By charles the moderator
Rodin’s The Thinker at the Musée Rodin.
Author CJ. Licensed under Creative Commons.
I have a theory.
With the blogosphere all atwitter about the emails and data “stolen” from the Climatic Research Institute at the University of East Anglia, two theories have become dominant describing the origin of the incident.
- CRU was hacked and the data stolen by skilled hackers, perhaps an individual or more insidiously some sophisticated group, such as Russian agents.
- An insider leaked the information to the NSM (non-mainstream media)
Theory number one is the preferred explanation of the defenders of CRU. This allows them to portray CRU as victims of illegal acts. It allows them to scream bloody murder and call for an investigation of the crime. How can we take the fruits of hideous crime seriously? The end does not justify the means!
One of our favorite writers, Gavin Schmidt, has expanded on this theme with the report:
He [Gavin] said the breach at the University of East Anglia was discovered after hackers who had gained access to the correspondence sought Tuesday to hack into a different server supporting realclimate.org, a blog unrelated to NASA that he runs with several other scientists pressing the case that global warming is true.
The intruders sought to create a mock blog post there and to upload the full batch of files from Britain. That effort was thwarted, Dr. Schmidt said, and scientists immediately notified colleagues at the University of East Anglia’s Climatic Research Unit.
http://www.nytimes.com/2009/11/21/science/earth/21climate.html
I believe the above statement by Gavin to be a big bunch of hooey. I believe the “hack” was a posting of the same blog comment which was posted at The Air Vent
which was also submitted here at WUWT, but never was visible publicly, because all comments are moderated and publicly invisible until approved by an administrator or moderator. Many of you have already seen it:
We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents.
Hopefully it will give some insight into the science and the people behind it.
This is a limited time offer, download now:
http://ftp.tomcity.ru/incoming/free/FOI2009.zip
Sample:
0926010576.txt * Mann: working towards a common goal
1189722851.txt * Jones: “try and change the Received date!”
0924532891.txt * Mann vs. CRU
0847838200.txt * Briffa & Yamal 1996: “too much growth in recent years makes it difficult to derive a valid age/growth curve”
0926026654.txt * Jones: MBH dodgy ground
1225026120.txt * CRU’s truncated temperature curve
1059664704.txt * Mann: dirty laundry
1062189235.txt * Osborn: concerns with MBH uncertainty
0926947295.txt * IPCC scenarios not supposed to be realistic
0938018124.txt * Mann: “something else” causing discrepancies
0939154709.txt * Osborn: we usually stop the series in 1960
0933255789.txt * WWF report: beef up if possible
0998926751.txt * “Carefully constructed” model scenarios to get “distinguishable results”
0968705882.txt * CLA: “IPCC is not any more an assessment of published science but production of results”
1075403821.txt * Jones: Daly death “cheering news”
1029966978.txt * Briffa – last decades exceptional, or not?
1092167224.txt * Mann: “not necessarily wrong, but it makes a small difference” (factor 1.29)
1188557698.txt * Wigley: “Keenan has a valid point”
1118949061.txt * we’d like to do some experiments with different proxy combinations
1120593115.txt * I am reviewing a couple of papers on extremes, so that I can refer to them in the chapter for AR4
I was the first at WUWT to see the comment above and immediately embargoed it. After discussions and many phone calls, we finally began to refer to the information after, and only after, we saw that it was available elsewhere, such as The Air Vent, and also after we knew that CRU was aware that it was circulating on the web.
Gavin’s elaborate description of the hacking attempt at RC is, in my humble opinion, nothing more than an attempt to add meat to the hacking theory in order to increase the vilification of the theoretical hackers. Gavin has demonstrated this kind of misdirection in the past in the Mystery Man incident where he attempted to obfuscate his own involvement in a data correction to station files held by the British Antarctic Survey. In this new spirit of transparency Gavin, why don’t you send Anthony the log files that demonstrate this attempted break in at realclimate.org?
After all, this is a criminal act of vandalism and of harassment of a group of scientists that are only going about their business doing science. It represents a whole new escalation in the war on climate scientists who are only trying to get at the truth. Think — this was a very concerted and sophisticated hacker attack. …Or at the next level, since the forces of darkness have moved to illegal operations, will we all have to get bodyguards to do climate science?
Sigh…and sigh again.
