By charles the moderator
Rodin’s The Thinker at the Musée Rodin.
Author CJ. Licensed under Creative Commons.
I have a theory.
With the blogosphere all atwitter about the emails and data “stolen” from the Climatic Research Institute at the University of East Anglia, two theories have become dominant describing the origin of the incident.
- CRU was hacked and the data stolen by skilled hackers, perhaps an individual or more insidiously some sophisticated group, such as Russian agents.
- An insider leaked the information to the NSM (non-mainstream media)
Theory number one is the preferred explanation of the defenders of CRU. This allows them to portray CRU as victims of illegal acts. It allows them to scream bloody murder and call for an investigation of the crime. How can we take the fruits of hideous crime seriously? The end does not justify the means!
One of our favorite writers, Gavin Schmidt, has expanded on this theme with the report:
He [Gavin] said the breach at the University of East Anglia was discovered after hackers who had gained access to the correspondence sought Tuesday to hack into a different server supporting realclimate.org, a blog unrelated to NASA that he runs with several other scientists pressing the case that global warming is true.
The intruders sought to create a mock blog post there and to upload the full batch of files from Britain. That effort was thwarted, Dr. Schmidt said, and scientists immediately notified colleagues at the University of East Anglia’s Climatic Research Unit.
http://www.nytimes.com/2009/11/21/science/earth/21climate.html
I believe the above statement by Gavin to be a big bunch of hooey. I believe the “hack” was a posting of the same blog comment which was posted at The Air Vent
which was also submitted here at WUWT, but never was visible publicly, because all comments are moderated and publicly invisible until approved by an administrator or moderator. Many of you have already seen it:
We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents.
Hopefully it will give some insight into the science and the people behind it.
This is a limited time offer, download now:
http://ftp.tomcity.ru/incoming/free/FOI2009.zip
Sample:
0926010576.txt * Mann: working towards a common goal
1189722851.txt * Jones: “try and change the Received date!”
0924532891.txt * Mann vs. CRU
0847838200.txt * Briffa & Yamal 1996: “too much growth in recent years makes it difficult to derive a valid age/growth curve”
0926026654.txt * Jones: MBH dodgy ground
1225026120.txt * CRU’s truncated temperature curve
1059664704.txt * Mann: dirty laundry
1062189235.txt * Osborn: concerns with MBH uncertainty
0926947295.txt * IPCC scenarios not supposed to be realistic
0938018124.txt * Mann: “something else” causing discrepancies
0939154709.txt * Osborn: we usually stop the series in 1960
0933255789.txt * WWF report: beef up if possible
0998926751.txt * “Carefully constructed” model scenarios to get “distinguishable results”
0968705882.txt * CLA: “IPCC is not any more an assessment of published science but production of results”
1075403821.txt * Jones: Daly death “cheering news”
1029966978.txt * Briffa – last decades exceptional, or not?
1092167224.txt * Mann: “not necessarily wrong, but it makes a small difference” (factor 1.29)
1188557698.txt * Wigley: “Keenan has a valid point”
1118949061.txt * we’d like to do some experiments with different proxy combinations
1120593115.txt * I am reviewing a couple of papers on extremes, so that I can refer to them in the chapter for AR4
I was the first at WUWT to see the comment above and immediately embargoed it. After discussions and many phone calls, we finally began to refer to the information after, and only after, we saw that it was available elsewhere, such as The Air Vent, and also after we knew that CRU was aware that it was circulating on the web.
Gavin’s elaborate description of the hacking attempt at RC is, in my humble opinion, nothing more than an attempt to add meat to the hacking theory in order to increase the vilification of the theoretical hackers. Gavin has demonstrated this kind of misdirection in the past in the Mystery Man incident where he attempted to obfuscate his own involvement in a data correction to station files held by the British Antarctic Survey. In this new spirit of transparency Gavin, why don’t you send Anthony the log files that demonstrate this attempted break in at realclimate.org?
After all, this is a criminal act of vandalism and of harassment of a group of scientists that are only going about their business doing science. It represents a whole new escalation in the war on climate scientists who are only trying to get at the truth. Think — this was a very concerted and sophisticated hacker attack. …Or at the next level, since the forces of darkness have moved to illegal operations, will we all have to get bodyguards to do climate science?
Sigh…and sigh again.
Theory number two is the preferred explanation of, for want of a better term, the Skeptics Camp. It is a romantic thought. Some CRU employee, fed up with the machinations, deceit, and corruption of science witnessed around him or her, took the noble action of becoming whistle-blower to the world, bravely thrusting the concealed behavior and data into the light for all to see. This theory is attractive for all the right reasons. Personal risk, ethics, selflessness etc.
