By charles the moderator
Rodin’s The Thinker at the Musée Rodin.
Author CJ. Licensed under Creative Commons.
I have a theory.
With the blogosphere all atwitter about the emails and data “stolen” from the Climatic Research Institute at the University of East Anglia, two theories have become dominant describing the origin of the incident.
- CRU was hacked and the data stolen by skilled hackers, perhaps an individual or more insidiously some sophisticated group, such as Russian agents.
- An insider leaked the information to the NSM (non-mainstream media)
Theory number one is the preferred explanation of the defenders of CRU. This allows them to portray CRU as victims of illegal acts. It allows them to scream bloody murder and call for an investigation of the crime. How can we take the fruits of hideous crime seriously? The end does not justify the means!
One of our favorite writers, Gavin Schmidt, has expanded on this theme with the report:
He [Gavin] said the breach at the University of East Anglia was discovered after hackers who had gained access to the correspondence sought Tuesday to hack into a different server supporting realclimate.org, a blog unrelated to NASA that he runs with several other scientists pressing the case that global warming is true.
The intruders sought to create a mock blog post there and to upload the full batch of files from Britain. That effort was thwarted, Dr. Schmidt said, and scientists immediately notified colleagues at the University of East Anglia’s Climatic Research Unit.
http://www.nytimes.com/2009/11/21/science/earth/21climate.html
I believe the above statement by Gavin to be a big bunch of hooey. I believe the “hack” was a posting of the same blog comment which was posted at The Air Vent
which was also submitted here at WUWT, but never was visible publicly, because all comments are moderated and publicly invisible until approved by an administrator or moderator. Many of you have already seen it:
We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents.
Hopefully it will give some insight into the science and the people behind it.
This is a limited time offer, download now:
http://ftp.tomcity.ru/incoming/free/FOI2009.zip
Sample:
0926010576.txt * Mann: working towards a common goal
1189722851.txt * Jones: “try and change the Received date!”
0924532891.txt * Mann vs. CRU
0847838200.txt * Briffa & Yamal 1996: “too much growth in recent years makes it difficult to derive a valid age/growth curve”
0926026654.txt * Jones: MBH dodgy ground
1225026120.txt * CRU’s truncated temperature curve
1059664704.txt * Mann: dirty laundry
1062189235.txt * Osborn: concerns with MBH uncertainty
0926947295.txt * IPCC scenarios not supposed to be realistic
0938018124.txt * Mann: “something else” causing discrepancies
0939154709.txt * Osborn: we usually stop the series in 1960
0933255789.txt * WWF report: beef up if possible
0998926751.txt * “Carefully constructed” model scenarios to get “distinguishable results”
0968705882.txt * CLA: “IPCC is not any more an assessment of published science but production of results”
1075403821.txt * Jones: Daly death “cheering news”
1029966978.txt * Briffa – last decades exceptional, or not?
1092167224.txt * Mann: “not necessarily wrong, but it makes a small difference” (factor 1.29)
1188557698.txt * Wigley: “Keenan has a valid point”
1118949061.txt * we’d like to do some experiments with different proxy combinations
1120593115.txt * I am reviewing a couple of papers on extremes, so that I can refer to them in the chapter for AR4
I was the first at WUWT to see the comment above and immediately embargoed it. After discussions and many phone calls, we finally began to refer to the information after, and only after, we saw that it was available elsewhere, such as The Air Vent, and also after we knew that CRU was aware that it was circulating on the web.
Gavin’s elaborate description of the hacking attempt at RC is, in my humble opinion, nothing more than an attempt to add meat to the hacking theory in order to increase the vilification of the theoretical hackers. Gavin has demonstrated this kind of misdirection in the past in the Mystery Man incident where he attempted to obfuscate his own involvement in a data correction to station files held by the British Antarctic Survey. In this new spirit of transparency Gavin, why don’t you send Anthony the log files that demonstrate this attempted break in at realclimate.org?
After all, this is a criminal act of vandalism and of harassment of a group of scientists that are only going about their business doing science. It represents a whole new escalation in the war on climate scientists who are only trying to get at the truth. Think — this was a very concerted and sophisticated hacker attack. …Or at the next level, since the forces of darkness have moved to illegal operations, will we all have to get bodyguards to do climate science?
Sigh…and sigh again.
