By charles the moderator
Rodin’s The Thinker at the Musée Rodin.
Author CJ. Licensed under Creative Commons.
I have a theory.
With the blogosphere all atwitter about the emails and data “stolen” from the Climatic Research Institute at the University of East Anglia, two theories have become dominant describing the origin of the incident.
- CRU was hacked and the data stolen by skilled hackers, perhaps an individual or more insidiously some sophisticated group, such as Russian agents.
- An insider leaked the information to the NSM (non-mainstream media)
Theory number one is the preferred explanation of the defenders of CRU. This allows them to portray CRU as victims of illegal acts. It allows them to scream bloody murder and call for an investigation of the crime. How can we take the fruits of hideous crime seriously? The end does not justify the means!
One of our favorite writers, Gavin Schmidt, has expanded on this theme with the report:
He [Gavin] said the breach at the University of East Anglia was discovered after hackers who had gained access to the correspondence sought Tuesday to hack into a different server supporting realclimate.org, a blog unrelated to NASA that he runs with several other scientists pressing the case that global warming is true.
The intruders sought to create a mock blog post there and to upload the full batch of files from Britain. That effort was thwarted, Dr. Schmidt said, and scientists immediately notified colleagues at the University of East Anglia’s Climatic Research Unit.
http://www.nytimes.com/2009/11/21/science/earth/21climate.html
I believe the above statement by Gavin to be a big bunch of hooey. I believe the “hack” was a posting of the same blog comment which was posted at The Air Vent
which was also submitted here at WUWT, but never was visible publicly, because all comments are moderated and publicly invisible until approved by an administrator or moderator. Many of you have already seen it:
We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents.
Hopefully it will give some insight into the science and the people behind it.
This is a limited time offer, download now:
http://ftp.tomcity.ru/incoming/free/FOI2009.zip
Sample:
0926010576.txt * Mann: working towards a common goal
1189722851.txt * Jones: “try and change the Received date!”
0924532891.txt * Mann vs. CRU
0847838200.txt * Briffa & Yamal 1996: “too much growth in recent years makes it difficult to derive a valid age/growth curve”
0926026654.txt * Jones: MBH dodgy ground
1225026120.txt * CRU’s truncated temperature curve
1059664704.txt * Mann: dirty laundry
1062189235.txt * Osborn: concerns with MBH uncertainty
0926947295.txt * IPCC scenarios not supposed to be realistic
0938018124.txt * Mann: “something else” causing discrepancies
0939154709.txt * Osborn: we usually stop the series in 1960
0933255789.txt * WWF report: beef up if possible
0998926751.txt * “Carefully constructed” model scenarios to get “distinguishable results”
0968705882.txt * CLA: “IPCC is not any more an assessment of published science but production of results”
1075403821.txt * Jones: Daly death “cheering news”
1029966978.txt * Briffa – last decades exceptional, or not?
1092167224.txt * Mann: “not necessarily wrong, but it makes a small difference” (factor 1.29)
1188557698.txt * Wigley: “Keenan has a valid point”
1118949061.txt * we’d like to do some experiments with different proxy combinations
1120593115.txt * I am reviewing a couple of papers on extremes, so that I can refer to them in the chapter for AR4
I was the first at WUWT to see the comment above and immediately embargoed it. After discussions and many phone calls, we finally began to refer to the information after, and only after, we saw that it was available elsewhere, such as The Air Vent, and also after we knew that CRU was aware that it was circulating on the web.
Gavin’s elaborate description of the hacking attempt at RC is, in my humble opinion, nothing more than an attempt to add meat to the hacking theory in order to increase the vilification of the theoretical hackers. Gavin has demonstrated this kind of misdirection in the past in the Mystery Man incident where he attempted to obfuscate his own involvement in a data correction to station files held by the British Antarctic Survey. In this new spirit of transparency Gavin, why don’t you send Anthony the log files that demonstrate this attempted break in at realclimate.org?
After all, this is a criminal act of vandalism and of harassment of a group of scientists that are only going about their business doing science. It represents a whole new escalation in the war on climate scientists who are only trying to get at the truth. Think — this was a very concerted and sophisticated hacker attack. …Or at the next level, since the forces of darkness have moved to illegal operations, will we all have to get bodyguards to do climate science?
Sigh…and sigh again.
Theory number two is the preferred explanation of, for want of a better term, the Skeptics Camp. It is a romantic thought. Some CRU employee, fed up with the machinations, deceit, and corruption of science witnessed around him or her, took the noble action of becoming whistle-blower to the world, bravely thrusting the concealed behavior and data into the light for all to see. This theory is attractive for all the right reasons. Personal risk, ethics, selflessness etc.
