By charles the moderator
Rodin’s The Thinker at the Musée Rodin.
Author CJ. Licensed under Creative Commons.
I have a theory.
With the blogosphere all atwitter about the emails and data “stolen” from the Climatic Research Institute at the University of East Anglia, two theories have become dominant describing the origin of the incident.
- CRU was hacked and the data stolen by skilled hackers, perhaps an individual or more insidiously some sophisticated group, such as Russian agents.
- An insider leaked the information to the NSM (non-mainstream media)
Theory number one is the preferred explanation of the defenders of CRU. This allows them to portray CRU as victims of illegal acts. It allows them to scream bloody murder and call for an investigation of the crime. How can we take the fruits of hideous crime seriously? The end does not justify the means!
One of our favorite writers, Gavin Schmidt, has expanded on this theme with the report:
He [Gavin] said the breach at the University of East Anglia was discovered after hackers who had gained access to the correspondence sought Tuesday to hack into a different server supporting realclimate.org, a blog unrelated to NASA that he runs with several other scientists pressing the case that global warming is true.
The intruders sought to create a mock blog post there and to upload the full batch of files from Britain. That effort was thwarted, Dr. Schmidt said, and scientists immediately notified colleagues at the University of East Anglia’s Climatic Research Unit.
http://www.nytimes.com/2009/11/21/science/earth/21climate.html
I believe the above statement by Gavin to be a big bunch of hooey. I believe the “hack” was a posting of the same blog comment which was posted at The Air Vent
which was also submitted here at WUWT, but never was visible publicly, because all comments are moderated and publicly invisible until approved by an administrator or moderator. Many of you have already seen it:
We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents.
Hopefully it will give some insight into the science and the people behind it.
This is a limited time offer, download now:
http://ftp.tomcity.ru/incoming/free/FOI2009.zip
Sample:
0926010576.txt * Mann: working towards a common goal
1189722851.txt * Jones: “try and change the Received date!”
0924532891.txt * Mann vs. CRU
0847838200.txt * Briffa & Yamal 1996: “too much growth in recent years makes it difficult to derive a valid age/growth curve”
0926026654.txt * Jones: MBH dodgy ground
1225026120.txt * CRU’s truncated temperature curve
1059664704.txt * Mann: dirty laundry
1062189235.txt * Osborn: concerns with MBH uncertainty
0926947295.txt * IPCC scenarios not supposed to be realistic
0938018124.txt * Mann: “something else” causing discrepancies
0939154709.txt * Osborn: we usually stop the series in 1960
0933255789.txt * WWF report: beef up if possible
0998926751.txt * “Carefully constructed” model scenarios to get “distinguishable results”
0968705882.txt * CLA: “IPCC is not any more an assessment of published science but production of results”
1075403821.txt * Jones: Daly death “cheering news”
1029966978.txt * Briffa – last decades exceptional, or not?
1092167224.txt * Mann: “not necessarily wrong, but it makes a small difference” (factor 1.29)
1188557698.txt * Wigley: “Keenan has a valid point”
1118949061.txt * we’d like to do some experiments with different proxy combinations
1120593115.txt * I am reviewing a couple of papers on extremes, so that I can refer to them in the chapter for AR4
I was the first at WUWT to see the comment above and immediately embargoed it. After discussions and many phone calls, we finally began to refer to the information after, and only after, we saw that it was available elsewhere, such as The Air Vent, and also after we knew that CRU was aware that it was circulating on the web.
Gavin’s elaborate description of the hacking attempt at RC is, in my humble opinion, nothing more than an attempt to add meat to the hacking theory in order to increase the vilification of the theoretical hackers. Gavin has demonstrated this kind of misdirection in the past in the Mystery Man incident where he attempted to obfuscate his own involvement in a data correction to station files held by the British Antarctic Survey. In this new spirit of transparency Gavin, why don’t you send Anthony the log files that demonstrate this attempted break in at realclimate.org?
