By charles the moderator
Rodin’s The Thinker at the Musée Rodin.
Author CJ. Licensed under Creative Commons.
I have a theory.
With the blogosphere all atwitter about the emails and data “stolen” from the Climatic Research Institute at the University of East Anglia, two theories have become dominant describing the origin of the incident.
- CRU was hacked and the data stolen by skilled hackers, perhaps an individual or more insidiously some sophisticated group, such as Russian agents.
- An insider leaked the information to the NSM (non-mainstream media)
Theory number one is the preferred explanation of the defenders of CRU. This allows them to portray CRU as victims of illegal acts. It allows them to scream bloody murder and call for an investigation of the crime. How can we take the fruits of hideous crime seriously? The end does not justify the means!
One of our favorite writers, Gavin Schmidt, has expanded on this theme with the report:
He [Gavin] said the breach at the University of East Anglia was discovered after hackers who had gained access to the correspondence sought Tuesday to hack into a different server supporting realclimate.org, a blog unrelated to NASA that he runs with several other scientists pressing the case that global warming is true.
The intruders sought to create a mock blog post there and to upload the full batch of files from Britain. That effort was thwarted, Dr. Schmidt said, and scientists immediately notified colleagues at the University of East Anglia’s Climatic Research Unit.
http://www.nytimes.com/2009/11/21/science/earth/21climate.html
I believe the above statement by Gavin to be a big bunch of hooey. I believe the “hack” was a posting of the same blog comment which was posted at The Air Vent
which was also submitted here at WUWT, but never was visible publicly, because all comments are moderated and publicly invisible until approved by an administrator or moderator. Many of you have already seen it:
We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents.
Hopefully it will give some insight into the science and the people behind it.
This is a limited time offer, download now:
http://ftp.tomcity.ru/incoming/free/FOI2009.zip
Sample:
0926010576.txt * Mann: working towards a common goal
1189722851.txt * Jones: “try and change the Received date!”
0924532891.txt * Mann vs. CRU
0847838200.txt * Briffa & Yamal 1996: “too much growth in recent years makes it difficult to derive a valid age/growth curve”
0926026654.txt * Jones: MBH dodgy ground
1225026120.txt * CRU’s truncated temperature curve
1059664704.txt * Mann: dirty laundry
1062189235.txt * Osborn: concerns with MBH uncertainty
0926947295.txt * IPCC scenarios not supposed to be realistic
0938018124.txt * Mann: “something else” causing discrepancies
0939154709.txt * Osborn: we usually stop the series in 1960
0933255789.txt * WWF report: beef up if possible
0998926751.txt * “Carefully constructed” model scenarios to get “distinguishable results”
0968705882.txt * CLA: “IPCC is not any more an assessment of published science but production of results”
1075403821.txt * Jones: Daly death “cheering news”
1029966978.txt * Briffa – last decades exceptional, or not?
1092167224.txt * Mann: “not necessarily wrong, but it makes a small difference” (factor 1.29)
1188557698.txt * Wigley: “Keenan has a valid point”
1118949061.txt * we’d like to do some experiments with different proxy combinations
1120593115.txt * I am reviewing a couple of papers on extremes, so that I can refer to them in the chapter for AR4
I was the first at WUWT to see the comment above and immediately embargoed it. After discussions and many phone calls, we finally began to refer to the information after, and only after, we saw that it was available elsewhere, such as The Air Vent, and also after we knew that CRU was aware that it was circulating on the web.
Gavin’s elaborate description of the hacking attempt at RC is, in my humble opinion, nothing more than an attempt to add meat to the hacking theory in order to increase the vilification of the theoretical hackers. Gavin has demonstrated this kind of misdirection in the past in the Mystery Man incident where he attempted to obfuscate his own involvement in a data correction to station files held by the British Antarctic Survey. In this new spirit of transparency Gavin, why don’t you send Anthony the log files that demonstrate this attempted break in at realclimate.org?
After all, this is a criminal act of vandalism and of harassment of a group of scientists that are only going about their business doing science. It represents a whole new escalation in the war on climate scientists who are only trying to get at the truth. Think — this was a very concerted and sophisticated hacker attack. …Or at the next level, since the forces of darkness have moved to illegal operations, will we all have to get bodyguards to do climate science?
Sigh…and sigh again.
