By charles the moderator
Rodin’s The Thinker at the Musée Rodin.
Author CJ. Licensed under Creative Commons.
I have a theory.
With the blogosphere all atwitter about the emails and data “stolen” from the Climatic Research Institute at the University of East Anglia, two theories have become dominant describing the origin of the incident.
- CRU was hacked and the data stolen by skilled hackers, perhaps an individual or more insidiously some sophisticated group, such as Russian agents.
- An insider leaked the information to the NSM (non-mainstream media)
Theory number one is the preferred explanation of the defenders of CRU. This allows them to portray CRU as victims of illegal acts. It allows them to scream bloody murder and call for an investigation of the crime. How can we take the fruits of hideous crime seriously? The end does not justify the means!
One of our favorite writers, Gavin Schmidt, has expanded on this theme with the report:
He [Gavin] said the breach at the University of East Anglia was discovered after hackers who had gained access to the correspondence sought Tuesday to hack into a different server supporting realclimate.org, a blog unrelated to NASA that he runs with several other scientists pressing the case that global warming is true.
The intruders sought to create a mock blog post there and to upload the full batch of files from Britain. That effort was thwarted, Dr. Schmidt said, and scientists immediately notified colleagues at the University of East Anglia’s Climatic Research Unit.
http://www.nytimes.com/2009/11/21/science/earth/21climate.html
I believe the above statement by Gavin to be a big bunch of hooey. I believe the “hack” was a posting of the same blog comment which was posted at The Air Vent
which was also submitted here at WUWT, but never was visible publicly, because all comments are moderated and publicly invisible until approved by an administrator or moderator. Many of you have already seen it:
We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents.
Hopefully it will give some insight into the science and the people behind it.
This is a limited time offer, download now:
http://ftp.tomcity.ru/incoming/free/FOI2009.zip
Sample:
0926010576.txt * Mann: working towards a common goal
1189722851.txt * Jones: “try and change the Received date!”
0924532891.txt * Mann vs. CRU
0847838200.txt * Briffa & Yamal 1996: “too much growth in recent years makes it difficult to derive a valid age/growth curve”
0926026654.txt * Jones: MBH dodgy ground
1225026120.txt * CRU’s truncated temperature curve
1059664704.txt * Mann: dirty laundry
1062189235.txt * Osborn: concerns with MBH uncertainty
0926947295.txt * IPCC scenarios not supposed to be realistic
0938018124.txt * Mann: “something else” causing discrepancies
0939154709.txt * Osborn: we usually stop the series in 1960
0933255789.txt * WWF report: beef up if possible
0998926751.txt * “Carefully constructed” model scenarios to get “distinguishable results”
0968705882.txt * CLA: “IPCC is not any more an assessment of published science but production of results”
1075403821.txt * Jones: Daly death “cheering news”
1029966978.txt * Briffa – last decades exceptional, or not?
1092167224.txt * Mann: “not necessarily wrong, but it makes a small difference” (factor 1.29)
1188557698.txt * Wigley: “Keenan has a valid point”
1118949061.txt * we’d like to do some experiments with different proxy combinations
1120593115.txt * I am reviewing a couple of papers on extremes, so that I can refer to them in the chapter for AR4
I was the first at WUWT to see the comment above and immediately embargoed it. After discussions and many phone calls, we finally began to refer to the information after, and only after, we saw that it was available elsewhere, such as The Air Vent, and also after we knew that CRU was aware that it was circulating on the web.
Gavin’s elaborate description of the hacking attempt at RC is, in my humble opinion, nothing more than an attempt to add meat to the hacking theory in order to increase the vilification of the theoretical hackers. Gavin has demonstrated this kind of misdirection in the past in the Mystery Man incident where he attempted to obfuscate his own involvement in a data correction to station files held by the British Antarctic Survey. In this new spirit of transparency Gavin, why don’t you send Anthony the log files that demonstrate this attempted break in at realclimate.org?