I would like to offer a third possibility based on a bit of circumstantial evidence I noticed on the Web Saturday afternoon.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
A short time ago there was a previous leak of CRU data by an insider. In this case, Steve McIntyre acquired station data which he had been requesting for years, but someone inside CRU unofficially made the data available.
In this case, many commentators had various guesses as to the motivation or identity of the disgruntled mole even proposing that perhaps a disgruntled William Connelly was the perpetrator.
Of course it turned out the Phil Jones, director of CRU, himself had inadvertently left the data on an open FTP server.
Many have begun to think that the zip archive FOI2009.zip was prepared internally by CRU in response to Steve McIntyre’s FOI requests, in parallel with attempts to deny the request in case the ability to refuse was lost. There are many reasons to think this is valid and it is consistent with either of the two theories at the beginning of this post. Steve McIntyre’s FOI appeal was denied on November 13th and the last of the emails in the archive is from November 12th.
It would take a hacker massive amounts of work to parse through decades of emails and files but stealing or acquiring a single file is a distinct possibility and does not require massive conspiracy. The same constraints of time and effort would apply to any internal whistle blower. However, an ongoing process of internally collating this information for an FOI response is entirely consistent with what we find in the file.
In the past I have worked at organizations where the computer network grew organically in a disorganized fashion over time. Security policies often fail as users take advantage of shortcuts to simplify their day to day activities. One of these shortcuts is to share files using an FTP server. Casual shortcuts in these instances may lead to gaping security holes. This is not necessarily intentional, but a consequence of human nature to take a shortcut here and there. This casual internal sharing can also lead to unintentional sharing of files with the rest of the Internet as noted in the Phil Jones, CRU mole, example above. Often the FTP server for an organization may also be the organization’s external web server as the two functions are often combined on the same CPU or hardware box. When this occurs, if the organization does not lock down their network thoroughly, the security breaches which could happen by accident are far more likely to occur.
Since Friday November 20th a few users noticed this interesting notice on the CRU website.
This website is currently being served from the CRU Emergency Webserver.
Some pages may be out of date.
Normal service will be resumed as soon as possible.
Here is a screen grab for posterity.
So as part of the security crackdown at CRU they have taken down their external webserver? Network security professionals in the audience will be spitting up coffee all over their keyboards at this point.
So this is my theory is and this is only my theory:
A few people inside CRU possessed the archive of documents being held in reserve in case the FOI appeal decision was made in favor of Steve McIntyre. They shared it with others by putting it in an FTP directory which was on the same CPU as the external webserver, or even worse, was an on a shared drive somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available. Then, along comes our “hackers” who happened to find it, download it, and the rest is history unfolding before our eyes. So much for the cries of sophisticated hacking and victimization noted above.
If I had to bet money, I would guess that David Palmer, Information Policy & Compliance Manager, University of East Anglia, has an even chance of being the guilty party, but it would only be a guess.
To repeat the basic premise of this theory.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
™ CRUtape Letters, is a trademark of Moshpit Enterprises.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
Having worked in IT and as a network security professional for my entire career of 25 years thus far, this sounds like the most plausible theory. I was just discussing the difficulty of implementing effective security policy with a colleague the other day. By far the biggest hurdle for the IT manager is human nature. So many managers, directors, etc. in other departments will undermine policy of a weak CIO just to make things easier.
And we have a saying in the biz, security is the reciprocal of convenience.
Not only are these people in the Alarmist camp poor at science and programming, they are poor with computer and network security as well. Consistency.
Chris,
Nail on head.
I wonder how many hard drives are being destroyed, illegally, as we discuss this at GISS, etc.?
This small sampling that we have seen is the tip of the iceberg.
The climate charlatans have been doing this for *years*.
I’d also submit that possibly we have a hybrid of Theories 2 and 3. Once everything is neatly contained in a ZIP file, it wouldn’t take much for a low level, but scrupulous employee at CRU to move that file, or to disperse it to an external site. Many IT professionals I know tend to be very objective, and operate with a very high level of integrity. It’s part of the job. So no surprise that someone who became aware of behavior like that illustrated in the emails, would make sure that it was exposed and/or reported.
I can just imagine the politician’s approach when they realized what the screwed up temperature plots looked like.
“- Wow did you see that! it seems like the world is going to catch on fire within the next 50 years!”
“- No No Harry! Don’t bother reporting the bad data to your superiors. Leave it like that! That’s perfect”
Bush to Cheney to Obama to Gore (and all other corrupted bastards):
“- How can we take advantage of this bullshit data? Oh I know!!! lets establish an another tax disguised as Cap And Trade and impoverish even more our stupid population!”
– ” Great idea. Great work Tim and Harry!”
On Theory..