After all, this is a criminal act of vandalism and of harassment of a group of scientists that are only going about their business doing science. It represents a whole new escalation in the war on climate scientists who are only trying to get at the truth. Think — this was a very concerted and sophisticated hacker attack. …Or at the next level, since the forces of darkness have moved to illegal operations, will we all have to get bodyguards to do climate science?
Sigh…and sigh again.
Theory number two is the preferred explanation of, for want of a better term, the Skeptics Camp. It is a romantic thought. Some CRU employee, fed up with the machinations, deceit, and corruption of science witnessed around him or her, took the noble action of becoming whistle-blower to the world, bravely thrusting the concealed behavior and data into the light for all to see. This theory is attractive for all the right reasons. Personal risk, ethics, selflessness etc.
I would like to offer a third possibility based on a bit of circumstantial evidence I noticed on the Web Saturday afternoon.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
A short time ago there was a previous leak of CRU data by an insider. In this case, Steve McIntyre acquired station data which he had been requesting for years, but someone inside CRU unofficially made the data available.
In this case, many commentators had various guesses as to the motivation or identity of the disgruntled mole even proposing that perhaps a disgruntled William Connelly was the perpetrator.
Of course it turned out the Phil Jones, director of CRU, himself had inadvertently left the data on an open FTP server.
Many have begun to think that the zip archive FOI2009.zip was prepared internally by CRU in response to Steve McIntyre’s FOI requests, in parallel with attempts to deny the request in case the ability to refuse was lost. There are many reasons to think this is valid and it is consistent with either of the two theories at the beginning of this post. Steve McIntyre’s FOI appeal was denied on November 13th and the last of the emails in the archive is from November 12th.
It would take a hacker massive amounts of work to parse through decades of emails and files but stealing or acquiring a single file is a distinct possibility and does not require massive conspiracy. The same constraints of time and effort would apply to any internal whistle blower. However, an ongoing process of internally collating this information for an FOI response is entirely consistent with what we find in the file.
In the past I have worked at organizations where the computer network grew organically in a disorganized fashion over time. Security policies often fail as users take advantage of shortcuts to simplify their day to day activities. One of these shortcuts is to share files using an FTP server. Casual shortcuts in these instances may lead to gaping security holes. This is not necessarily intentional, but a consequence of human nature to take a shortcut here and there. This casual internal sharing can also lead to unintentional sharing of files with the rest of the Internet as noted in the Phil Jones, CRU mole, example above. Often the FTP server for an organization may also be the organization’s external web server as the two functions are often combined on the same CPU or hardware box. When this occurs, if the organization does not lock down their network thoroughly, the security breaches which could happen by accident are far more likely to occur.
Since Friday November 20th a few users noticed this interesting notice on the CRU website.
This website is currently being served from the CRU Emergency Webserver.
Some pages may be out of date.
Normal service will be resumed as soon as possible.
Here is a screen grab for posterity.
So as part of the security crackdown at CRU they have taken down their external webserver? Network security professionals in the audience will be spitting up coffee all over their keyboards at this point.
So this is my theory is and this is only my theory:
A few people inside CRU possessed the archive of documents being held in reserve in case the FOI appeal decision was made in favor of Steve McIntyre. They shared it with others by putting it in an FTP directory which was on the same CPU as the external webserver, or even worse, was an on a shared drive somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available. Then, along comes our “hackers” who happened to find it, download it, and the rest is history unfolding before our eyes. So much for the cries of sophisticated hacking and victimization noted above.
If I had to bet money, I would guess that David Palmer, Information Policy & Compliance Manager, University of East Anglia, has an even chance of being the guilty party, but it would only be a guess.
To repeat the basic premise of this theory.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
™ CRUtape Letters, is a trademark of Moshpit Enterprises.
Oh, I love how he suggests the simple use of a proxy server suggests ‘sophisticated knowledge’, lol.
Squidly (13:32:25) :
Pat Micheals is currently on FoxNews about this!
nice!!! Stuart Varney kept alarmist Dan Weiss on the ropes.