I would like to offer a third possibility based on a bit of circumstantial evidence I noticed on the Web Saturday afternoon.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
A short time ago there was a previous leak of CRU data by an insider. In this case, Steve McIntyre acquired station data which he had been requesting for years, but someone inside CRU unofficially made the data available.
In this case, many commentators had various guesses as to the motivation or identity of the disgruntled mole even proposing that perhaps a disgruntled William Connelly was the perpetrator.
Of course it turned out the Phil Jones, director of CRU, himself had inadvertently left the data on an open FTP server.
Many have begun to think that the zip archive FOI2009.zip was prepared internally by CRU in response to Steve McIntyre’s FOI requests, in parallel with attempts to deny the request in case the ability to refuse was lost. There are many reasons to think this is valid and it is consistent with either of the two theories at the beginning of this post. Steve McIntyre’s FOI appeal was denied on November 13th and the last of the emails in the archive is from November 12th.
It would take a hacker massive amounts of work to parse through decades of emails and files but stealing or acquiring a single file is a distinct possibility and does not require massive conspiracy. The same constraints of time and effort would apply to any internal whistle blower. However, an ongoing process of internally collating this information for an FOI response is entirely consistent with what we find in the file.
In the past I have worked at organizations where the computer network grew organically in a disorganized fashion over time. Security policies often fail as users take advantage of shortcuts to simplify their day to day activities. One of these shortcuts is to share files using an FTP server. Casual shortcuts in these instances may lead to gaping security holes. This is not necessarily intentional, but a consequence of human nature to take a shortcut here and there. This casual internal sharing can also lead to unintentional sharing of files with the rest of the Internet as noted in the Phil Jones, CRU mole, example above. Often the FTP server for an organization may also be the organization’s external web server as the two functions are often combined on the same CPU or hardware box. When this occurs, if the organization does not lock down their network thoroughly, the security breaches which could happen by accident are far more likely to occur.
Since Friday November 20th a few users noticed this interesting notice on the CRU website.
This website is currently being served from the CRU Emergency Webserver.
Some pages may be out of date.
Normal service will be resumed as soon as possible.
Here is a screen grab for posterity.
So as part of the security crackdown at CRU they have taken down their external webserver? Network security professionals in the audience will be spitting up coffee all over their keyboards at this point.
So this is my theory is and this is only my theory:
A few people inside CRU possessed the archive of documents being held in reserve in case the FOI appeal decision was made in favor of Steve McIntyre. They shared it with others by putting it in an FTP directory which was on the same CPU as the external webserver, or even worse, was an on a shared drive somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available. Then, along comes our “hackers” who happened to find it, download it, and the rest is history unfolding before our eyes. So much for the cries of sophisticated hacking and victimization noted above.
If I had to bet money, I would guess that David Palmer, Information Policy & Compliance Manager, University of East Anglia, has an even chance of being the guilty party, but it would only be a guess.
To repeat the basic premise of this theory.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
™ CRUtape Letters, is a trademark of Moshpit Enterprises.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
bill (17:09:41) :
“So all those accusations of “fraud” and “criminal” need to have real provable backing!!”
What are you trying to tell us, bill?
RE: Bill (17:09:41), Item 1.
I do not know what the law is in this case, but I can imagine lawyers such as those employed by the RIAA holding that each email is a copyrighted entity subject to the provisions of the Digital Millennium Copyright Act. I assume the moderators here know this not to be a risk.
bill (17:09:41) “England is the “defamation capital of the world” It costs a mere £1700 to set the ball rolling.”
bill, I’m not sure if you realize it or if it was your intent, but it looks like you are suggesting a grand conspiracy to criminalize nonalarmism. I urge you to pause to broaden your perspective and realize how serious this is.
If option 3 is correct & this is just stuff which had been prepared against McIntyre’s FoI enquiry then there is an awful lot more we haven’t seen.
Paul Vaughan (21:19:39) :
bill, I’m not sure if you realize it or if it was your intent, but it looks like you are suggesting a grand conspiracy to criminalize nonalarmism. I urge you to pause to broaden your perspective and realize how serious this is
If your reputation is lowered by statements calling you a criminal/cheat/fraudster you have a right to defend your reputation. I’m sure you agree with this?
