By charles the moderator
Rodin’s The Thinker at the Musée Rodin.
Author CJ. Licensed under Creative Commons.
I have a theory.
With the blogosphere all atwitter about the emails and data “stolen” from the Climatic Research Institute at the University of East Anglia, two theories have become dominant describing the origin of the incident.
- CRU was hacked and the data stolen by skilled hackers, perhaps an individual or more insidiously some sophisticated group, such as Russian agents.
- An insider leaked the information to the NSM (non-mainstream media)
Theory number one is the preferred explanation of the defenders of CRU. This allows them to portray CRU as victims of illegal acts. It allows them to scream bloody murder and call for an investigation of the crime. How can we take the fruits of hideous crime seriously? The end does not justify the means!
One of our favorite writers, Gavin Schmidt, has expanded on this theme with the report:
He [Gavin] said the breach at the University of East Anglia was discovered after hackers who had gained access to the correspondence sought Tuesday to hack into a different server supporting realclimate.org, a blog unrelated to NASA that he runs with several other scientists pressing the case that global warming is true.
The intruders sought to create a mock blog post there and to upload the full batch of files from Britain. That effort was thwarted, Dr. Schmidt said, and scientists immediately notified colleagues at the University of East Anglia’s Climatic Research Unit.
http://www.nytimes.com/2009/11/21/science/earth/21climate.html
I believe the above statement by Gavin to be a big bunch of hooey. I believe the “hack” was a posting of the same blog comment which was posted at The Air Vent
which was also submitted here at WUWT, but never was visible publicly, because all comments are moderated and publicly invisible until approved by an administrator or moderator. Many of you have already seen it:
We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents.
Hopefully it will give some insight into the science and the people behind it.
This is a limited time offer, download now:
http://ftp.tomcity.ru/incoming/free/FOI2009.zip
Sample:
0926010576.txt * Mann: working towards a common goal
1189722851.txt * Jones: “try and change the Received date!”
0924532891.txt * Mann vs. CRU
0847838200.txt * Briffa & Yamal 1996: “too much growth in recent years makes it difficult to derive a valid age/growth curve”
0926026654.txt * Jones: MBH dodgy ground
1225026120.txt * CRU’s truncated temperature curve
1059664704.txt * Mann: dirty laundry
1062189235.txt * Osborn: concerns with MBH uncertainty
0926947295.txt * IPCC scenarios not supposed to be realistic
0938018124.txt * Mann: “something else” causing discrepancies
0939154709.txt * Osborn: we usually stop the series in 1960
0933255789.txt * WWF report: beef up if possible
0998926751.txt * “Carefully constructed” model scenarios to get “distinguishable results”
0968705882.txt * CLA: “IPCC is not any more an assessment of published science but production of results”
1075403821.txt * Jones: Daly death “cheering news”
1029966978.txt * Briffa – last decades exceptional, or not?
1092167224.txt * Mann: “not necessarily wrong, but it makes a small difference” (factor 1.29)
1188557698.txt * Wigley: “Keenan has a valid point”
1118949061.txt * we’d like to do some experiments with different proxy combinations
1120593115.txt * I am reviewing a couple of papers on extremes, so that I can refer to them in the chapter for AR4
I was the first at WUWT to see the comment above and immediately embargoed it. After discussions and many phone calls, we finally began to refer to the information after, and only after, we saw that it was available elsewhere, such as The Air Vent, and also after we knew that CRU was aware that it was circulating on the web.
Gavin’s elaborate description of the hacking attempt at RC is, in my humble opinion, nothing more than an attempt to add meat to the hacking theory in order to increase the vilification of the theoretical hackers. Gavin has demonstrated this kind of misdirection in the past in the Mystery Man incident where he attempted to obfuscate his own involvement in a data correction to station files held by the British Antarctic Survey. In this new spirit of transparency Gavin, why don’t you send Anthony the log files that demonstrate this attempted break in at realclimate.org?
After all, this is a criminal act of vandalism and of harassment of a group of scientists that are only going about their business doing science. It represents a whole new escalation in the war on climate scientists who are only trying to get at the truth. Think — this was a very concerted and sophisticated hacker attack. …Or at the next level, since the forces of darkness have moved to illegal operations, will we all have to get bodyguards to do climate science?
Sigh…and sigh again.
Theory number two is the preferred explanation of, for want of a better term, the Skeptics Camp. It is a romantic thought. Some CRU employee, fed up with the machinations, deceit, and corruption of science witnessed around him or her, took the noble action of becoming whistle-blower to the world, bravely thrusting the concealed behavior and data into the light for all to see. This theory is attractive for all the right reasons. Personal risk, ethics, selflessness etc.