I feel bad about feeling good about that!!:
Pass the popcorn.
This gets even more strange.
At RC Gavin wrote ( I dont know it is ok to quote his entire post but in these days ….)
“There seems to be some doubt about the timeline of events that led to the emails hack. For clarification and to save me going through this again, this is a summary of my knowledge of the topic. At around 6.20am (EST) Nov 17th, somebody hacked into the RC server from an IP address associated with a computer somewhere in Turkey, disabled access from the legitimate users, and uploaded a file FOIA.zip to our server. They then created a draft post that would have been posted announcing the data to the world that was identical in content of the comment posted on The Air Vent later that day. They were intercepted before this could be posted on the blog. This archive appears to be identical to the one posted on the Russian server except for the name change. Curiously, and unnoticed by anyone else so far, the first comment posted on this subject was not at the Air Vent, but actually at ClimateAudit (comment 49 on a thread related to stripbark trees, dated Nov 17 5.24am (Central Time I think)). The username of the commenter was linked to the FOIA.zip file at realclimate.org. Four downloads occurred from that link while the file was still there (it no longer is).
The use of a turkish computer would seem to imply that this upload and hack was not solely a whistleblower act, but one that involved more sophisticated knowledge. If SM or JeffID want to share the IPs associated with the comments on their sites, I’ll be happy to post the IP address that was used to compromise RC.”
http://www.realclimate.org/index.php/archives/2009/11/the-cru-hack-context/comment-page-2/#comment-143886
They should know by now what happened. The fact they are “mum” about it suggests that it was a simple human error (files placed in an unprotected public server).
Server traffic records would show 61 Mb of data being moved around. Knowing the files and the sizes it should have been easy to find out.
Hackers do not go in and go out and leave no trace….
Smokey (13:43:43)
Agreed – and completely contrary to the UK EIR/FOI “public interest” criteria.
Thank you. I’m just one of the small-town observers, yet a denier, of this whole evil hoax. Now I can provide my antagonists with a reasoned explanation for why the science is NOT “settled”. The Canadian Broadcasting Corporation will interview Al Gore on Thursday morning, 26th Nov. I wonder if they have the “guts” to challenge him on this whole issue.
Wow. Have a look at George Monbiot about this leak on CiF
http://www.guardian.co.uk/commentisfree/cif-green/2009/nov/23/global-warming-leaked-email-climate-scientists
Fair enough he makes the point it isnt the nail in the coffin of AGW theory , but then he says
“There appears to be evidence here of attempts to prevent scientific data from being released, and even to destroy material that was subject to a freedom of information request.”
Also:
” Phil Jones, should now resign. ”
And in one reply to a poster called Sabraguy who asks:
” But now I suggest you review your file of correspondence and articles, and figure out who you need to apologize to.”
He replies:
“I apologise. I was too trusting of some of those who provided the evidence I championed. I would have been a better journalist if I had investigated their claims more closely.”
All in apparent sincerity, I am quite gobsmacked.
Winston (13:45:19)
How does Gavin know the detail on the CA post and the associated downloads? Has CA posted on this?
Maybe we’re looking at this completely backwards.
Instead of looking at the billions and billions of $$$$ “wasted”…how about this headline:
“World sleeps better…After massive investment of billions of $$$, researchers unable to find any warming, so no more worrying about it.
Today, researchers at CRU pronounced that any signs of AGW were
impossible to find after years of research, and that the ONLY way they
were able to show ANY man-made warming at all was to manually
alter data. Without the alterations, models continued to agree with
real temperature measurements, and indicate no man-made warming
at all.”
Then we might say “Well…it was a crapload of money, but at least we can sleep well tonight instead of worrying about that 20meter wall of water heading straight towards NY city.”
JimB
This may be OT, but wouldn’t it make a lot of sense for some of the leading analysts and scientists who understand the temperature record and the software coding that generates the usable output from the raw temperature data to get together and develop an organized approach to dissecting the released CRU data files and code? I’m thinking Lindzen, McIntyre, Spencer, EM Smith, Pielke, et. al. ought to be coordinating their efforts to determine if it is possible to see how much the HADCRUT (and by extension, the GISSTEMP) data-in-use is untrustworthy for the purposes of examining temperature trends of the magnitude involved.