I was simply pointing out that defamatory comments need to be reigned in or else the hurt parties could make a claim for damages. If you have legally sound proof of your claims then there are no problems (although proving your innocence is not gong to be cheap).
I have also pointed out the computer misuse act – google it.
http://www.out-law.com/page-6207
A man was convicted in London yesterday of hacking into a charity website, set up after the Indian Ocean tsunami disaster, in breach of the Computer Misuse Act.
Daniel James Cuthbert, a computer consultant formerly with ABN Amro bank, was given a £400 fine and ordered to pay £600 in costs at Horseferry Road Magistrates court yesterday, according to reports.
He fell foul of section one of the Computer Misuse Act, the UK’s main cybercrime legislation, on New Year’s Eve last year.
Cuthbert clicked on a banner ad to donate £30 to the Disaster Emergency Committee (DEC) appeal. However, when he did not get a confirmation or thank you in response to his donation, he feared that he had fallen for a phishing site, and decided to test the site to make sure. Unfortunately, in doing so he set off the DEC protection systems, and the police were called in.
According to SC Magazine, District Judge Mr Quentin Purdy found Cuthbert guilty with “some considerable regret”, but the wording of the Act made it clear that the security consultant was guilty. “Unauthorised access, however praiseworthy the motives, is an offence,” said the judge.
Cuthbert, 28, has lost his job with ABN Amro, and has since found it hard to find alternative employment, according to reports.
bill (03:34:08) :
It does not have to be locked away behind a security screen. If you were not explicitly given access then you are guilty!
Not if it *was* placed on an open server, which is one possibility. That makes it fair game.
Paul K2 (09:29:12) :
The most likely scenario is M’s group also knew about the file, and few days after losing the appeal, orchestrated the release in violation of the FOI appeal decision.
That would first require M’s group to *know* of the file’s existence, when they had no reason to believe that hodge-podge of information had already been gathered into one, convenient file.
I return to the files timestamps. There are quite a lot of files with manipulated timestamps, most 2009-01-01-06:00:00, but also from 1980-01-01 and 2004-01-01, they all carry the “06:00:00” part, that’s what shows up in my timezone CET. Why would someone set it to 06:00:00, wouldn’t it be easier to set it to 00:00:00, while your finger is ther at the “0”? Maybe he set it to 00:00:00 when he added those files, but he was doing it on a computer with timezone set to US Eastern Time?
And oh! I forgot to mention that this is what I see in my Linux system, in WinXP the time is 00:00:00!
Expose the code and bust the Anti-Trust Climate Team
Busted not Robust!
Shiny
Edward
If it was a hacker on the outside then not only did they know how to get onto the network but they new who the target was and what specific information was useful. They didn’t download the entire contents of the university network. That doesn’t seem a particularly likely scenario to me. If there was a hacker involved then there would likely be a trace of the IP addresses back to the destination of the “stolen” data.
I would say that in response to the FOI request the Uni lawyer sent out an email requesting compliance. The “team” at the CRU then discussed the implications of this. The “team” consisted of “dirty” individuals and “clean” individuals. The “dirty” individuals didn’t really know what to do and stonewalled while the “clean” individuals set about complying with the request. The “clean” individuals probably didn’t even realise there was something to be concerned about. The “dirty” individuals couldn’t immediately prevent the “clean” individuals from gathering the data without giving the game away. The “clean” individuals probably discovered eventually that the emails indicated “dirty tricks”. At the same time the “dirty” individuals had succeeded in blocking the original FOI request. Then an unholy row broke out and the question was asked “well now what the hell do we do?” and the decision was made within the CRU to stifle the information. Someone in the “clean” group was disgusted by this attitude and posted the gathered information anyway, then covered his tracks by claiming a hacker must have broken into the network. If the responsible individual is discovered, he or she will probably announce that he or she was only releasing data relevant to a legal FOI request – so my guess is that the individual responsible will not be turned over since that won’t be in the CRU’s interest anyway.
Something similar happened in the UK recently where a civil servant released details of MPs expenses to the newspapers because they had been subject to an FOI inquiry but he didn’t believe that the MPs would comply. He was quite open about what he had done and why – no hacking involved. A whistleblower seems more likely to me.
Bill Tuttle (05:53:05) :
How do we know the file was “hacked,” or otherwise obtained, from the CRU?
The BBC was given apparently the same file a month earlier.
http://www.bbc.co.uk/blogs/paulhudson/2009/11/climategate-cru-hacked-into-an.shtml
That means everything was already organized in one place (giving credence to the “alternate explanation, as well as to a fourth suggested by others). It was good-to-go, and no selection was necessary.
