By charles the moderator
Rodin’s The Thinker at the Musée Rodin.
Author CJ. Licensed under Creative Commons.
I have a theory.
With the blogosphere all atwitter about the emails and data “stolen” from the Climatic Research Institute at the University of East Anglia, two theories have become dominant describing the origin of the incident.
- CRU was hacked and the data stolen by skilled hackers, perhaps an individual or more insidiously some sophisticated group, such as Russian agents.
- An insider leaked the information to the NSM (non-mainstream media)
Theory number one is the preferred explanation of the defenders of CRU. This allows them to portray CRU as victims of illegal acts. It allows them to scream bloody murder and call for an investigation of the crime. How can we take the fruits of hideous crime seriously? The end does not justify the means!
One of our favorite writers, Gavin Schmidt, has expanded on this theme with the report:
He [Gavin] said the breach at the University of East Anglia was discovered after hackers who had gained access to the correspondence sought Tuesday to hack into a different server supporting realclimate.org, a blog unrelated to NASA that he runs with several other scientists pressing the case that global warming is true.
The intruders sought to create a mock blog post there and to upload the full batch of files from Britain. That effort was thwarted, Dr. Schmidt said, and scientists immediately notified colleagues at the University of East Anglia’s Climatic Research Unit.
http://www.nytimes.com/2009/11/21/science/earth/21climate.html
I believe the above statement by Gavin to be a big bunch of hooey. I believe the “hack” was a posting of the same blog comment which was posted at The Air Vent
which was also submitted here at WUWT, but never was visible publicly, because all comments are moderated and publicly invisible until approved by an administrator or moderator. Many of you have already seen it:
We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents.
Hopefully it will give some insight into the science and the people behind it.
This is a limited time offer, download now:
http://ftp.tomcity.ru/incoming/free/FOI2009.zip
Sample:
0926010576.txt * Mann: working towards a common goal
1189722851.txt * Jones: “try and change the Received date!”
0924532891.txt * Mann vs. CRU
0847838200.txt * Briffa & Yamal 1996: “too much growth in recent years makes it difficult to derive a valid age/growth curve”
0926026654.txt * Jones: MBH dodgy ground
1225026120.txt * CRU’s truncated temperature curve
1059664704.txt * Mann: dirty laundry
1062189235.txt * Osborn: concerns with MBH uncertainty
0926947295.txt * IPCC scenarios not supposed to be realistic
0938018124.txt * Mann: “something else” causing discrepancies
0939154709.txt * Osborn: we usually stop the series in 1960
0933255789.txt * WWF report: beef up if possible
0998926751.txt * “Carefully constructed” model scenarios to get “distinguishable results”
0968705882.txt * CLA: “IPCC is not any more an assessment of published science but production of results”
1075403821.txt * Jones: Daly death “cheering news”
1029966978.txt * Briffa – last decades exceptional, or not?
1092167224.txt * Mann: “not necessarily wrong, but it makes a small difference” (factor 1.29)
1188557698.txt * Wigley: “Keenan has a valid point”
1118949061.txt * we’d like to do some experiments with different proxy combinations
1120593115.txt * I am reviewing a couple of papers on extremes, so that I can refer to them in the chapter for AR4
I was the first at WUWT to see the comment above and immediately embargoed it. After discussions and many phone calls, we finally began to refer to the information after, and only after, we saw that it was available elsewhere, such as The Air Vent, and also after we knew that CRU was aware that it was circulating on the web.
Gavin’s elaborate description of the hacking attempt at RC is, in my humble opinion, nothing more than an attempt to add meat to the hacking theory in order to increase the vilification of the theoretical hackers. Gavin has demonstrated this kind of misdirection in the past in the Mystery Man incident where he attempted to obfuscate his own involvement in a data correction to station files held by the British Antarctic Survey. In this new spirit of transparency Gavin, why don’t you send Anthony the log files that demonstrate this attempted break in at realclimate.org?