After all, this is a criminal act of vandalism and of harassment of a group of scientists that are only going about their business doing science. It represents a whole new escalation in the war on climate scientists who are only trying to get at the truth. Think — this was a very concerted and sophisticated hacker attack. …Or at the next level, since the forces of darkness have moved to illegal operations, will we all have to get bodyguards to do climate science?
Sigh…and sigh again.
Theory number two is the preferred explanation of, for want of a better term, the Skeptics Camp. It is a romantic thought. Some CRU employee, fed up with the machinations, deceit, and corruption of science witnessed around him or her, took the noble action of becoming whistle-blower to the world, bravely thrusting the concealed behavior and data into the light for all to see. This theory is attractive for all the right reasons. Personal risk, ethics, selflessness etc.
I would like to offer a third possibility based on a bit of circumstantial evidence I noticed on the Web Saturday afternoon.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
A short time ago there was a previous leak of CRU data by an insider. In this case, Steve McIntyre acquired station data which he had been requesting for years, but someone inside CRU unofficially made the data available.
In this case, many commentators had various guesses as to the motivation or identity of the disgruntled mole even proposing that perhaps a disgruntled William Connelly was the perpetrator.
Of course it turned out the Phil Jones, director of CRU, himself had inadvertently left the data on an open FTP server.
Many have begun to think that the zip archive FOI2009.zip was prepared internally by CRU in response to Steve McIntyre’s FOI requests, in parallel with attempts to deny the request in case the ability to refuse was lost. There are many reasons to think this is valid and it is consistent with either of the two theories at the beginning of this post. Steve McIntyre’s FOI appeal was denied on November 13th and the last of the emails in the archive is from November 12th.
It would take a hacker massive amounts of work to parse through decades of emails and files but stealing or acquiring a single file is a distinct possibility and does not require massive conspiracy. The same constraints of time and effort would apply to any internal whistle blower. However, an ongoing process of internally collating this information for an FOI response is entirely consistent with what we find in the file.
In the past I have worked at organizations where the computer network grew organically in a disorganized fashion over time. Security policies often fail as users take advantage of shortcuts to simplify their day to day activities. One of these shortcuts is to share files using an FTP server. Casual shortcuts in these instances may lead to gaping security holes. This is not necessarily intentional, but a consequence of human nature to take a shortcut here and there. This casual internal sharing can also lead to unintentional sharing of files with the rest of the Internet as noted in the Phil Jones, CRU mole, example above. Often the FTP server for an organization may also be the organization’s external web server as the two functions are often combined on the same CPU or hardware box. When this occurs, if the organization does not lock down their network thoroughly, the security breaches which could happen by accident are far more likely to occur.
Since Friday November 20th a few users noticed this interesting notice on the CRU website.
This website is currently being served from the CRU Emergency Webserver.
Some pages may be out of date.
Normal service will be resumed as soon as possible.
Here is a screen grab for posterity.
So as part of the security crackdown at CRU they have taken down their external webserver? Network security professionals in the audience will be spitting up coffee all over their keyboards at this point.
So this is my theory is and this is only my theory:
A few people inside CRU possessed the archive of documents being held in reserve in case the FOI appeal decision was made in favor of Steve McIntyre. They shared it with others by putting it in an FTP directory which was on the same CPU as the external webserver, or even worse, was an on a shared drive somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available. Then, along comes our “hackers” who happened to find it, download it, and the rest is history unfolding before our eyes. So much for the cries of sophisticated hacking and victimization noted above.
If I had to bet money, I would guess that David Palmer, Information Policy & Compliance Manager, University of East Anglia, has an even chance of being the guilty party, but it would only be a guess.
To repeat the basic premise of this theory.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
™ CRUtape Letters, is a trademark of Moshpit Enterprises.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
Your CRUtape title is excellent since it points to the true source of all this, the Prince of Darkness himself Lord (Voldemort) Mandelson. UK Govt. finances are in a terrible state so rapid funding cuts are needed all round but nobody (except LVM) has the guts to drown the polar bear cubs.