What do others think? Does anyone have any idea what’s going on among these folks behind the scenes at this point? Or, is everyone waiting for a formal investigation of which to be a part?
In the Guardian Monbiot accepts that the leaked emails are profoundly damaging and apologises to his readers.
http://www.guardian.co.uk/commentisfree/cif-green/2009/nov/23/global-warming-leaked-email-climate-scientists
Things are really heating up!
Tracing the real IP address through proxies can take days and weeks.
Scouse Pete says:
November 23, 2009
Anyway, I’m confused why UEA rolled out this rather odd spokeman (for the day) who did lots of Errrms and R’sss, and seemed not to know alot.
——————–
I think the clue is in your comment! Ermmm, Arrrrrrrr…. 😉
I take great umbrage at the usage of the term stolen data being currently bandied around by various embarassed parties at CRU. I happen to be one of the owners of this and any other data stemming from any research that is funded by my taxes.
Furthermore, I take as dim a view of this AGW data shenanigans as I do of the MP’s expenses scam as it all falls into the same category of defrauding the taxpayer.
Glen Beck will be discussing “the global warming hoax” starting right now.
Glen Beck (Fox ) is talking about the Hadley scandal in tonites segment.
I think I just died.
The ‘hacking’ story just made the headlines on the BBC 22:00 news.
StuartR (13:52:46)
If it is in sincerity he’ll start that closer investigation now and hold judgement on the “science is settled” that he promotes in the article above his comment. I also think he has a few more apologies to issue.
Watching it now. If you have a PC and Real Player installed, you can watch it on my site: http://thelaymanscorner.com/?page_id=14
Leak Source:
I think it was probably an inside-job in someway
– probably a disgruntled employee, or ex-employee, who couldn’t take the lies and the Spin, and the dodgey IT practices any more
– and the FOIA.zip file name is an ironic joke at the attempts of the CRU Crew to avoid the FOI requests!
My sneaking suspicion is that it was really Dr Briffa, who has held a secret grudge against Mann & Jones for the way they have hogged all the limelight, and glory, whilst insisting he has to add a hockey-stick to every damned climatic-series he produces!
can anyone shed light on why the only things redacted from the emails is the 2nd half of all the email addresses? Why would a hacker bother to do this? Is there some FOIA requirement that the second half of email addresses be redacted?
JimB (13:56:27)
Yes, nice idea – get a climate dream team together from both sides and blogland. I reckon shut them all in a big room a la “Apollo 13” movie and “failure is not an option” – within a week we’d have a pretty well thrashed out view of the real position of climate science. Not sure who should be Chair though… 🙂
My theory is that Al Gore grew a conscience or a pair and using his vast technical networking skills – he did, after all, invent the Internet, hacked the CRU server.
Al’s our boy . . motive & technical skill.
Richard Black is still muzzled. The BBC thought police are active and no posts have been allowed on his thread since 48 hours – even ones that do NOT quote anything said in the emails (as mine does not and it is still awaiting moderation)
The real world is stranger than fiction!
Who would have thought that the UK’s BBC would be worse than any tightly controlled tinpot dictatorship.
How an organization as large as the BBC could remain so tightly under a tyrannical control is AMAZING – surely there are some BBC employees who KNOW THAT THE BBC’S BEHAVIOUR IS UNETHICAL?
BBC EMPOYEES WAKE UP – EXERCISE YOUR RIGHTS OF FREE SPEECH – YOU HAVE THE POWER TO DISOBEY YOUR MANAGEMENT DIRECTIVES – YOU CAN PUBLISH THE TRUTH.
BTW: Rember this?
http://dilbert.com/dyn/str_strip/000000000/00000000/0000000/000000/20000/2000/200/26130/26130.strip.gif