Theory number two is the preferred explanation of, for want of a better term, the Skeptics Camp. It is a romantic thought. Some CRU employee, fed up with the machinations, deceit, and corruption of science witnessed around him or her, took the noble action of becoming whistle-blower to the world, bravely thrusting the concealed behavior and data into the light for all to see. This theory is attractive for all the right reasons. Personal risk, ethics, selflessness etc.
I would like to offer a third possibility based on a bit of circumstantial evidence I noticed on the Web Saturday afternoon.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
A short time ago there was a previous leak of CRU data by an insider. In this case, Steve McIntyre acquired station data which he had been requesting for years, but someone inside CRU unofficially made the data available.
In this case, many commentators had various guesses as to the motivation or identity of the disgruntled mole even proposing that perhaps a disgruntled William Connelly was the perpetrator.
Of course it turned out the Phil Jones, director of CRU, himself had inadvertently left the data on an open FTP server.
Many have begun to think that the zip archive FOI2009.zip was prepared internally by CRU in response to Steve McIntyre’s FOI requests, in parallel with attempts to deny the request in case the ability to refuse was lost. There are many reasons to think this is valid and it is consistent with either of the two theories at the beginning of this post. Steve McIntyre’s FOI appeal was denied on November 13th and the last of the emails in the archive is from November 12th.
It would take a hacker massive amounts of work to parse through decades of emails and files but stealing or acquiring a single file is a distinct possibility and does not require massive conspiracy. The same constraints of time and effort would apply to any internal whistle blower. However, an ongoing process of internally collating this information for an FOI response is entirely consistent with what we find in the file.
In the past I have worked at organizations where the computer network grew organically in a disorganized fashion over time. Security policies often fail as users take advantage of shortcuts to simplify their day to day activities. One of these shortcuts is to share files using an FTP server. Casual shortcuts in these instances may lead to gaping security holes. This is not necessarily intentional, but a consequence of human nature to take a shortcut here and there. This casual internal sharing can also lead to unintentional sharing of files with the rest of the Internet as noted in the Phil Jones, CRU mole, example above. Often the FTP server for an organization may also be the organization’s external web server as the two functions are often combined on the same CPU or hardware box. When this occurs, if the organization does not lock down their network thoroughly, the security breaches which could happen by accident are far more likely to occur.
Since Friday November 20th a few users noticed this interesting notice on the CRU website.
This website is currently being served from the CRU Emergency Webserver.
Some pages may be out of date.
Normal service will be resumed as soon as possible.
Here is a screen grab for posterity.
So as part of the security crackdown at CRU they have taken down their external webserver? Network security professionals in the audience will be spitting up coffee all over their keyboards at this point.
So this is my theory is and this is only my theory:
A few people inside CRU possessed the archive of documents being held in reserve in case the FOI appeal decision was made in favor of Steve McIntyre. They shared it with others by putting it in an FTP directory which was on the same CPU as the external webserver, or even worse, was an on a shared drive somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available. Then, along comes our “hackers” who happened to find it, download it, and the rest is history unfolding before our eyes. So much for the cries of sophisticated hacking and victimization noted above.
If I had to bet money, I would guess that David Palmer, Information Policy & Compliance Manager, University of East Anglia, has an even chance of being the guilty party, but it would only be a guess.
To repeat the basic premise of this theory.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
™ CRUtape Letters, is a trademark of Moshpit Enterprises.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
PS: One obvious reform would be to provide funding somehow so that all science journals could move online, enabling online critiques–including critiques before “official” publication. It would be harder for gatekeepers to censor one side and promote the other in such a context, harder to pack the deck of peer reviewers, harder to intimidate editors, etc.
@Paul K2 (16:58:37) :
I don’t believe a court rules on FOI requests, so a lot of what you’ve said isn’t relevant. It is only if a rejected FOI request is appealed is there a possibility of it going to court… and it’s only a possibility.
Also, I’m not confident that there was a cyberattack on RealClimate. The impression I got was that the person who made that original post tried to do so at a number of sites. Both WUWT and CA have, from memory, acknowledged that they received that post but declined to put it up. I strong suspect that the same happened at RC. If that’s the case, calling it an cyberattack is really stretching the truth.
However, assuming the people at RC have called in the police, I think we should leave it to the authorities to determine if there was an attack, and, if so, where it came from.
I like theory three.
If any of the Team are reading this, there is this neat thing called the “Scientific Method” It has been around a while although I suspect Dr. Jones and the Team have never heard of it as they seem unfamiliar with its basic principles.