I would like to offer a third possibility based on a bit of circumstantial evidence I noticed on the Web Saturday afternoon.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
A short time ago there was a previous leak of CRU data by an insider. In this case, Steve McIntyre acquired station data which he had been requesting for years, but someone inside CRU unofficially made the data available.
In this case, many commentators had various guesses as to the motivation or identity of the disgruntled mole even proposing that perhaps a disgruntled William Connelly was the perpetrator.
Of course it turned out the Phil Jones, director of CRU, himself had inadvertently left the data on an open FTP server.
Many have begun to think that the zip archive FOI2009.zip was prepared internally by CRU in response to Steve McIntyre’s FOI requests, in parallel with attempts to deny the request in case the ability to refuse was lost. There are many reasons to think this is valid and it is consistent with either of the two theories at the beginning of this post. Steve McIntyre’s FOI appeal was denied on November 13th and the last of the emails in the archive is from November 12th.
It would take a hacker massive amounts of work to parse through decades of emails and files but stealing or acquiring a single file is a distinct possibility and does not require massive conspiracy. The same constraints of time and effort would apply to any internal whistle blower. However, an ongoing process of internally collating this information for an FOI response is entirely consistent with what we find in the file.
In the past I have worked at organizations where the computer network grew organically in a disorganized fashion over time. Security policies often fail as users take advantage of shortcuts to simplify their day to day activities. One of these shortcuts is to share files using an FTP server. Casual shortcuts in these instances may lead to gaping security holes. This is not necessarily intentional, but a consequence of human nature to take a shortcut here and there. This casual internal sharing can also lead to unintentional sharing of files with the rest of the Internet as noted in the Phil Jones, CRU mole, example above. Often the FTP server for an organization may also be the organization’s external web server as the two functions are often combined on the same CPU or hardware box. When this occurs, if the organization does not lock down their network thoroughly, the security breaches which could happen by accident are far more likely to occur.
Since Friday November 20th a few users noticed this interesting notice on the CRU website.
This website is currently being served from the CRU Emergency Webserver.
Some pages may be out of date.
Normal service will be resumed as soon as possible.
Here is a screen grab for posterity.
So as part of the security crackdown at CRU they have taken down their external webserver? Network security professionals in the audience will be spitting up coffee all over their keyboards at this point.
So this is my theory is and this is only my theory:
A few people inside CRU possessed the archive of documents being held in reserve in case the FOI appeal decision was made in favor of Steve McIntyre. They shared it with others by putting it in an FTP directory which was on the same CPU as the external webserver, or even worse, was an on a shared drive somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available. Then, along comes our “hackers” who happened to find it, download it, and the rest is history unfolding before our eyes. So much for the cries of sophisticated hacking and victimization noted above.
If I had to bet money, I would guess that David Palmer, Information Policy & Compliance Manager, University of East Anglia, has an even chance of being the guilty party, but it would only be a guess.
To repeat the basic premise of this theory.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
™ CRUtape Letters, is a trademark of Moshpit Enterprises.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
charles the moderator (02:03:06) :
Check this and reconsider your position:
http://www.opsi.gov.uk/acts/acts1990/UKpga_19900018_en_1.htm
1 Unauthorised access to computer material(1)
A person is guilty of an offence if—
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
(2) The intent a person has to have to commit an offence under this section need not be directed at-
(a) any particular program or data;
(b) a program or data of any particular kind; or
(c) a program or data held in any particular computer.
(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.
Jurisdiction
4 Territorial scope of offences under this Act
1) Except as provided below in this section, it is immaterial for the purposes of any offence under section 1 or 3 above-
(a) whether any act or other event proof of which is required for conviction of the offence occurred in the home country concerned; or
(b) whether the accused was in the home country concerned at the time of any such act or event.
(2) Subject to subsection (3) below, in the case of such an offence at least one significant link with domestic jurisdiction must exist in the circumstances of the case for the offence to be committed.
(3) There is no need for any such link to exist for the commission of an offence under section 1 above to be established in proof of an allegation to that effect in proceedings for an offence under section 2 above.
(4) Subject to section 8 below, where-
(a) any such link does in fact exist in the case of an offence under section 1 above; and
(b) commission of that offence is alleged in proceedings for an offence under section 2 above;
section 2 above shall apply as if anything the accused intended to do or facilitate in any place outside the home country concerned which would be an offence to which section 2 applies if it took place in the home country concerned were the offence in question.