Of course, there are problems with that, as Neo (15:20:35) points out. The BBC could be, ahem, “mistaken,” or something else.
Frankly, I don’t trust any of those who have historically been allies in pushing AGW against all reason, and that includes the BBC.
A good thread but IMHO we should be looking well beyond the techie angles in this case. I’d usually go with “cock-up over conspiracy” but there’s just too much riding on AGW across the world now. The ultimate goals may still be varied and illusory but the stakes are clearly gigantic.
I find the tone of Paul Hudson’s blog at the Beeb interesting:
This is beginning to sound a smidge too convenient for my liking, as too is the recent posturing of Monbiot, Bob Watson, etc. The title Climate change debate: ‘calm, civilised, informative’ on Andrew Neal’s blog, while snappy and appropriate to the discussion that took place, is also a little too sickly sweet.
Bring on an enquiry, forget the troublesome historic temp record (which is complete tosh anyway just based on margins of error) and manage the legitimization of AGW onto a ‘superior’ authoritative basis. Never waste a good crisis.
OTOH, given the Machiavellian influences pushing hard from every angle here, maybe we’ve just witnessed a night of the long knives moment . Why would manufacturing a crisis orders of magnitude smaller than AGW itself be a problem? The careers of a few brownshirt scientists don’t matter in the scheme of things.
Time will tell whether an enquiry materialises but far more interesting will be how quickly and how open. After all, timing is everything in management. Watch carefully for both sides of a managed discourse supporting the same invisible goal that has nothing whatever to do with the physical climate.
yonason (09:44:12) :
Bill Tuttle (05:53:05) :
How do we know the file was “hacked,” or otherwise obtained, from the CRU?
The BBC was given apparently the same file a month earlier.
http://www.bbc.co.uk/blogs/paulhudson/2009/11/climategate-cru-hacked-into-an.shtml
That means everything was already organized in one place (giving credence to the “alternate explanation, as well as to a fourth suggested by others). It was good-to-go, and no selection was necessary.
Of course, there are problems with that, as Neo (15:20:35) points out. The BBC could be, ahem, “mistaken,” or something else.
Frankly, I don’t trust any of those who have historically been allies in pushing AGW against all reason, and that includes the BBC.
That’s not correct at all, what Hudson (BBC) said was that the emails which had been addressed to him, which he had received in October, were exactly the same as the versions of them in the stolen file. So to that extent the ‘hacked’ emails were accurate. That’s all.
Phil. (14:32:00) :
Thanks, I appear to have read too much into it.
Re: bill (04:55:39)
I think we should carry on with natural climate variation investigations (& other constructive pursuits), not worrying about what other folks can’t stop doing for entertainment.
Cheers.
It seems clear to me that this leak is based on McIntyre’s denial of FOI, because of the date of emails stopping the day before the denial. The name of the file also supports that. The most likely source would be a copy of the nightly backup, which would include emails up till the day before, but none for the day it was being done on.
This does not give us reason to conclude one way or another if it was an inside job or not. But it does tell us that it was being done by someone following the debate closely, which makes in insider more likely.
The message accompanying the file states a “random selection” of emails. Using the word “selection” seems to indicate that some sort of selection process has been exercised, i.e. this is not a complete archive. That doesn’t necessarily mean that there’s more to come though as the use of “random” may be tongue in cheek, i.e. not random at all, but clearly filtered. Indeed there almost seem to be too much damning information for it to be random.
I unknowingly use part of the trademarked crutapes letters in this article. Hope it is not too offensive to anyone.
dallas
opps this is the article
http://www.associatedcontent.com/article/2462786/the_huffington_post_and_climategate.html?cat=58
They were stolen regardless whether they were leaked or hacked.
* If it was legally downloaded from a public server, why has no one taken responsibility. I do not believe your theory. And I am certainly not convinced by the new ‘expert’. His analysis reeks of bias.
* The letter says “we”. That does not sound like an individual.
* The IP-adresses used on tAV, CA, & RC were from different parts of the world. That is pretty professional. IMO: not consistent with a leak.
I think it is a hack.
Well i agree wit the theory of purge
ecologiste will mderately appreciate
http://www.eastangliaemails.com/emails.php?eid=204&filename=.txt
A normal sapiens sapiens will be disgust (probably the base od the discussion in copenhaguen)
http://www.eastangliaemails.com/emails.php?eid=54&filename=889554019.txt
Those informations was for sure not helping the CRU for his aura of serious honest scientifics