By charles the moderator
Rodin’s The Thinker at the Musée Rodin.
Author CJ. Licensed under Creative Commons.
I have a theory.
With the blogosphere all atwitter about the emails and data “stolen” from the Climatic Research Institute at the University of East Anglia, two theories have become dominant describing the origin of the incident.
- CRU was hacked and the data stolen by skilled hackers, perhaps an individual or more insidiously some sophisticated group, such as Russian agents.
- An insider leaked the information to the NSM (non-mainstream media)
Theory number one is the preferred explanation of the defenders of CRU. This allows them to portray CRU as victims of illegal acts. It allows them to scream bloody murder and call for an investigation of the crime. How can we take the fruits of hideous crime seriously? The end does not justify the means!
One of our favorite writers, Gavin Schmidt, has expanded on this theme with the report:
He [Gavin] said the breach at the University of East Anglia was discovered after hackers who had gained access to the correspondence sought Tuesday to hack into a different server supporting realclimate.org, a blog unrelated to NASA that he runs with several other scientists pressing the case that global warming is true.
The intruders sought to create a mock blog post there and to upload the full batch of files from Britain. That effort was thwarted, Dr. Schmidt said, and scientists immediately notified colleagues at the University of East Anglia’s Climatic Research Unit.
http://www.nytimes.com/2009/11/21/science/earth/21climate.html
I believe the above statement by Gavin to be a big bunch of hooey. I believe the “hack” was a posting of the same blog comment which was posted at The Air Vent
which was also submitted here at WUWT, but never was visible publicly, because all comments are moderated and publicly invisible until approved by an administrator or moderator. Many of you have already seen it:
We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents.
Hopefully it will give some insight into the science and the people behind it.
This is a limited time offer, download now:
http://ftp.tomcity.ru/incoming/free/FOI2009.zip
Sample:
0926010576.txt * Mann: working towards a common goal
1189722851.txt * Jones: “try and change the Received date!”
0924532891.txt * Mann vs. CRU
0847838200.txt * Briffa & Yamal 1996: “too much growth in recent years makes it difficult to derive a valid age/growth curve”
0926026654.txt * Jones: MBH dodgy ground
1225026120.txt * CRU’s truncated temperature curve
1059664704.txt * Mann: dirty laundry
1062189235.txt * Osborn: concerns with MBH uncertainty
0926947295.txt * IPCC scenarios not supposed to be realistic
0938018124.txt * Mann: “something else” causing discrepancies
0939154709.txt * Osborn: we usually stop the series in 1960
0933255789.txt * WWF report: beef up if possible
0998926751.txt * “Carefully constructed” model scenarios to get “distinguishable results”
0968705882.txt * CLA: “IPCC is not any more an assessment of published science but production of results”
1075403821.txt * Jones: Daly death “cheering news”
1029966978.txt * Briffa – last decades exceptional, or not?
1092167224.txt * Mann: “not necessarily wrong, but it makes a small difference” (factor 1.29)
1188557698.txt * Wigley: “Keenan has a valid point”
1118949061.txt * we’d like to do some experiments with different proxy combinations
1120593115.txt * I am reviewing a couple of papers on extremes, so that I can refer to them in the chapter for AR4
I was the first at WUWT to see the comment above and immediately embargoed it. After discussions and many phone calls, we finally began to refer to the information after, and only after, we saw that it was available elsewhere, such as The Air Vent, and also after we knew that CRU was aware that it was circulating on the web.
Gavin’s elaborate description of the hacking attempt at RC is, in my humble opinion, nothing more than an attempt to add meat to the hacking theory in order to increase the vilification of the theoretical hackers. Gavin has demonstrated this kind of misdirection in the past in the Mystery Man incident where he attempted to obfuscate his own involvement in a data correction to station files held by the British Antarctic Survey. In this new spirit of transparency Gavin, why don’t you send Anthony the log files that demonstrate this attempted break in at realclimate.org?