(5) This section is without prejudice to any jurisdiction exercisable by a court in Scotland apart from this section.
17
Interpretation
(1) The following provisions of this section apply for the interpretation of this Act.
(2) A person secures access to any program or data held in a computer if by causing a computer to perform any function he—
(a) alters or erases the program or data;
(b) copies or moves it to any storage medium other than that in which it is held or to a different location in the storage medium in which it is held;
(c) uses it; or
(d) has it output from the computer in which it is held (whether by having it displayed or in any other manner);
and references to access to a program or data (and to an intent to secure such access) shall be read accordingly.
(5) Access of any kind by any person to any program or data held in a computer is unauthorised if-
(a) he is not himself entitled to control access of the kind in question to the program or data; and
(b) he does not have consent to access by him of the kind in question to the program or data from any person who is so entitled
It does not have to be locked away behind a security screen. If you were not explicitly given access then you are guilty!
Take care!
Wikipedia articles that should record this event in a neutral and balanced manner, with journalist-written sources (best to discuss on the talk page, don’t just start editing directly):
http://en.wikipedia.org/wiki/Climatic_Research_Unit_e-mail_hacking_incident
http://en.wikipedia.org/wiki/Phil_Jones_(climatologist)
http://en.wikipedia.org/wiki/Michael_E._Mann
http://en.wikipedia.org/wiki/Hockey_stick_controversy
Inside job by someone in the know and who saw the import of the emails. Emails are examined all the time and there would a number who knew what had been said. If you faced with this content and realize consequences it would be very hard for anyone with a conscience to ignore it. Email users think they are private communications but they seen by many eyes. Even deleted by the originator they are kept by law usually and on backup tapes. The content of a FOI would be chosen carefully and vetted this is a dump of mail and attachments. The originators did not keep them personally for so many years they came from a backup or such. Who did it? I am damn sure if I did it you would not find out and if I had been in that position I would have.
edrowland a fair number I have seen do have headers and very sensitive information. Some have sufficient info to email all the major players in the AGW camp. There are over a thousand emails this is a dump not an FOI.
Paul Vaughan (20:19:17) : jeez (13:22:41) “It’s just weather”…..
The current traffic represents an opportunity to reach a wide audience with the main messages about natural climate variation. My instinct at this time might be to make every 2nd post a quick “remake” of a classic…
I’d second that. Heh, and plug my own primer (click on my name!) and, yes, a few others like James Peden.
Hard to believe they would have put such juicy stuff in a single file to turn over in case they last the FOIA contest. Rather, they would have put only the bare minimun to comply with the request or “inadvertently” lost anything this juicy in the compilation process. Forgive me if this has already been discussed. At work and don’t have time to read the whole thread…
lucy skywalker……excellent site
Interesting.
But if this was the material prepared for FOI release, it would be unusual to add so many ‘smoking guns’ to the file. Why not choose some really innocuous emails instead? This theory also implies that even more explosive emails remain somewhere, which are being deleted as we speak.
I think the whistle-blower theory is best. Is there any common link between these emails – and common denominator in the addressees?
.
A monster thread, so this may well have already been said. But what if FOI2009.zip was indeed prepared in response to an FOI request, but instead of being the stuff they were planning to release, it is in fact the more embarrassing stuff they had excluded?
That makes more sense to me. Most of this is not appropriate as a response to an FOI request. Explicit budgets, most of the emails, etc.
Here’s another theory, apologies if someone else already mentioned it:
The info was leaked intentionally by the CRU in order to control the story. If they knew the info would have to come out soon because of the FOIA request, releasing it now and pretending that hackers stole it changes the story from:
“Climate Scientists forced to reveal damning evidence”
to
“Hackers steal private Climate Scientists’ conversations, misinterpret frank discussions”
Awesome! You should be a detective!
The name, John Holdren (Obama’s Science Czar) shows up in 6 of the e-mail streams. Five are merely cc:-s, but one to Michael Mann is from Holdren where he pokes fun at his “Harvard” colleagues Soon and Baliunas (1066337021).
Steve Fitzpatrick (10:29:32) wrote:
“I’ll bet the Team will be making more phone calls in place of email messages when the subject matter is (how shall we say) “sensitive” in nature.”
Yes, as the saying goes, the “E” in “E-mail” stands for:
“Embarassing,”
“Evil” and
“Everlasting”
Charles – I think you are being too simplistic, and ignoring the most likely scenario. The idea that a file created for FOI purposes, i.e. legal reasons, was left unprotected, and someone came along and just stumbled over it is pretty naive.