After all, this is a criminal act of vandalism and of harassment of a group of scientists that are only going about their business doing science. It represents a whole new escalation in the war on climate scientists who are only trying to get at the truth. Think — this was a very concerted and sophisticated hacker attack. …Or at the next level, since the forces of darkness have moved to illegal operations, will we all have to get bodyguards to do climate science?
Sigh…and sigh again.
Theory number two is the preferred explanation of, for want of a better term, the Skeptics Camp. It is a romantic thought. Some CRU employee, fed up with the machinations, deceit, and corruption of science witnessed around him or her, took the noble action of becoming whistle-blower to the world, bravely thrusting the concealed behavior and data into the light for all to see. This theory is attractive for all the right reasons. Personal risk, ethics, selflessness etc.
I would like to offer a third possibility based on a bit of circumstantial evidence I noticed on the Web Saturday afternoon.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
A short time ago there was a previous leak of CRU data by an insider. In this case, Steve McIntyre acquired station data which he had been requesting for years, but someone inside CRU unofficially made the data available.
In this case, many commentators had various guesses as to the motivation or identity of the disgruntled mole even proposing that perhaps a disgruntled William Connelly was the perpetrator.
Of course it turned out the Phil Jones, director of CRU, himself had inadvertently left the data on an open FTP server.
Many have begun to think that the zip archive FOI2009.zip was prepared internally by CRU in response to Steve McIntyre’s FOI requests, in parallel with attempts to deny the request in case the ability to refuse was lost. There are many reasons to think this is valid and it is consistent with either of the two theories at the beginning of this post. Steve McIntyre’s FOI appeal was denied on November 13th and the last of the emails in the archive is from November 12th.
It would take a hacker massive amounts of work to parse through decades of emails and files but stealing or acquiring a single file is a distinct possibility and does not require massive conspiracy. The same constraints of time and effort would apply to any internal whistle blower. However, an ongoing process of internally collating this information for an FOI response is entirely consistent with what we find in the file.
In the past I have worked at organizations where the computer network grew organically in a disorganized fashion over time. Security policies often fail as users take advantage of shortcuts to simplify their day to day activities. One of these shortcuts is to share files using an FTP server. Casual shortcuts in these instances may lead to gaping security holes. This is not necessarily intentional, but a consequence of human nature to take a shortcut here and there. This casual internal sharing can also lead to unintentional sharing of files with the rest of the Internet as noted in the Phil Jones, CRU mole, example above. Often the FTP server for an organization may also be the organization’s external web server as the two functions are often combined on the same CPU or hardware box. When this occurs, if the organization does not lock down their network thoroughly, the security breaches which could happen by accident are far more likely to occur.
Since Friday November 20th a few users noticed this interesting notice on the CRU website.
This website is currently being served from the CRU Emergency Webserver.
Some pages may be out of date.
Normal service will be resumed as soon as possible.
Here is a screen grab for posterity.
So as part of the security crackdown at CRU they have taken down their external webserver? Network security professionals in the audience will be spitting up coffee all over their keyboards at this point.
So this is my theory is and this is only my theory:
A few people inside CRU possessed the archive of documents being held in reserve in case the FOI appeal decision was made in favor of Steve McIntyre. They shared it with others by putting it in an FTP directory which was on the same CPU as the external webserver, or even worse, was an on a shared drive somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available. Then, along comes our “hackers” who happened to find it, download it, and the rest is history unfolding before our eyes. So much for the cries of sophisticated hacking and victimization noted above.
If I had to bet money, I would guess that David Palmer, Information Policy & Compliance Manager, University of East Anglia, has an even chance of being the guilty party, but it would only be a guess.
To repeat the basic premise of this theory.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
™ CRUtape Letters, is a trademark of Moshpit Enterprises.
Charles’ theory makes sense for one simple reason: if this were a criminal act wouldn’t there be some evidence of police activity? Has WUWT, tAV or anyone associated with these sites been approached by law enforcement? Has there been a single email asking what did you know and when did you know it? Perhaps folks have been contacted and have been keeping it quiet, but it would be interesting to know just how seriously this is being pursued by the police.