Theory number two is the preferred explanation of, for want of a better term, the Skeptics Camp. It is a romantic thought. Some CRU employee, fed up with the machinations, deceit, and corruption of science witnessed around him or her, took the noble action of becoming whistle-blower to the world, bravely thrusting the concealed behavior and data into the light for all to see. This theory is attractive for all the right reasons. Personal risk, ethics, selflessness etc.
I would like to offer a third possibility based on a bit of circumstantial evidence I noticed on the Web Saturday afternoon.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
A short time ago there was a previous leak of CRU data by an insider. In this case, Steve McIntyre acquired station data which he had been requesting for years, but someone inside CRU unofficially made the data available.
In this case, many commentators had various guesses as to the motivation or identity of the disgruntled mole even proposing that perhaps a disgruntled William Connelly was the perpetrator.
Of course it turned out the Phil Jones, director of CRU, himself had inadvertently left the data on an open FTP server.
Many have begun to think that the zip archive FOI2009.zip was prepared internally by CRU in response to Steve McIntyre’s FOI requests, in parallel with attempts to deny the request in case the ability to refuse was lost. There are many reasons to think this is valid and it is consistent with either of the two theories at the beginning of this post. Steve McIntyre’s FOI appeal was denied on November 13th and the last of the emails in the archive is from November 12th.
It would take a hacker massive amounts of work to parse through decades of emails and files but stealing or acquiring a single file is a distinct possibility and does not require massive conspiracy. The same constraints of time and effort would apply to any internal whistle blower. However, an ongoing process of internally collating this information for an FOI response is entirely consistent with what we find in the file.
In the past I have worked at organizations where the computer network grew organically in a disorganized fashion over time. Security policies often fail as users take advantage of shortcuts to simplify their day to day activities. One of these shortcuts is to share files using an FTP server. Casual shortcuts in these instances may lead to gaping security holes. This is not necessarily intentional, but a consequence of human nature to take a shortcut here and there. This casual internal sharing can also lead to unintentional sharing of files with the rest of the Internet as noted in the Phil Jones, CRU mole, example above. Often the FTP server for an organization may also be the organization’s external web server as the two functions are often combined on the same CPU or hardware box. When this occurs, if the organization does not lock down their network thoroughly, the security breaches which could happen by accident are far more likely to occur.
Since Friday November 20th a few users noticed this interesting notice on the CRU website.
This website is currently being served from the CRU Emergency Webserver.
Some pages may be out of date.
Normal service will be resumed as soon as possible.
Here is a screen grab for posterity.
So as part of the security crackdown at CRU they have taken down their external webserver? Network security professionals in the audience will be spitting up coffee all over their keyboards at this point.
So this is my theory is and this is only my theory:
A few people inside CRU possessed the archive of documents being held in reserve in case the FOI appeal decision was made in favor of Steve McIntyre. They shared it with others by putting it in an FTP directory which was on the same CPU as the external webserver, or even worse, was an on a shared drive somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available. Then, along comes our “hackers” who happened to find it, download it, and the rest is history unfolding before our eyes. So much for the cries of sophisticated hacking and victimization noted above.
If I had to bet money, I would guess that David Palmer, Information Policy & Compliance Manager, University of East Anglia, has an even chance of being the guilty party, but it would only be a guess.
To repeat the basic premise of this theory.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
™ CRUtape Letters, is a trademark of Moshpit Enterprises.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
I would not have included a bunch of emails talking about dodging FOIA if I were resigning myself to honouring the FOI requests.
How about the ignored subject lines DELETE AFTER READING? Why not just delete them?
My vote is Whistleblower. (translation for visitors from RC; 5th. column cyberterrorist)
Who and which organizations gave the “scientists” money for this “research?”
Any one of them has grounds to sue for fraud in a civil suit. Either the granting organizations or the donors ( individually or as a class) can do it.
The same goes for the donors who gave money to the granting organizations. If any board members can be shown to be in collusion with the researchers, then the board member or members become liable as well.
As for misuse of government money and property, that is a criminal matter.
If the CRU staff put it together as a response to the FOI request, why would they have included the HARRY_READ_ME file, since it’s neither an E-mail, data, or source code? The inclusion of that file makes it more likely that it was put together by an internal source.
While I was never in the network security branch at (nameless Government facility), I knew some of the network engineering people pretty well, and became aware of a number of permission screw-ups at our facility; i.e.:
While there is no way to know for sure at this point WRT the CRU saga, the ”third possibility” that Charles postulates is indeed quite plausible:
The multiple and complex layering of network permissions that can be applied by (likely) several people who have network admin capability, can quickly lead to a bunch of open ”back doors”; especially if both internally and externally accessible files reside on the same server (let alone the same disc spindle). Where I worked it was a firm rule that you did NOT mix any internal and external applications or data on the same platform, due to this ever-present risk and a couple unhappy experiences; where access permissions would become ”leaky”.