Other commentators seem to be reading too many romantic novels, if I have “been watching too many movies”. They have the idea that this is the work of a HadCRU insider. OK, perhaps a misguided worker would take the risk of releasing the file, but why would they orchestrate a cyber attack on RC? They would be taking too many risks and committing too many felony acts.
I like the name ClimateGate for these events. Like Watergate, we know a ‘burglary’ was committed. Now we need to find the ‘burglar(s)’, and their bosses. It is pretty easy to identify the prime suspects; clearly suspicion should fall on McIntyre’s group who lost the appeal for the FOI release.
I believe the FOI compliance authorities knew about the file of emails, but declined to release it since the emails are not useful for scientific purposes, the reason M’s group sought FOI release. It is likely HadCRU has already addressed some of the FOI concealment concerns.
The most likely scenario is M’s group also knew about the file, and few days after losing the appeal, orchestrated the release in violation of the FOI appeal decision. This is similar to the kidnapping of a child, a few days after a father loses a custody trial… the suspicion would immediately fall on the father.
Are you certain that people associated with McIntyre didn’t release the information?
vboring (07:09:57) :
The ‘proactive’ approach? I think we may have a winner!
vboring (07:09:57) :
UPDATE
This, from climate depot, also suggests that you may be onto something.
http://www.bbc.co.uk/blogs/paulhudson/2009/11/climategate-cru-hacked-into-an.shtml
Of course, he could be lying in an effort to cover for them.
But then, not knowing what the real story is allows us to come up with alternatives, which gets us disagreeing with ourselves, and they can hide behind the dust that’s kicked up in the process. Multiple conflicting hypotheses on our end give them the advantage of accusing us of not knowing what we are talking about. It’s a strategy they often use, so why not in this case?
An investigation is needed. But I doubt it will happen. There are too many potential investigators who would be hurt by it, and who will also be trying to bury it.
Paul K2
Uh, yeah, because I am the one that told him about the existence of the file, and my roommate spent hours on the phone with Steve reading the contents of the emails to him because I wouldn’t even forward a copy or forward the link to the Russian ftp server. As I noted in the original post, we only began to even refer the to file publicly after, and only after it began circulating on the Internet and CRU was in the process of notifying its personnel internally.
Re: bill (03:34:08)
That’s the 2nd time bill has posted legal stuff in recent days.
bill, are you trying to hint that there is an alarmist plot to jail truth-seeking nonalarmists?
buncha CRUks
I’m a bit puzzled why someone has manually changed the timestamp of several files, including all the mailes, to 2009-01-01-06:00, the hour will differ with your timezone. Any idea why?
@ur momisugly vboring (07:09:57 24th Nov) & yonason (10:23:04 24th Nov)
see Mike G (13:00:49 23rd Nov), Harold Morris (14:12:30 23rd Nov) and Phil’s Dad (19:11:05 23rd Nov)
Let’s call it a winning streak
Phil’s Dad (16:29:16) :
I didn’t think of it, just added my 2cents worth to vboring’s insight. I think it’s a good gambit, better than remaining passive. That kind of thing is done all the time, and in the ensuing confusion, the perp usually gets away with it, and sometimes even advances his agenda. I think it’s a very plausible scenario.
Paul Vaughan (12:36:57) :
bill, are you trying to hint that there is an alarmist plot to jail truth-seeking nonalarmists?
There is no problem with truthor truth seeking. However no one seems to understand the Computer Misuse Act as I linked to.
1. You cannot access data you have not been given rightss to access – it is illegal even if it was no security protected.
2. England is the “defamation capital of the world” It costs a mere £1700 to set the ball rolling. The accused are not assumed innocent till proven guilty – they have to prove they are innocent. So all those accusations of “fraud” and “criminal” need to have real provable backing!!
Showed the file to one of my friends tonight, and he made what I think is a very insightful comment on this:-
“We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents.”
My friend’s first thought was it sounded like something a Civil Servant would say.
Sounds good to me, but I’ve had a few beers, so could be the fuddling the brain?
Tenuc (17:51:26) :
“Sounds good to me, but I’ve had a few beers, so could be the fuddling the brain?”
There’s only one way to be sure, run a controlled experiment. I’ll go ahead and consume a few beers, and I’ll get back to you.
Just for the record, I’m sober now, and it sounds like some anarchists’ manifesto, which, now that I think of it, could actually implicate the crew over at CRU.
And now: Ahhhh, Foster’s. The Aussies do it right!