After all, this is a criminal act of vandalism and of harassment of a group of scientists that are only going about their business doing science. It represents a whole new escalation in the war on climate scientists who are only trying to get at the truth. Think — this was a very concerted and sophisticated hacker attack. …Or at the next level, since the forces of darkness have moved to illegal operations, will we all have to get bodyguards to do climate science?
Sigh…and sigh again.
Theory number two is the preferred explanation of, for want of a better term, the Skeptics Camp. It is a romantic thought. Some CRU employee, fed up with the machinations, deceit, and corruption of science witnessed around him or her, took the noble action of becoming whistle-blower to the world, bravely thrusting the concealed behavior and data into the light for all to see. This theory is attractive for all the right reasons. Personal risk, ethics, selflessness etc.
I would like to offer a third possibility based on a bit of circumstantial evidence I noticed on the Web Saturday afternoon.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
A short time ago there was a previous leak of CRU data by an insider. In this case, Steve McIntyre acquired station data which he had been requesting for years, but someone inside CRU unofficially made the data available.
In this case, many commentators had various guesses as to the motivation or identity of the disgruntled mole even proposing that perhaps a disgruntled William Connelly was the perpetrator.
Of course it turned out the Phil Jones, director of CRU, himself had inadvertently left the data on an open FTP server.
Many have begun to think that the zip archive FOI2009.zip was prepared internally by CRU in response to Steve McIntyre’s FOI requests, in parallel with attempts to deny the request in case the ability to refuse was lost. There are many reasons to think this is valid and it is consistent with either of the two theories at the beginning of this post. Steve McIntyre’s FOI appeal was denied on November 13th and the last of the emails in the archive is from November 12th.
It would take a hacker massive amounts of work to parse through decades of emails and files but stealing or acquiring a single file is a distinct possibility and does not require massive conspiracy. The same constraints of time and effort would apply to any internal whistle blower. However, an ongoing process of internally collating this information for an FOI response is entirely consistent with what we find in the file.
In the past I have worked at organizations where the computer network grew organically in a disorganized fashion over time. Security policies often fail as users take advantage of shortcuts to simplify their day to day activities. One of these shortcuts is to share files using an FTP server. Casual shortcuts in these instances may lead to gaping security holes. This is not necessarily intentional, but a consequence of human nature to take a shortcut here and there. This casual internal sharing can also lead to unintentional sharing of files with the rest of the Internet as noted in the Phil Jones, CRU mole, example above. Often the FTP server for an organization may also be the organization’s external web server as the two functions are often combined on the same CPU or hardware box. When this occurs, if the organization does not lock down their network thoroughly, the security breaches which could happen by accident are far more likely to occur.
Since Friday November 20th a few users noticed this interesting notice on the CRU website.
This website is currently being served from the CRU Emergency Webserver.
Some pages may be out of date.
Normal service will be resumed as soon as possible.
Here is a screen grab for posterity.
So as part of the security crackdown at CRU they have taken down their external webserver? Network security professionals in the audience will be spitting up coffee all over their keyboards at this point.
So this is my theory is and this is only my theory:
A few people inside CRU possessed the archive of documents being held in reserve in case the FOI appeal decision was made in favor of Steve McIntyre. They shared it with others by putting it in an FTP directory which was on the same CPU as the external webserver, or even worse, was an on a shared drive somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available. Then, along comes our “hackers” who happened to find it, download it, and the rest is history unfolding before our eyes. So much for the cries of sophisticated hacking and victimization noted above.
If I had to bet money, I would guess that David Palmer, Information Policy & Compliance Manager, University of East Anglia, has an even chance of being the guilty party, but it would only be a guess.
To repeat the basic premise of this theory.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
™ CRUtape Letters, is a trademark of Moshpit Enterprises.
Fred Singer on newsnight. Not a particularly robust discussion, but this is getting play in the MSM today. Probably be forgotten by tomorrow.