SIDEBAR: I believe the original of the ”old adage” Charles referred to is attributed to Napoleon Bonaparte; who is recorded to have said:
”Never automatically ascribe to deliberate malice, that which is easily explainable by ordinary, everyday incompetence.”
In any case: Whether climategate resulted from incompetence in network management, actions by an internal whistleblower, or a sophisticated external hack (all perhaps aided as mentioned by actions resulting from FOIA requests):
I’ll take it. When the history of the whole politically-correct AGW religion is finally written, this event just might make the book.
When I first saw this file, it looked to me to be a lot like the kind of file that gets put together for a lawyer. Typical an organization would get a discovery notice or a FOIA request and a lawyer will send out an email requesting all data, information and correspondance related to the issue at hand. A clerical person assembles all the responses into a file and the lawyer goes through it and issues an opinion. So labeling this kind of file with ‘FOI’ in the filename would make sense.
But this raises a troubling question, could independent officials at Met have looked at this file, with all the references to deleting data etc, and conclude that there was nothing afoul? It staggers the mind.
In some of the emails Jones’s smuggly talks about his success at corrupting the FOI people. It was very Obi Wan Kenobi-esk. “These are not the droids you are looking for”, Jones said in a hypnotic voice — kind of thing.
It would be interesting to see the organizational structure of CRU. Does Palmer report to Jones? Or is Palmer part of Met? Was Jones able to pull the wool over the eyes of the FOI people?
Maybe someone was smart enough to ‘get’ was going on, and when the decision was made, decided to go rogue. Or, maybe they just left the file in an insecure place.
Assumig this is the CRU’s own compilation of data intended for the FOIA, is this the “nicest” emails thay can cough up. Surly they must have deleted some files? Or do we assume full disclosure if they had lost the FOIA request.
this is why it’s always easier/better to just tell the truth. then you don’t have to worry about what gets hacked….uhm…er….”released.”
and admissible or not, it certainly gives much insight into exactly what to ask for in the NEXT FOI request…
which will almost certainly be approved.
This is the most plausible theory I have seen so far. Fits the facts and is beautifully simple.
So there are no nasty Russian hackers after all?
Just wondering then, who posted this to the Russian server and how did they find it in the first place.
Charles:
Excellent and thought provoking piece. As you put it, I am hoping for Theory II primarily because one way or the other another shoe will drop. If it is Theory III, then there is a good chance that they will simply stonewall and hide all incriminating stuff. It is a sad commentary on the state of our universities that such a tactic is likely to succeed. It would take but only one “deep throat” to end this painful episode.
Sounds very plausible, especially given the name of the file. However, if it was simply copied from the ftp site by someone, why do they remain anonymous? I would be proud to be associated with this historic download!
That’s like having a state of the art home security system — then leaving the doors and windows open and later discovering you’ve been burglarized.
Occam’s razor – or, why assume some nefarious plot when plain stupid will do.
DaveF (09:31:39) :
I was reaching for a glass of Coca-Cola when I read this. Fortunately I didn’t pause in my reading and finished before taking a sip – or else you’d owe me a new keyboard!
Roger Knights –
You’ve only given the verb ‘alternate’ – it is also a noun meaning one who substitutes for another (an alternate on a jury or sports team), and an adjective meaning ‘alternative’ (an alternate location).
I think the file contents could not have been collected for being sent to someone outside CRU requesting a FOI. Maybe someone tried to avoid a memory hole or the file itself WAS the memory hole.
NK (09:31:45) :
Charles–
…. It’s possible this file was put together as a potential response to the FOI request, and circulated around CRU for review and a decision as to whether to release per the FOI.
After reading the post this was one of my thoughts. Whether in response to an FOI request or not, someone collected the most damaging material and started to circulate it in order to ensure a coordinated response if the material had to be released and possibly to provide a guide to what material should be purged to avoid disclosure. Receipents started to forward it to people they thought would be interested in a chain-reaction/chain-letter fashion that obscured the original intent of the compiler. Eventually it hit the inbox of someone who was ‘not reliable’ (in the CRU sense), maybe after someone on the fringe of the group skimmed the emails and saw a co-worker’s name.