I suggest they give it a go. The most important part of the method is called “Testing the hypothesis”. What you do is use your theory to make a prediction about the real world and then go and have a look at the real world and see if your prediction is correct. If you make predictions that are wrong, then your theory is wrong and needs to be discarded.
For example, global warming theory says the temperature of the world is sensitive to changes in atmospheric CO2. A prediction might therefore be that there is always a close correlation between changes in CO2 and changes in temperature.
The theory also says there will be a hot spot in the troposphere. And it predicts there will be a positive feedback warming from water vapour. These can all be tested by looking at the real world. Not by looking at models though.
What puzzles me is that experiments to test this sort of thing are not very difficult to do. In fact I think some of them have been done. I’m sure clever people like Professor Lindzen or Dr. Christie could help them if they don’t know how to do this.
Why did the Team skip past the testing bit and move straight on to the predictions about what is going to happen 100 years from now. Wouldn’t it be a good idea to test the theory first?
Just a thought is all.
Theory Four
Based on Steve (Paris) (11:19:49)who said “To follow on, Gavin’s defense has in many ways been remarkably slick. If the ‘hacked’ file had been carefully cherry picked (just enough to look authentic, but also open to plausible counter-arguments) the surely a counter defense would have been prepared in parallel? They may be without ethics but dumb they ain’t. Do we know who the chess player is on the team?
And on NK (10:17:16) who said; “TO ALL–BTW, a distinct lack of trolls on this thread. While the lack of trolls takes away some entertainment value, it leaves the comments to be all high quality thoughtful stuff. Back to the trolls, I think even they know this IS REALLY BAD for the Church of AGW.”
(I did wonder that the AGW faithful had little to say on this beond “nothing to see hear – move along”. Are they going along with something they know will come to nothing?)
Also on the statement from the Met Office; “A spokesman at the Met Office, which jointly produces global temperature datasets with the Climate Research Unit, said there was no need for an inquiry. “If you look at the emails, there isn’t any evidence that the data was falsified and there’s no evidence that climate change is a hoax…”
(Is the file really as damaging as some say?)
h/t to Mike G (13:00:49) and Harold Morris (14:12:30) who got there before me although Robinson (14:34:02) finds this nerve a little too raw.
So theory four goes like this.
1/ They want to get their detractors off their backs for a while. Maybe they are getting too close to the really damming stuff for comfort.
2/ They construct a file of “superficially” damaging information but which they know will do them no real damage. All the really damaging stuff has meanwhile been locked up good and tight or deleted (by a mysterious unknown hacker).
3/ They add in a whole lot of neutral stuff to fill it out and deliberately leak it by proxy (they are known to have sympathetic contacts in Turkey for example) into the public domain.
4/ Then they cry foul – “look at how the nasty skeptics treat us poor honest scientists” – and call for an investigation into the “hack” and (maybe if you must) into the leaked data, in order to get a waver on any investigation into all the data they didn’t release which has “got lost” anyway.
So far it is working out quite nicely for them.
Okay, I made my last post too fast. There IS evidence that RC was hacked:
http://camirror.wordpress.com/2009/11/23/a-miracle-just-happened/
My view is that the timing re the refusal of Steve’s FOI request points to this being an archive of relevant material prepared for and probably transmitted to the legal counsel advising the University on its response.
Counsel would have made its recommendation to decline several days before the decision was advised to Steve. At the same time it would have told the University to archive the material as a protection against any subsequent legal challenge and accusations of destruction of material. The archive would have been updated to that point and probably transmitted to counsel for approval and safe-keeping.
I would advocate for the wiki article to be simply called Climategate:
http://en.wikipedia.org/wiki/Climatic_Research_Unit_e-mail_hacking_incident#Reactions
Either way, this article is just a little seedling compared to what will eventually look like.
Good job to the authors for getting it started.