Liberal use of TiO2 on BBC Newsnight tonight
Fred Singer was very measured in his condemnation of the preversion of the openess of the scientific process
Grumbler – if GM is serious he’ll put his efforts into getting data, code and correspondence into the public domain.
Newsnight, the primetime political program on BBC at 10:30pm, had just led on this issue. As you’d expect it didn’t really get into the meat of the issue but the “trick” and “hiding” lines were brought up and I’m sure plenty of previous unaware Britons are now Googling to find out what has been going on.
They had one guy from the UEA who seemed convinced that this was an “illegal hacking” incident, something Prof Singer didn’t respond to.
I agree. It’s the most sensible explanation.
Grumbler (14:35:50) :
Having got over my gobsmackedness a bit, I am beginning to wonder about the ramifications here. Monbiot has jumped before Andy Revkin and many other well know enviro jounalist names in the world. It could all be a rather self preserving position hes taking rather than genuine enlightenment. But hes going to get flak from all sides, and if Phil Jones does go because of the heightened pressure, then I think there would have to be some knock on consequences for the RealClimate crowd. Quite interesting times.
So they assemble not only loads of data, but also 1k+ emails just in case.. Did Steve McIntyre actually ask to see their emails as well. Or did they prepare them for him just beacuse they’re such a loving bunch? Doesn’t sound very likely to me. Stupid I buy. Stupid and over-zealous, I’m not convinced.
But then, the other possiblilites don’t seem that natural either. There’s no single person who sent or was a receiver on all mails in the file. Briffa seems to be the most popular guy, but he’s only in on around half of them, and he’s doesn’t come out as your everyday whistleblower:)
Could be it-department guy with loads of time to pick emails. But then it’s not like all of them are that interesting. Maybe they were choosen by a combination of sender/receiver + maybe some keyword(s)? That would be very easy, but you’d still come up with loads of crap unless these guys only ever talk about work.
Well, Jeremy Paxman conducted a very even handed discussion on Newsnight – if we can forget Susan Watts rather blinkered piece on how Computer Models tell us everything ;-D quickly forgotten.
So, all 3 agreed that there should an independent enquiry. I’m all for that. Bring it on!
50 years ago, I used to take hourly temps with a handheld sling psychrometer; insert a clean dry sock, verify that both mercury capsules agreed, wet the sock and spin until the wet bulb drops no more; a bit too adventurous and one might crack the tube by accidental impact; grab the backup sling and try again.
Whole degrees only.
Today a blind, dumb machine does this and more — it even amazingly calibrates itself.
I feel so unnecessary.
Rats abandoning sinking ship!!
See response by George Monbiot on
http://www.guardian.co.uk/commentisfree/cif-green/2009/nov/23/global-warming-leaked-email-climate-scientists?showallcomments=true#end-of-comments
Sabraguy:
But now I suggest you review your file of correspondence and
articles, and figure out who you need to apologize to.
Grumbler (14:35:50) :
“I have been following agw as a sceptic for several years now and I can honestly say that George Monbiot saying this is without doubt the most stunning and amazing thing I have heard. It truly is a shattering blow to the warmists. It is extremely significant.”
I agree totally. Monbiot has been one of the most vociferous of the warmers and this an amazing turnaround. If he can see the light, just about anyone can. Well done George.
Meanwhile up here in Canuckistan, the HQ of all our major media – CBC, CTV, Global the Globe & Mail, the Toronto Star . . . . all of them are within spitting distance of where Steve lives and there isn’t a peep, a whisper (Ok one skeptic Journalist – Lorne Gunter) of what’s going on.
Silence of the co-conspiratorial mass media. They do so love hysteria and panic.
Reality however seems to be a bit much for them.
C’mon there CBC, Peter Pansbridge . . grow a pair, you’ll enjoy that swinging feeling.
This one, “ipcc-tar-master.rtf” does not show up with the search engine.