A little bird told me.. (and one I have been inclined to listen to) that it was a smash job.. a brute force attack.. not a clever hack.. but a resource laden effort.
this was not a leak in the deliberate sense.
now.. what that means is up to our esteemed public, but I would add, the nature of such capabilities, are in only a few places.
but whether tongue and cheek or no, the notion that espionage from the ghost of the Kremlin be considered
in theory… well….
It was an ínternal hacker close related with gouvernmental institutions or politicians. Nobody believes the science behind the global warming hoax anymore and the western world feels the immense growing economic power of India and China while at the same time we have to kill our economy and society due to requirements of the Kyoto protocol. India and China already stated not to fullfill these requirements, not yet and also not after Kopenhagen. So probably the Britisch play a nice and traditional game to give theirselves and others opportunities from escaping the rope we put around our neck. Also the chosen time is remarkable; very close to the start of Kopenhagen. It’s a version of the “legal” attack on Mantsjoerije by the Japanese at the beginning of WW2 in Asia (China).
Just read that press release posted above @Cold Lynx (10:14:21) — it’s a toss-up between nauseous and rushing to take a long, hot shower. I expect that they are trusting that people are either too lazy to have read what’s been uncovered, can’t hold a thought of their own in their own heads for more than five minutes, or are so into the AGW belief system that they’ll believe any pronouncement from ‘church’ officialdom.
Wonder what operating system was being used by the server containing the file? If it is some version of Windows, leaving a file open to all is very easy to do by accident.
Henry chance (09:04:51) :
“All their peer review is done by friends and people that push the same dogma.”
That’s kind of unavoidable, because in any field there aren’t that many “experts” to whom to send papers, so they will often be reviewed by a small cadre of scientists who know each other. That makes the system vulnerable to not only lapses in integrity, but also to the inertia of “group think.”
But the most serious flaw is that it can be so easily hijacked by a group of conspirators whose “integrity” is merely a carefully crafted perception as opposed to a reality.
OT but Checkout the Australian climatesceptics party website
http://www.climatesceptics.com.au/
“The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later.”
Very popular today
what’s it called? – – the Large HADCRUT Collider?
How about, “the Large HADCRUT Colluder?”
=========
Jamie (10:06:28) :
Roger Knights –
“You’ve only given the verb ‘alternate’ – it is also a noun meaning one who substitutes for another (an alternate on a jury or sports team), and an adjective meaning ‘alternative’ (an alternate location).”
Modern dictionaries are more latitudinarian about their definitions than they used (and ought) to be. It’s possible that some or many of them now allow the adjectival “alternate” to mean “alternative.”
But why should we go along with them, just because they want to be descriptive of the language as the majority uses it? The cost is clarity. If I have an alternate pair of shoes, that means they are ones I wear by turns with my regular pair of shoes (presumably in order to give each pair a rest or allow them to get un-stinked on alternate days). An alternative pair of shoes would be one (probably in a much different style or form or color) that I wore to a different occasion, or with a different colored pair of pants, not one that I automatically us in a to-and-fro fashion. (There’s probably a better example, but I can’t think of it offhand.)
Here’s what R.H. Fiske’s Dictionary of Disagreeable English says on this matter. (The book is too much of a “stickler” for my taste, and is sometimes too heated, but it’s basically right IMO):
“The adjectival alternate does not mean, as alternative does, providing a choice between two or more things, nor does it mean, as alternative does, relating to an undertaking or institution that appeals to nontraditional interests. … If some people insist on maintaining the distinctions, it is because they prefer clarity to confusion ….”
And how do the press react?
The journal with the the widest circulation (Het Laatste Nieuws) in Belgium writes on its website:” The hackers themselves fiddled around with the CRU-emails! Most emails are changed and much passages are divorced from its context in such a way that they receive an other meaning. (…) It’s a pity for the fans of conspiracy theories, but their opinion has been superseded by facts meanwhile.”
(Dutch website: http://www.hln.be/hln/nl/5096/Kopenhagen-2009/article/detail/1032448/2009/11/23/Hackers-knoeiden-zelf-met-klimaatmails.dhtml )
Can someone tell me what’s the source of the coverage of this journal?
How can I counter this information?
If anyone is interested, I have looked at some important data that became public from CRU which seems to be to close the case global warming (man-made or otherwise). And it shows off that lovely 1940’s blip:
http://strata-sphere.com/blog/index.php/archives/11420
Cheers, AJStrata
Monckton Speaks Out on CRU: “They are Criminals”
http://pajamasmedia.com/blog/viscount-monckton-on-global-warminggate-they-are-criminals-pjm-exclusive/
What about a government wanting to slow down discussions at Copenhagen or have I been watching too much spooks ?
Good explanation.
It is clear that the file was created internally at CRU. If it was and judging its content, the files were not gathered to be released in the eventual FOI request. Either it was put together to be destroyed or hidden for some sick reason. In any case, they then would also be guilty of hiding information.