On the other hand, if no crime were committed, I’m sure the folks at CRU are smart enough not to claim one had been commited to law enforcement. Filing a false police report is a serious crime in the US, I’m sure it is in the UK also.
In that same line of thinking, are police reports public record in the UK? Does anyone know exactly what, if anything, CRU reported to they police?
If the emails were leaked on the 12th–I think that is what Hudson is implying–then that would help explain the 20x normal volume in the green ETF.
David L. Hagen (11:57:48)
12 October is probably a typo for 12 November?
There has been a lot of talk about ‘erased’ files and how these may have been ‘lost’ forever.
It is possible to recover files that have been erased, even on disks reformatted after the deletion.
There are always stray magnetic ghosts remaining on the disks and there are forensic techniques available to enhance these ghosts.
It is also true there are techniques available to really scramble over the ghosts of files past, greatly complicating the forensic recovery of those files. However, it looks as if the CRU folks lack the technical skills or knowledge to even be aware of these techniques.
If one really wanted to do a thorough examination, a third party (perhaps law enforcement?) needs to physically secure the disk drives of CRU.
The oops theory makes sense but I can’t get past such a file being prepared with such devastating data. Is it possible that the person tasked with compiling the data in case the FOI was granted, eventually realized what they were finding and became concerned the FOI would be denied and this data “lost” and then decided to “oops” the file out into the wild? Perhaps they delegated that task to someone who was not predictable enough.
I am not in the least a lawyer (thankfully), but I have observed numerous criminal trials in my lifetime.
So if there is a “mob” operation, and a person from another “mob”, (Operation A and Person B, let’s call them) steals a whole lot of various materials and goodies from Operation A, including various documents and objects which would prove that Operation A was involved in criminal operations, and Person B gets nabbed by law enforcement, is what Person B stole acceptable in a court of law as evidence that Operation A was involved in criminal operations? Can what Person B stole be used as evidence against Operation A? Even if Person B never got convicted of any crime? (Might even call Person B a “confidential informer”, which is often used by law enforcement).
Of course the materials stolen by Person B could be used by law enforcement and the courts to convict Operation A, and the “players” of Operation A of any crimes that could be proved by the evidence stolen by Person B.
High crimes and felonies have been committed by these yahoos who have been masquerading as “scientists”, and it is long since past the time when they should have to answer for their criminal activities. Let the search warrants be issued, as there is probable cause, let the evidence be gathered by law enforcement officials not in the pay of those who would profit or have profited as a result these crimes, and let the trials begin.
I have to wonder, about this time, which of the “players” in this game are going to selected to be thrown on their swords, to save whoever is left who can be saved from disgrace and ignominy.
Were I one of the researchers who went along with this huge and costly to all fiasco for the purposes of getting government grants, I would really be worried about now.
Not sure where the rumour of another 100mb of information has come from? I think there may be a little confusion. 65mb was released in a zipped up format, unzipped, this came to 160mb of data. Are people sure this isn’t where the missing 100mb is?
De Rode Willem says:
November 23, 2009 at 10:34 am
If these critics must build a case on theft and robbary…then they are no dime better than those who try to lie about some 10th of a centigrade more or less.
—————————-
I would class this as theft as the files/info are in the public interest. Also, who says the files were stolen? Only those who have something to hide at this stage. In time, maybe we will know either way…
Everybody click into the CNN news to make it the most popular. Lets also do our little fraud 😉
http://edition.cnn.com/2009/TECH/11/23/hacker.climate/index.html
CRUTape, Screwtape is the allusion I presume.
For those not familiar with the writings of C S Lewis, Screwtape was a senior devil writing letters to a junior devil, and the tone of these wasn’t that much different from the CRU letters. A brilliant allusion.
Even more apt is N.I.C.E from Lewis’s That Hideous Strength. The National Institute of Co-ordinated Experiments was a devilish Scientific body in a small English University town which was able to overrule the laws of England, and whose purpose was to introduce a totalitarianism beyond imagination. A hero in the story (well eventually a hero) was a social scientist corrupted by the attraction of the “inner circle” where things “really happened”, and who assisted in manipulating the populace by writing media articles crafted to deceive.