IPCC WGI THIRD ASSESSMENT REPORT – (TAR)
GOVERNMENT/EXPERT REVIEW – APRIL-JUNE 2000
COLLATED EXPERT COMMENTS
GENERAL
Some interesting reading. Only 17 reviewers make a comment and I count 5 supporters, 5 critical, 7 neutral.
UKIP (14:50:05) :
Newsnight, the primetime political program on BBC at 10:30pm, had just led on this issue. As you’d expect it didn’t really get into the meat of the issue but the “trick” and “hiding” lines were brought up and I’m sure plenty of previous unaware Britons are now Googling to find out what has been going on.
They had one guy from the UEA who seemed convinced that this was an “illegal hacking” incident, something Prof Singer didn’t respond to.
The UK Scientist was Bob Watson from UEA. The other person was American, didn’t catch his name.
Bob Watson wanted to talk about the emails and how they were being misinterpreted, the American chap wanted to bring up the fact that the scientific process was being corrupted and that many people had been denied the data to check the results.
Both called for a review (of the hacking and the consequences of the hacking).
Mark.
Seventy years ago we declared war against Hitler. That involved subterfuge and killing people. But it was done with the agreed understanding of being the best option to prevent a greater evil.
I think that the action taken in releasing FOIA2009.zip is a far smaller example w.r.t harm and a somewhat smaller example w.r.t. damage prevention, but IMO it is in the same category of actions.
I find this fourth possibility interesting (taking both the following posts together):-
vukcevic (11:18:03) : …someone in IT was given list of files and told to erase them after the ‘lost data affair’. Any IT employee would know that is an illegal request, so for his/her own protection ‘zipped’ whole lot on 12th November.
Treachery Watch (11:20:34) : …could [CRU] realize that attacking an angry insider would not be a wise course of action because said person perhaps has evidence of file purge attempts?
Having said which, I also see a possible fifth scenario… but it is so strange that no-one would believe me, only that I’ve seen the phenomenon elsewhere, and that the tone of the whole release post, which is both civil, intelligent, relevant, and well-phrased, is very similar.
CTM,
I respectfully suggest that your theory is arse-about.
My theory (which I am putting forward for peer review!) is that the .zip file was months of ongoing work to hide e-mails, code and documents which could be seen as damaging to CRU.
If the FOI application was successful, there would have been a dump of millions of megabytes of totally boring, innocuous “I’m not coming in today because Jenny’s got the measles” type of e-mails, formal responses, and so on.
This file was not prepared for a FOI disclosure – this file was prepared as a record of excised documents!
This would enable CRU to immediately comply with a successful FOI application, and be publicly seen to be doing the “right” thing.
However, it was necessary to keep a record of the “other” documents, which were being excised from the official disclosure. This is what our heroic hacker grabbed.
Louis Hissink (14:14:43) :
…… another instance of Lysenkoism, especially when Trenberth complains that there is something wrong with the data. Have these people ever considered the possibility that the theory might be wrong?
——————
…. and blames it on the “observation system”, the same “observation system” that got them there in the first place. That’s not a first year grad student mistake – that’s a first month grad student mistake. Infantile data analysis, garbage science. To be followed, of course, by whatever happened next …..
I hope the man is as ashamed of himself as he should be but, given that he’s deluded himself into thinking he’s saving the planet, I doubt that he would even know what I’m talking about.
Isbjorn–
Do not know what Steve M.’s original FOI demanded, but it stands to reason it was a broad request for the Code, databases, and all related correspondence regarding same. I am not convinced about the FOI angle either, but something you said is further compelling evidence: the fact this large file had almost no idle chit-chat. Almost all docs are about the database and the FOI request; one item about John Daly, nothing about Euro 2008 Football championships, sale of Christiano Rinaldo, the Ashes cricket test, Madonna’s divorce etc etc. That’s why this file seems to be compiled for a specific purpose; it is that purpose about which we are speculating. Again, Occam’s Razor tells me the file was created in connection with Steve M’s FOI request. Is it an inventory of what may be relevant?, a hot documents list ? safe documents list? purging list? I hope we all find out soon.