Sorry, it appears Paul Hudson was probably just talking about the email chain which references his story on the BBC about “whatever happened to global warming”, not the whole chain.
Somewhat OT, but I have also formulated a new theory which is mine and belongs to me.
It’s all just a terrible misunderstanding. UEA-CRU has spent the past ten years trying to replicate Mann’s hockey stick, but have repeatedly missed an important cultural datum which could (at least in part) explain the pseudo-statistical gymnastics seen in the leaked documents…
http://imgur.com/6dSR9.gif
I suggest the original file was named NOT_FOI2009.zip
Then r&r (renamed& released).
How about we take up a collection and donate it to the CRU, then we can sue them for fraud for misusing our funds! As noted donors they would have to be answerable to us in a court of law, and it would be mighty interesting to have them open their books (financial and otherwise).
as this appears to be a compilation done for a by the FOI office, the immediate question arises, why the FOI officers involved did not stop or sanction the deletion of files and the outspoken intent to breach FOI regulations.
This is definitly a leak.
Paul Hudson of the BBC who wrote the article “Whatever happened to Global Warming” confirms in his blog that he received the E-Mails on 12 October 2009 already and confirms its authenticity (this is probably an eatlier version, since the neweset date is 12 November 2009). He will comment later on these.
His blog can be found at: http://www.bbc.co.uk/blogs/paulhudson/atom.xml
Notice also that just prior to this package being released that Phil had finished what he thought was a successful schmoozing job with the University FOIA compliance folks to squash the FOIA request. I wouldn’t be surprised if the IT guy tasked with compiling this file didn’t release it out of spite.
It would make sense, since the fact that Phil Jones asked everyone to delete their emails and then failed to delete his own is a puzzler… but it isn’t so puzzling if some data security person had already been tasked with retrieving the data from an archive of whose existence Phil was unaware.
The name of the file is consistent with the theory. Citing Phil Jones
“If they ever hear there is a Freedom of Information Act now in the UK, I think I’ll delete the file rather than send to anyone.”
it wouldn’t be strange that he changed his mind, knowing that a FOIA would eventually be sent to McIntyre, to stage this up, so it could be a hacker’s fault.
Anyway, any good forensic investigator should know this by now…
Ecotretas
I, too, object to the term of “Church of AGW” on the grounds that it connotes an organized, hierarchical, catholic institution. I think of dogmatically religious AGW proponents more as independent imams, sermonizing before the ovine faithful, enforcing literalism, issuing their fatwas against heretics and blasphemers, and enjoying the advantages of having compliant media mutaween willing to apply beatings.
UK Chanel 4, 7:00 News, just had an interwiw with a rather subdued prof Watson about the CRU leaks
I’m still trying to figure out why someone on the inside would gather the data into a ZIP file if it wasn’t to get it “out” in a convenient package. If I were Prof Jones and wanted to avoid having inconvenient information come out, I’d be using “rm -f” and not “zip”. If I *were* boxing things up to respond to a FOIA request, why would I pick the 60 most damaging megabytes I could find and tie them up with a bow like that?
If I were a IT type gathering up stuff for a FOIA request, there’d be a lot more “kitchen sink” items in the archive and you’d probably need DVDs to store it all.
I’m still thinking “knowledgeable insider”, someone with both sufficient access and knowledge of the AGW debate and its particulars. Knowledge without access would probably leave all sorts of audit trails which would be made public by CRU by now. Access without knowledge wouldn’t result in such a compact form of the end product.
You are as good as correct Charles. Try doing it by a process of elimination I think it always works better.
It is not a hack. Hacks tend to collect random data, ie a whole directory not selected data.
Whistle-Blower, Probably not .. The tribal nature of acces rights would lead an insider to be very wary of doing this. Not enough freedom of movement.
An accident by someone stupid possible.
