Ctunnel logs for evidence of the Palin account hack. He reported his findings to the agency Saturday.
On Sunday, he confirmed he had identified the IP address used by the person who broke into the Palin account. "It seems that the user in question did access the account using Ctunnel," Ramuglia said, "and I have the IP address of that user."
He also said that the FBI had leads of its own. "They already had a kind of idea who it was, because they gave me an IP address to look for," he said, which made it much easier to locate the section of his logs pertinent to the Palin hack.
But he couldn't link Kernell to that IP address.
"Because I'm not in contact with the Internet service provider, I'm not 100% sure of where the IP is based," he said. "But from what I can tell, the IP address doesn't look consistent with the media reports."
ISPs are assigned blocks of IP addresses that they in turn parcel out to their users. If that ISP is small and serves a localized customer base, it may be possible for outsiders to connect an individual to an IP address with some certainty.
"It's public knowledge where an ISP is located, but if they serve a wide geographic area, it may not be easy to figure out a connection," Ramuglia said.
He declined to name the ISP to which the IP address was assigned, saying only that it is "not a well-known ISP and seems to be a small, residential ISP."
The ISP, of course, would be able to identify its customer by the IP address, Ramuglia noted.
According to rubico's confessional message last week, Palin's account was accessed by resetting its password, a process that required a correct answer to a single security question. Rubico claimed that the online research needed to reset Palin's password took just 45 minutes.
Before the incident, Palin, the Republican nominee for vice president, had come under fire for using private e-mail accounts to conduct state business. Some critics had accused her and others in her administration with using private, rather than state-provided accounts, to skirt message-retention and public records laws.