G.L. Alston (09:50:08) : “The comment by Pierrehumbert is telling. He’s essentially proving Jerry Pournelle’s “Iron Law of Bureaucracy” case.”
I was reminded of a speech from the 1956 film “Forbidden Planet.” Referring to the remnants of an advanced civilization he’s found on Altair IV, Dr. Morbius says,
“Such portions then of the Krell science as I may from time to time deem suitable and safe I shall dispense to Earth. Other portions I shall withhold. And in this I shall be answerable exclusively to my own conscience and judgment.”
As it turned out, a little “peer review” might have saved his life and many others. 🙂
JimB in Canada (09:48:51) :
“We hereby release a random selection of correspondence, code, and documents.”
Has anyone discussed the phrase “Random Selection”? Doesn’t this imply a larger section of Data may have been liberated and this 61 megs was just a sample?
I’ve been thinking the same thing, and why would the source call it “random” if there weren’t more of the exact same kind of stuff in its possession – or did the source think it just got lucky? If there is more to come, where is it such that its release can’t be stopped? We’ll just have to wait and see.
And I’m still a little flummoxed by the idea that Jones advises people to delete emails in the face of an FOI request, then doesn’t delete this very email itself. Does he think he’s invisible, but the others not? Well, by now I wouldn’t put that past any of these effete, “I speak it, therefore it is true”, Climate Scientists.
http://edition.cnn.com/2009/TECH/11/23/hacker.climate/index.html
Someone who received the e-mails on the subject “BBC U-turn on climate” forwarded them to Paul Hudson. These particular e-mails pertained directly to him. There is no way he received the contents of the leaked folder on October 12 as there is material dated later. Even the discussion of his BBC story continues until Oct. 14. Mr. Hudson did not word what he posted very carefully. I think he simply means that he can confirm the content of a few e-mails contained in the archive.
Not all of these files would need to have been released as part of the FOI request.
I think Jones performed a clean up of embarrassing material which was lifted from his recycle bin. Home goal.
This theory reminds me of panicked teenagers grabbing up all their drug/booze/sex stuff and throwing it out the window before their parents walk in. Only it wasn’t their parents they heard driving up, it was the police, walking around the house, doing an innocent neighborhood security check. Giggle.
So the FOI2009 files were extracted to be HIDDEN from FOI requests, and later retrieved from their safe hiding place. Sounds plausible. No “hacker” would know what to drag out unless it was precompiled for hiding.
What a terrible nightmare for the participants, if true. I actually said a prayer for those guys, in spite of what they are trying to do to every person in the world.
I doubt they ever dreamed all the power would end up in their hands and that they wold be called to such high accountability, eventually. Otherwise they would have had much tidier work and careful language from the start.
Thanks Charles for the 3rd theory.
Although I waver between theory #2 and #3, I found the following link in the files:
http://www.cru.uea.ac.uk/cru/people/briffa/yamal2009/
The problem I have with this is, CRU states an Emergency Server is running at the moment.
You can easily go to the
http://www.cru.uea.ac.uk/cru/people/briffa/
directory, but not to
http://www.cru.uea.ac.uk/cru/people/briffa/yamal2009/
(Page temporarily unavailable)
Now tell me, does it make an sense to have access to Briffa’s cushion face, but not to the disputed Yamal data?
If this is an Emergency Server running, I (personally) would have reduced the informations to the lowest limits.
But why can I see Briffa’s page, but not the Yamal data?
Let me guess:
The Yamal data is actually there, but stealthed with another file name.
But this would mean, this is no emergency server!
The link to the Yamal directory might be obviously a kind of tripwire.
This makes your theory #3 much plausible.
There is enough intrigue here for another John Le Carre novel. Bring back George Smiley – he’ll sort it out.