My view is that it would take someone a lot of time and effort to put together this leaked data… years of data had to be recovered from archive, visually reviewed and selected for release based upon their content… this is not a five minute job… it is a far more calculated action….
The “powers that be” that have invested so heavily in getting this “data” originated will have wanted an insurance policy so that they do not get caught in the “blow back” should a) the operation becomes exposed or compromised… or b) they wish to change their minds and stop the operation.
Therefore, this looks very much like someone has decided to use their “insurance policy” that has been collected over the years… the AGW cabal have been effectively “thrown under a bus”…. we are now “picking over the bones” of this rather messy road kill… and they will probably be allowed to retire quietly provided they keep their mouths shut… I have got the impression that the cabal is deeply shocked by this leak… stunned silence… they thought they had protection… they thought they were immune… just read the emails…
This story played on Channel 4 news tonight (still on air, so no clip available). They interviewed someone from UEA who put up a not very plausible defence. The questioner (Krishnan Guru-Murphy) asked him about “hiding the decline” several times and all the interviewee (I forgot his name already!) could do was give a character reference!
Google Trends reports that Google searches for global warming emails have leapt to a hotness of “Volcanic”. And the Timeline graph for all Google News sources covering the topic shows increasing coverage, with this morning’s number of sources at 50% more than the “Jennifer Lopez falls” coverage and about 50% of the number covering U.S. health care.
Might the amount of interest be related between two stories, as the emails story involves hiding information, and the Lopez fall story involves her falling on live TV being edited out of the two-hour-later rerun?
[ Alvin (10:10:23) :I just watched a FoxNews interview between Chris Horner at the Competitive Enterprise Institute and Howard Gould of the Clean Economy network. See how has more invested in this “event”. ]
In this interview, did anyone else hear Chris Horner say “there’s 62mb released and 100 to come”. Did he mix his words up or does he have privileged information?
In ‘Climategate’ – CRU hacked into and its implications BBC’s Paul Hudson states:
(80.Has there been any explanation given for charge that there was a request for emails to be deleted to avoid an FOI request? All I’ve heard is that no emails were deleted, but the request itself is completely unethical and most likely illegal. Everything else I’ve seen seems to due to poor word choice and/or lack of context. The FOI avoidance would be a big blow to CRU, even if it doesn’t affect climate science.
[Response: In my opinion that email was very ill-advised. – gavin])
Another admission.
Hell hath no fury like a female scorned?
PS. RTE ,the Irish broadcaster has not responded to my reasonable query as to why they have totally ignored this news.
Ed Reid (09:10:32) :
I knew there was a nagging little tug on my memory.
The term CRUtape rhymes with Screwtape.
There is delicious irony in all this, with temptations resisted and temptations indulged in.
See http://en.wikipedia.org/wiki/The_Screwtape_Letters
There was no ‘hacking’ and I don’t care what Gavin Schmidt says. Being in the computer industry for 18 years, I can safely say that hackers won’t waste their time with anything that doesn’t have some sort of return value; it takes months and sometimes even years to hack a server. Assuming that a hacker did break in, would they really know what they had in their possession?
Either someone deliberately leaked them or someone made a massive network security mistake. I tend to think the former.
The first thing an incompetent person will do, when dealing with digital data that has been lost or leaked, is to blame hackers.
I usually have nothing but disdain for Faux News, but the pretty talking head in the middle there actually asked some pertinent questions. Well done! Glad to see this is starting to get out into the networks. The commentator who said this is not a revelation, but an affirmation hit it squarely on the head.
A BBC reporter is claiming to have been provided at least some of the email as of October 12th. How does this fit in?
The matter was out on national TV in the UK (ch4)tonight and professor Watson was asked what “hide the decline”meant. He answered that he couldn’t believe that Phil Jones, whose reputation was beyond reproach, and whose approach is transparent, wouldn’t manipulate data in such a manner, although he didn’t answer the questions of the interviewer as to what “hide the decline” meant