Revkin probably doesn’t want anybody reading the e-mails where the CRU team basically refer to him as a tool.
actually, some of the ftp links in the emails still work.
this one is still live, ftp://ftp.ncdc.noaa.gov/pub/data/paleo/gcmoutput/crowley2000/crowley_lowery2000_nht.txt
and leads to this…
“Crowley and Lowery 2000 (Ambio 29, 51)
Northern Hemisphere Temperature Reconstruction
Modified as published in Crowley 2000
(Science v289 p.270, 14 July 2000)
Data from Fig. 1, Crowley 2000:
Decadally smoothed time series of Crowley-Lowery reconstruction
spliced into smoothed Jones et al instrumental record after 1860
(labeled CL2.Jns11), and a slight modification (labeled CL2)
of the original Crowley and Lowery reconstruction to 1965.”
all the data is there too, but it is clearly a splice of a proxie to an instrumental record, published in Science no less.
Thought that was a big no no?
A certain UK military establishment (which I shall allow to remain nameless) used to maintain Unclassified and Secret versions of its web page for access to the day’s data. We discovered during a system study there a few years back that the secret files were still present on the unclassified server copy – they’d merely deleted the links from the front page! (And needless to say, the boss there was less than happy about this state of affairs once he found out, and They Don’t Do This Any More!)
As you say, incompetence always needs to be considered as an alternative to malice.
Agreed, it would make no sense for a mass of emails to be lumped in with data and code as part of the FOI.
The FOI is for the data.
But what do I know, I simply a “denier.”
My post in Monbiot’s thread:
Dear Monbiot, thanks for your surprisingly unbiased opinion. Now I would like to make you a suggestion – Can you make now a Royal Flush about Climate Change Cheaters? Phill Jones can be the Ace of Spades for instance. Cheers
link http://www.guardian.co.uk/commentisfree/cif-green/2009/nov/23/global-warming-leaked-email-climate-scientists?showallcomments=true#end-of-comments
Monbiot’s Royal Flush
http://www.guardian.co.uk/environment/gallery/2009/mar/09/climate-change-deniers-monbiot-cards
A Word of Advice
There were a few posts about the supposed hacker masking their identity using an HTTP Proxy. If you believe that HTTP Proxies are safe, I have a cheep bridge for you in Brooklyn. You should remove such thoughts from your mind; the student who hacked Sarah Palin’s Email account thought the same things and the proprietor of the Proxy server he used was very helpful in assisting the FBI with their investigation after they made the gentleman an offer he could not refuse. You have absolutely no idea who is running the HTTP Proxy and I know from first hand experience that in the past, two of the anonymous HTTP Proxies on the Internet were run by United States intelligence services. Even if the proprietor of the HTTP Proxy service tells you they don’t keep logs, don’t believe them. The logs are their get out of jail free card.
The most popular free HTTP Proxy software on the Internet is Squid. Squid leaks information like a sieve and is a gift from the gods to any security investigator. If you believe you are anonymous on the Internet you are fool and are in for a painful learning experience. In the United States most Internet users have absolutely no idea of for how long Internet Services Provides retain DHCP lease information. Hint: try multiple years for starters and the in case of one very large broadband provider the correct answer may well be forever.
There are ways to hide your identity on the Internet but unless you are very good don’t waste your time and never trust an HTTP Proxy. Being truly anonymous on the on the Internet is a fulltime job and frankly not worth the effort in most cases.
Michael Ronayne
Nutley, New Jersey
StuartR (14:54:48)
Time will tell. IMO at the mo. it just looks like cynical self preservation.
Since when did GM lack the “critical skills” to check and cross reference his sources?