Tree Ring Circus™
Actually it’s the lack of a smoking gun that seems to be the norm when the data and methods are scrutinized by an outsider.
mlsimon (19:49:30) :
Tree Ring Circus™
I posted that months ago. I even called for sending Michael Mann to siberia in exhile to sample a few more trees and round out an adequate sample size.
jeez (13:22:41) “It’s just weather”
The current traffic represents an opportunity to reach a wide audience with the main messages about natural climate variation. My instinct at this time might be to make every 2nd post a quick “remake” of a classic or a cut/paste of a recent abstract that directs attention towards natural variation classics – (short & sweet stuff). At a time like this it is easy to forget that a lot of the extra traffic may never have even heard of things as basic as PDO; it’s a teachable moment …and throwing up interesting wallpaper for the guests needn’t become a laborious endeavor, but if it’s not feasible, no worries – and whatever – and rest assured that the tireless volunteer hours are appreciated. Best Regards.
They know what they are doing. And what they are doing is very bad, and they do not care.
“This is what they did — these climate “scientists” on whose unsupported word the world’s classe politique proposes to set up an unelected global government this December in Copenhagen, with vast and unprecedented powers to control all formerly free markets, to tax wealthy nations and all of their financial transactions, to regulate the economic and environmental affairs of all nations, and to confiscate and extinguish all patent and intellectual property rights.”
http://pajamasmedia.com/blog/viscount-monckton-on-global-warminggate-they-are-criminals-pjm-exclusive/
So as part of the security crackdown at CRU they have taken down their external webserver? Network security professionals in the audience will be spitting up coffee all over their keyboards at this point.
Well, it was Egg Nog and I managed to stop it on the sleeve… 😉 but I think you are on to something here…
That the web server was taken down is a “smoking gun” as to where they think the leak happened. I’d guess it is a “one box does all” set up. Web servers (inside and out), FTP servers (inside and out), maybe even EMAIL and DHCP (though perhaps only the outside visible half – but I’ve had sites that demanded both on the one box…) IFF they were really sloppy, they might have had a VPN server on the same box… (Bad JuJu… dedicated VPN only, please!)
The pattern of data in the file had been nagging at me. HOW, I wondered, had the “hacker” spent the months it would take to accumulate all this stuff, but NOT all the “Coffee at Tims”, “Don’t park in Bobs Space”, “Mary will be out Tuesday” etc.
Either they had to download Gigs of data and weed it all out… or they had to spend a very large time “exposed” on the inside.
But I had no good thesis to explain away the “problems” of massive volume, or large work, (or both) and long exposure times.
An insider, working to meet the requirements of an FOIA, filtering to just that stuff, and batching it up with a “release to FTP” script who fumbles a “move to archive” into a “move to FTP server” fits.
So this is my theory is and this is only my theory:
MODERATOR: I think you have one too many “IS” is..
[Reply: Yeah, I finished it off and did a bad job from memory only of making a too obscure reference to this, which I was hoping someone might notice. ~ charles the sometimes sloppy moderator]
If I had to bet money, I would guess that David Palmer, Information Policy & Compliance Manager, University of East Anglia, has an even chance of being the guilty party, but it would only be a guess.
In my experience, the IP and Compliance folks don’t make that kind of mistake. They create the file, but some other party does the “move to server / set up account for distribution / set access bits” part of the job. I would expect that to be the person… Perhaps a junior sys admin and maybe even a student working in the data center as an intern.
So David Palmer is very likely talking with Someone Right Now… And in about 2 weeks, you will see an advert for “Position Open” at UEA… And then you will know who…
And as a guess, I would say the “Webmaster / FTP Admin” is a combined position (person responsible for external servers) and managed to “ham hand” some permissions issue so that the “visible to the inside FOIA file” became “visible to both with pub access” instead of “Taken off server to archive”…
mv FOIA.txt inside:/ftp/server/dpalmer/FOIA.txt
or
mv FOIA.txt outside:/pub/server/dpalmer/FOIA.txt
It could really be that simple. Then “somebody” sees it, and runs with it.
It all fits. Very very nicely.
A little time with the ftp server logs would pretty much tell you everything you needed to know. The individual machine “command log” would confirm it. Whenever they come back up on the ‘regular’ machines, doing “host http://ftp.uea.ac.uk” (or whatever the real name is) and doing the same on the web server ought to show up the IPs, then attempting service connects to those IPs would confirm if they were the same box…
FWIW: I always had a battle with “upper management” over number of servers. My mantra was “One Service, One Server”. They (I think at Microsoft prompting) were always pushing to have multiple services loaded on one (typically Windows) box. The hardware costs are near nothing and the labor costs go way down with multiple boxes while reliability / availability go way up.
I wanted it to be very hard for a bug in, say, the email daemon to bring down the FTP server, or an FTP security hole to expose the email server. I also wanted the FTP server to still work even if the email server hung (or was getting maintenance).