The more I think about this, the more I think a civil suit must be filed. A good attorney will be able to make a name and money off this case.
This will put all the documents in the public realm via a discovery process and will also set a precedent for future potential actions like this.
It is then up to US and State Attorney Generals to determine what crimes were committed and which can be procecuted.
“(80.Has there been any explanation given for charge that there was a request for emails to be deleted to avoid an FOI request? All I’ve heard is that no emails were deleted, but the request itself is completely unethical and most likely illegal. Everything else I’ve seen seems to due to poor word choice and/or lack of context. The FOI avoidance would be a big blow to CRU, even if it doesn’t affect climate science.
[Response: In my opinion that email was very ill-advised. – gavin])”
Looks like Gavin is running for cover. Could be he’s starting to have concerns about some of the things he’s reading. I spent the weekend reading the emails that Gavin was a part of, and there really wasn’t much there except for working on RC during NASA business hours. If more disclosures are on the way, now is the time for Gavin to break ranks if he want to survive this.
Here’s another clue.
When you are trying to deliberately take someone down, the normal procedure it to release the damning information in parts — the way James O’Keefe and Hannah Giles exposed ACORN.
This had to exist as a single file to begin with.
I think the idea that this was an accidental compilation is more likely. A lot of this stuff is not what would be prepared for a FOIA request if someone was looking to keep their job. But we do know that there was an email suggesting that people delete some of their emails that referred to particular topics. What I am thinking is that someone deleted their email, but did not empty the recycle bin. The files were out of sight, but not out of mind, so to speak.
It goes along with the incompetency thought. I’ve known many people who thought once they deleted the email from their inbox it was gone forever. You can guess their chagrin when I pulled emails back from the trash bin. If CRU uses a mail server program like Lotus Notes or some thing similar, it is like a three step process to permanently delete an email or group of emails from the database system it uses. Someone with basic access, such as a student at UEA, might have sufficient access to check the deleted mail folders from the database and pull out the files to make the zip file.
UPDATE:
I just noticed, that other directories at the same directory level ARE available, i.e.
http://www.cru.uea.ac.uk/cru/people/briffa/jgr2001/
http://www.cru.uea.ac.uk/cru/people/briffa/qsr1999/
but explicitely NOT
http://www.cru.uea.ac.uk/cru/people/briffa/yamal2009/
I have the faint suspicion this is the MAIN server running, only labelled as EMERGENCY server.
Evil to him who evil thinks. 🙂
Except for the conspiracy aspects of the contents of FOIA2009.zip, exactly why was all this stuff secret in the first place ?
Likewise, if the part of the theory that says this was put together as part of the review to Steve McIntyre’s FOIA request, exactly what contained with FOIA2009.zip, aside from the embarrassing conspiracy perpetrated by CRU employees, were the CRU officials trying to protect by denying the request.
Finally, the legal department of CRU found nothing strange reading this material that obviously reveals many unethical, if not illegal, acts by CRU employees ?
Frankly, the best course for the CRU and the University of East Anglia is to announce that a ongoing probe had been started on Nov. 12, 2009 into the actions of various employees of the CRU, from material that came to light because of a FOIA request.
John Galt (09:17:40) :
Probably not. Too easy for the defense to say the documents had been tampered with. BUT,I would think the originals could be subpoenaed and brought into evidence (in my humble non-legal opinion)
PR Guy (09:52:58) :
I like this idea. Some of the e-mails would probably never have been included in an FOI request. After all, the request for information was for data and code, not e-mails. I think some third party clerk at CRU was pulling data together for the FOI in case it was approved..and found more than he/she was looking for and included it. This insider either leaked the file, or like theory number 3…it was left intentionally or unintentionally on an unprotected server.
The BBC is claiming that it had the emails a month earlier:
http://www.bbc.co.uk/blogs/paulhudson/2009/11/climategate-cru-hacked-into-an.shtml
How would that affect the theory under discussion here?
I should point out that I’m skeptical of the BBC’s claim, as many of the emails continue on into this month! So they may have seen something, but who knows what?