When McCain chose Palin as his running mate, the US Secret Service descended upon her home in Wasilla, Alaska. They set up a perimeter around her house with 24 hour surveillance. They set up alarm equipment. They might've installed bullet proof windows.
But they ignored her computer.
And she got hacked.
The news reports speak about shadowy cabals of hackers performing mysterious rites to break into her computer. It was much simpler than that. Her "secret question" in to reset a lost password was "Where did you meet your spouse?". The secret answer was an easily guessed "Wasilla high".
The "hacker" saw the e-mail address "firstname.lastname@example.org" appear in a Washington Post story about the Governor. He tried the password recovery tool and found the question. He googled for information about the answer. After a few tries like "high school" he finally got the right one, "Wasilla high".
This is an obvious flaw that most people have with their accounts. Look at your friends e-mails from services like Yahoo and Google. Go to the logon page, click on something about a "lost password", and check out their secret question. Chances are good that you can figure out the answer. Checking out their question isn't illegal, but successfully guessing the answer might be.
This was how Paris Hilton got her account hacked. Her secret question was "What's your favorite pet's name?". The answer, Tinkerbell, was prominently in the news, so pretty much everyone knew the secret answer.
After calling the Secret Service to get them protect the VP nominee, the first thing McCain should have done is call a cybersecurity consultancy (like Errata Security) to protect her computer and online accounts. Fixing the "secret question" would have been the first thing we did. This would be followed by changing all her passwords, especially fixing the fact that she probably uses the same password for all her accounts. Next, we would have fixed her home network, especially the insecure WiFi setup she probably has. We would have scanned her computer to see if she were already infected with malware/bots, and then reconfigured her (and her families) computers so that they couldn't accidentally be infected. We would have made sure that all appropriate data was encrypted, and that she could access her accounts in an encrypted fashion (to avoid pesky things such as Sidejacking). Depending on how paranoied the campaign wanted us to be, we probably would have just backed up everything and wiped all her computers and rebuilt them from the ground up to be secure.
We also would have educated her on cybersecurity. The reason that Gov. Palin was using Yahoo mail to begin is probably because she found it inconvenient using the VPN software to logon to her office e-mail. We see that a lot in business: people use private e-mail services like Yahoo and Gmail to carry out corporate activities because they are annoyed with how their own computer staff have things set up. Yet, your computer people set things up this way precisely because there are obvious things that hackers can do to break into your data, such as guessing a poorly chosen "secret" question.
It would be harsh to judge Gov. Palin as being stupid about cybersecurity. The risks she chose could be appropriate for a private citizen not in the spotlight. However, those risks changed the moment she became a VP candidate - her cybersecurity was not adequate to defend against the hightened hacking threat.
BTW, most of us at Errata Security are a bit to the right of the political spectrum. Go McCain/Palin!
PS: Yahoo Mail will give your secret question to anybody who asks for it. Gmail will only give out your secret question after 5 days of inactivity on the account. Yet again this shows why Gmail is more secure than Yahoo Mail.