It makes things much more secure and much easier to maintain if you have a “network switch” with a rack of gear plugged into it, a couple of routers, and each box has only the minimum software to do it’s job.
There were times a service died, and within minutes we were back up via a simple disk image swap into another generic PC box. And there were times that someone would try to hack the web server, but that did nothing to email flow. If I were doing it now, the only thing I would change is that I would build the server image onto a Bootable CD. Can’t hack a write only image very well… and if you need to replace a server, it’s just spit out CD, move one box over, boot.
Don’t know, really, why the Finance and Legal guys always want to push for the One Big Box solution. It leads to stuff like accidental file leaks… and the more services there are running on a box, the more likely it is that you can find one with an exploit to use…
With resepect to the hypothesis that the archives were put together for deletion:
Why wouldn’t you just delete them? And even if you weren’t going to just delete them, it would be insance to store such an archive on anything other than offline storage (a DVD having more than enough space to store the entire archive). The theory is far too complicated.
Who would have put this archive together? Answer: the “FOI people” who are mentioned in a number of the emails. There are most certainly university staff who have a legal responsibility to address FOIA requests with due dilligence.
The smoking gun for “FOI poeple” is that routing headers have been stripped off all the emails. There’s no reason why Phil Jones would have done this. No reason why a russian hacker would have done this. A very remote possibility that a whistelblower might have done this. But the simple explanation is that an FOIA officer would have stripped the headers, in preparation for releasing the emals, becuase leaving the headers in place would have disclosed sensitive information about university IT infrastructure.
Re: chainpin (09:18:31)
who suggested that there was some damning material that you wouldn’t have needed to include for a FOI response. I agree, but suppose that what we have seen is merely the first draft. This could have been created using keyword searches based on Steve’s request, then put on the FTP server for everyone to have a go at deletions. But just then (next day) Steve’s request was turned down and the immediate need for deletions passed. So everyone forgot about and it stayed there as an unmodified first draft.
I’d also like to echo Paul Vaughan’s earlier comment: “The current traffic represents an opportunity to reach a wide audience with the main messages about natural climate variation.”
The intermittent availability of CA over the weekend is a tragic lost opportunity. The story that’s not getting told that needs to be told: what’s special about this data. As a long-time follower of CA, I know exactly what’s special about that data, and why the revelations in the archive are so directly on-point to McIntyre’s tireless efforts to understand how one of the most important graphs of the decade was constructed.
A summary article would be much appreciated.
One very good piece of advice from Phil Jones: keep it short. MSM lives eats and breathes sound-bytes.
Graeme W (19:08:06) :
@Paul K2 (16:58:37) :
Also, I’m not confident that there was a cyberattack on RealClimate. The impression I got was that the person who made that original post tried to do so at a number of sites. Both WUWT and CA have, from memory, acknowledged that they received that post but declined to put it up. I strong suspect that the same happened at RC. If that’s the case, calling it an cyberattack is really stretching the truth.
What happened at RC was that the file containing the emails etc. was mounted on RC by the ‘hacker’ (access to RC was blocked for a while) and a link to it was posted on CA.
Phil. (22:11:01) : says
Inquiring minds wonder how Phil. knows so much about what happened at RC.
So, all of this data, even if, worst-case scenario, it was stolen, should have been made public via the FOI act. That’s good enough for me.
Sorry for all of the commas. Grammar my not is good.
Mike D. (17:08:34) :
Might be a good idea to also trademark:
CRUcuts
Philip’s CRU
aCRUphobia
CRUditties
unCRUoperative
sCRUdroyal
Sham Wow!
====
You missed the best one (because it’s a term that can be slipped into lots of comments about CAWG as a way to needle the opposition): CRUsade.
Response to Graeme W (19:08:06) : You said there wasn’t any legal review unless the FOI request went to appeal. McIntyre’s request did go to appeal, which he lost just before the cyber attacks.
Here is my take on who the criminal investigation:
From normal criminal investigative methods, the cyber attacks were likely the work of a group of criminals, as it is unlikely these complex and orchestrated attacks were the work of only one person. The prime suspects should include people who had motive, means, and were familiar with the crime scene. In other words, a group who knew about the file of emails, where it was located, and how to find it, then had the motive and capability to pull off this series of attacks.