Do not withdraw the FOI request. This data may have been inadvertently or deliberately corrupted.
I just watched a FoxNews interview between Chris Horner at the Competitive Enterprise Institute and Howard Gould of the Clean Economy network. See how has more invested in this “event”.
I would agree with #3, due to the fact that code files were included. Wasn’t that part of the FOI request in the first place? In preparing for a ruling, it would make sense that a download was done and scrubbed of emails not related to the exact nature of the request, (meaning that for the download only, emails were removed, not for the original archived email). In some cases, blanks can be located if emails have a number or date stamp. It is a simple matter of creating a find function looking for these gaps.
Regardless of which theory pans out, it is imperative that an independent team of forensic IT professionals secure what is on the computers at HadCRU.
This story is starting to pick up a little steam here in the US, but as of today, it’s still 2nd page material.
But the first theory was so beloved by the media: This could only have been the work of a criminal mastermind of the highest order. Now all we’re left with is simple human error. Still, it smells right. The problem with the first theory is why would all these emails be bundled together in a single file? They would have been scattered around quite a bit I would have thought.
How did you figure it Charles? It was elementary my dear Hansen, or Jones, or Wigley.
PS, Charles, don’t tell Santer or he’ll punch your lights out.
Good scenario. It would take too much work for a simple hacker to have sifted through the tens of thousands of e-mails that have been written over the last few years.
Regarding whether these e-mails can be used in legal proceedings:
to answer John Galt:
first, ignore the likelihood that as bad as these look, there will be *no* legal proceedings rising from these e-mails. No one’s going to charge them with anything, anymore than they’re going to charge Gordon Browne for the way he’s running the UK these days. (many things that should happen, don’t.)
Also, I’m not completely clear as to UK law in this area.
but in the US – in a criminal case, the Prosecution can use anything it gets its hands on as long is it wasn’t directly implicated in the illegal action. If someone steals a gun from a murderer and gives it to the police, they’re allowed to use that gun as evidence at the murderer’s trial. If the Prosecution or the police stole the gun, then they can’t use it.
in a civil trial, the complainant simply has to ask for disclosure of any relevant documents. If the defense fails to turn over documents for which complainant has good evidence of their existence, then the defense can be sanctioned for failure to comply with discovery and probably will lose on a motion for summary judgment.
Here’s how the New Zealand Herald has reported one aspect of the “hack” this morning:
http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10611239
One spin doctor has been earning their Chritsmas bonus. The righteous indignation oozes from every pore.
I think it’s an insider who took the time to compile the worst of the worst– the most damning material he could find. Perhaps someone Dr. Phil treated shabbily at some point in his career.
<a href="Climate change champion and sceptic both call for inquiry into leaked emails Both sides of climate change debate urge investigation as Met Office dismisses ‘shallow attempt to discredit robust science’ The Guardian UK
Conversely those responsible for the data object:
Update on UEA
http://www.uea.ac.uk/mac/comm/media/press/2009/nov/homepagenews/CRU-update
“Climatic Research Unit update – 17.45 November 23
It is a matter of concern that data, including personal information about individuals, appears to have been illegally taken from the university and elements published selectively on a number of websites.
The volume of material published and its piecemeal nature makes it impossible to confirm what proportion is genuine. We took immediate action to remove the server in question from operation and have involved the police in what we consider to be a criminal investigation.
The material published relates to the work of our globally-respected Climatic Research Unit (CRU) and other scientists around the world. CRU’s published research is, and has always been, fully peer-reviewed by the relevant journals, and is one strand of research underpinning the strong consensus that human activity is affecting the world’s climate in ways that are potentially dangerous.
CRU is one of a number of independent centres working in this important area and reaching similar conclusions. It will continue to engage fully in reasoned debate on its findings with individuals and groups that are willing to have their research and theories subjected to scrutiny by the international scientific community. The selective publication of some stolen emails and other papers taken out of context is mischievous and cannot be considered a genuine attempt to engage with this issue in a responsible way.
The raw climate data which has been requested belongs to meteorological services around the globe and restrictions are in place which means that we are not in a position to release them. We are asking each service for their consent for their data to be published in future.
In addition to supporting the police in their enquiries, we will ourselves be conducting a review, with external support, into the circumstances surrounding the theft and publication of this information and any issues emerging from it. ”
The last sentence MAY indicate a REAL investigation in as they state “any issues emerging from it”.
I think it was a inside man.