Professor John Brignell http://users.ecs.soton.ac.uk/jeb/cv.htm has this to say.
“CRU was created by the Thatcher Government as an arm in its war against the coal miners and the oil sheiks. This was a case (unfortunately not isolated) in which the smart tactical manoeuvre became a grand strategic error, for it bequeathed a powerful tool to the new authoritarian left when they reins of power changed hands.
A quasi-scientific institute that is founded for political purposes is a misbegotten creature. It is conceived in cynicism and born to corruption. When the remit of such an institution is to manufacture evidence to support one particular hypothesis it is condemned not to produce just bad science but anti-science.
The basis of modern scientific method is the principle of falsification. We do not call upon it directly for every scientific investigation, just as we do not rush to the courts of law every time we sign a contract, but it is always there to provide the rigorous framework essential to progress. To pay someone to collect data that support one hypothesis is like, to adapt the classical analogy, paying someone to count white swans to “prove” the hypothesis that all swans are white. Furthermore, once that someone’s living depends upon that payment, he will be sorely tempted to cover up any evidence of black swans and, being human, he will try to salve his own conscience by creating a justification for ignoring inconvenient observations.”
http://www.numberwatch.co.uk/2009%20November.htm#warmergate
Well it has definitely gone big time viral.
Results 1 – 100 of about 676,000 for climategate. (1.19 seconds)
http://www.climatesciencewatch.org/index.php/csw/details/phil-jones-and-ben-santer-comment-on-cei/
Prof. Phil Jones, Director of the Climatic Research Unit at the University of East Anglia in the UK and Ben Santer at Lawrence Livermore National Laboratory comment in response to a petition to EPA by the Competitive Enterprise Institute and Pat Michaels, which misleadingly seeks to obstruct EPA’s process in making an “endangerment” finding on greenhouse gases. This new CEI tactic is to call into question the integrity of the global temperature data record and, by implication, the integrity of leading climate scientists.
No one, it seems, cares to read what we put up on the CRU web page, http://www.cru.uea.ac.uk/cru/data/temperature/. These people just make up motives for what we might or might not have done.
Almost all the data we have in the CRU archive is exactly the same as in the Global Historical Climatology Network (GHCN) archive used by the NOAA National Climatic Data Center [see here and here].
The original raw data are not “lost.” I could reconstruct what we had from U.S. Department of Energy reports we published in the mid-1980s. I would start with the GHCN data. I know that the effort would be a complete waste of time, though. I may get around to it some time. The documentation of what we’ve done is all in the literature.
The event known as CLIMATEGATE:
WIKIPEDIA: The Climatic Research Unit e-mail hacking incident refers to a November 2009 incident involving the hacking and leaking of e-mails and documents on climate change research from the Climatic Research Unit of the University of East Anglia U.K.[1][2]
http://en.wikipedia.org/wiki/Climategate
I had a similar thought as the original poster
My question is, is it possible that they had several files on thier server(s)?
One file of FOI that there were willing to release, other file(s) of “hide this stuff till the cops leave” The Devil (to alliterate to Screwtape Letters) who sent the files out grabbed several file sets, then reorged (some of?) them into the current release.
There really is no other explanation of how one (1) hacker had gotten files and (archived?) emails, unless thier security really really sucked. (Global Warming started to deteriorate the electric cables?). I am no computer geek, but for how long do servers maintain a copy of deleted emails? What is the average lifespan of a server, and if one goes bad, do they move all the old data over?
I agree that this thesis has the highest probability of being correct. Of course, somebody would have had to take advantage of being able to poke around and discover it, but for some folks that is a casual hobby. Seeing a large blob of data available on the ftp server would almost guarantee that somebody would download it just out of curiosity.
The Brits have been notorious for their data screwups. NHS laptops left on trams full of unencrypted data and so on. We in the states have done some whoppers too. If all this stuff had been encrypted it would have taken either an insider to provide the key or a dedicated “black hat” to crack it. As it is, neither of these seems to have been the case.
“In addition to supporting the police in their enquiries, we will ourselves be conducting a review, with external support, into the circumstances surrounding the theft and publication of this information and any issues emerging from it. ”
This last statement emanating from the UEA head office, will be interesting to follow. CRU confirms that the “theft” was reported to them on Tuesday Nov. 17, yet they apparently only called in the police on Thursday or Friday. Why the delay?? Standard procedure for dealing with a theft is to immediately report the crime.
CRU took at least two whole days to report their “theft.” What were they doing in the interim?? The Norwich Police, Scotland Yard, MP Clarke, members of Parliament, U.S. Congress, Special Prosecutors and 2 billion people online will be very interested to hear their reasoning. Holy Chappaquidick!!
Very interesting analysis Charles… That would even be sweeter!