I would hope that the group associated with McIntyre’s appeal will be thoroughly investigated, since they normally would be considered prime suspects. The fact the attacks occurred immediately after this group lost their appeal would be consistent with an end run by this group around Britain’s laws.
Has anyone asked McIntryre whether he is sure his group wasn’t involved in these cyber attacks? If any of the people working with him were involved, it could pose a serious legal concern.
Paul K2
Orchestrated? You’ve been watching too many movies. There’s one file and it showed up on one ftp server and there were a few blog comments. There is the possibility that RC was hacked, but even this may not have required much sophistication. If I am wrong and this is Theory Number 2, an insider, he or she likely had access to RC user and password information.
SHOW US THE SERVER LOGS GAVIN! WHO LOGGED IN AT THE TIME OF THE “BREAK IN”?
Charles, I think orchestrated is the key word that describes these cyber attacks. The idea that this could be the work of one individual is pretty low. Clearly someone knew about the existence of the file, where it was located, how to retrieve it, and was cognizant and well informed on the status of McIntryre’s appeal of FOI denial. Then they constructed a cyber trail of servers to hide their identity, hacked the server, retrieved the file.
Then they knew how to hack the RealClimate system… I tried to visit RC during or immediately after the attack, and found the site down, so this wasn’t a simple attack. It would have been helpful to hacking RC if the hackers had previously exchanged files with RC. The same is true of the cyber attack in Britain. This points to someone, or a group, that had communicated with the sites, so this seem to implicate someone working on or against climate science.
After hacking the RC site, they had a fake post prepared, and knew how to post it on the site. In addition, key resource personnel who might be sympathetic to their political agenda received the file information before or simultaneously with the attack of RC.
All of this points to a very orchestrated attack that required a spectrum of skills and specific information not generally available to a single would be hacker who stumbled over an exposed internet server file. It is far more likely that a group planned and committed this series of criminal cyber attacks. It is unlikely, this was all pulled off by just one disgruntled CRU worker.
Paul K2
You show little knowledge of what is required here or what the circumstantial evidence shows. The fact that UEA CRU took their webserver offline shows a gaping security hole–one person, perhaps someone who just stumbled in through an open door could have downloaded the file.
I myself found and downloaded unpublished Catlin Expedition Videos exactly that way. No hacking required.
The use of proxy servers is extremely common among net citizens wishing to remain anonymous including many computer illiterates. Using a “Turkish server” requires no sophistication, just changing your proxy setting on your browser.
Have Gavin show us the server logs showing a true cyberattack and you may have something. His history of misdirection noted in the original post is on record. I am not asking for an IP address of a proxy server. I want the server logs.
Roger Knights (22:53:47) says,
“You missed the best one […]: CRUsade.”
Ooh, that’s CRUel, exCRUciating.
We could keep it quite simple: CRUd.
I have prepared files like these in the past for passing on to my Government Department’s lawyer. They takes ages. Days and days, involving everybody who had any relevant material.
There is no way that an outside hacker could have assembled this by combing the files. They would just take everything and leave it up to us to sort it out. I would have sold it to a journalist myself. It has to be either inside job or screw up.
find the notion that HATCRU would engage in a systematic coverup of an approved FOI request not credible.
They will not have seen it that way. They will have seen it as protecting “their” information. Protecting their careers too, for that matter.
Many people, even when they know not to much around with this sort of stuff, can’t bring themselves to disclose fully. I know that I have been tempted to let particularly embarrassing material find its way to a shredder.
Perhaps they they suggested deleting it all. A leak from someone not complicit in the material but who stood to lose from an illegal activity (lawyer, IT guy) would make sense.
I think that so far everyone has been barking up the wrong tree.
Given that the empirical evidence for cooling over the last decade is all but irrefutable I happen to think that the poor, formerly useful idiots at the CRU have been hung out to dry by their betters and erstwhile patrons in the Climate Racket Party as a form of damage control / plausible deniability.
The Communists used to do this all the time prior to a sea change in hitherto unalterable policy.
Look forward too massive amounts hand-wringing and angst among the Climate Racket Party’s Politburo over the coming months over how they were tricked and let astray down the wrong path by a few deviationists in the CRU.
So look out for the emergence of a new Global Cooling / Ice Age (ala the 1970s) scare over the next few years still under the rubric of climate change all in the name of reform.
“Meet the new boss, same as the old boss…”