Theory number two is the preferred explanation of, for want of a better term, the Skeptics Camp. It is a romantic thought. Some CRU employee, fed up with the machinations, deceit, and corruption of science witnessed around him or her, took the noble action of becoming whistle-blower to the world, bravely thrusting the concealed behavior and data into the light for all to see. This theory is attractive for all the right reasons. Personal risk, ethics, selflessness etc.
I would like to offer a third possibility based on a bit of circumstantial evidence I noticed on the Web Saturday afternoon.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
A short time ago there was a previous leak of CRU data by an insider. In this case, Steve McIntyre acquired station data which he had been requesting for years, but someone inside CRU unofficially made the data available.
In this case, many commentators had various guesses as to the motivation or identity of the disgruntled mole even proposing that perhaps a disgruntled William Connelly was the perpetrator.
Of course it turned out the Phil Jones, director of CRU, himself had inadvertently left the data on an open FTP server.
Many have begun to think that the zip archive FOI2009.zip was prepared internally by CRU in response to Steve McIntyre’s FOI requests, in parallel with attempts to deny the request in case the ability to refuse was lost. There are many reasons to think this is valid and it is consistent with either of the two theories at the beginning of this post. Steve McIntyre’s FOI appeal was denied on November 13th and the last of the emails in the archive is from November 12th.
It would take a hacker massive amounts of work to parse through decades of emails and files but stealing or acquiring a single file is a distinct possibility and does not require massive conspiracy. The same constraints of time and effort would apply to any internal whistle blower. However, an ongoing process of internally collating this information for an FOI response is entirely consistent with what we find in the file.
In the past I have worked at organizations where the computer network grew organically in a disorganized fashion over time. Security policies often fail as users take advantage of shortcuts to simplify their day to day activities. One of these shortcuts is to share files using an FTP server. Casual shortcuts in these instances may lead to gaping security holes. This is not necessarily intentional, but a consequence of human nature to take a shortcut here and there. This casual internal sharing can also lead to unintentional sharing of files with the rest of the Internet as noted in the Phil Jones, CRU mole, example above. Often the FTP server for an organization may also be the organization’s external web server as the two functions are often combined on the same CPU or hardware box. When this occurs, if the organization does not lock down their network thoroughly, the security breaches which could happen by accident are far more likely to occur.
Since Friday November 20th a few users noticed this interesting notice on the CRU website.
This website is currently being served from the CRU Emergency Webserver.
Some pages may be out of date.
Normal service will be resumed as soon as possible.
Here is a screen grab for posterity.
So as part of the security crackdown at CRU they have taken down their external webserver? Network security professionals in the audience will be spitting up coffee all over their keyboards at this point.
So this is my theory is and this is only my theory:
A few people inside CRU possessed the archive of documents being held in reserve in case the FOI appeal decision was made in favor of Steve McIntyre. They shared it with others by putting it in an FTP directory which was on the same CPU as the external webserver, or even worse, was an on a shared drive somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available. Then, along comes our “hackers” who happened to find it, download it, and the rest is history unfolding before our eyes. So much for the cries of sophisticated hacking and victimization noted above.
If I had to bet money, I would guess that David Palmer, Information Policy & Compliance Manager, University of East Anglia, has an even chance of being the guilty party, but it would only be a guess.
To repeat the basic premise of this theory.
There’s an old adage, never assume malice when stupidity or incompetence will explain it.
™ CRUtape Letters, is a trademark of Moshpit Enterprises.
@Jeff C
You are correct. The police would be investigating this “breach” and it would be all over the news. as of yet, I haven’t read, heard or seen anything on any of the network and cable news of any investigation.
This is nothing more than a ruse to shift blame and attention to a non existent entity. I would be watching for anyone being sacked from Hadley in the next few days or weeks.
P WIlson (12:05:02) :
The Channel 4 news item
http://link.brightcove.com/services/player/bcpid1529573111?bclid=51602931001&bctid=52281154001
Part 3 : CBI – Thatcher
time approx – 18:20
It’s way past time for someone to come up with a legal request/response based on information in the file at this point.
Some government entity should be opening an investigation…oh …wait…the government NEEDS that boogey man! Almost forgot.
Seriously…this needs to be officially investigated by someone with the ability to subpoena those involved to get the rest of the information they’ve been hiding and threatening to delete.
As has been pointed out countless times, there are backup tapes of all this stuff out there somewhere, and someone needs to file suit to get access to them.
Also, even without any malfeasance…there is open admission that in fact they have no idea what’s in the databases. The data has been “adjusted” without being documented, and noone knows where/where/why/how, so based on that alone, everything they’re doing with models and series and tree rings is all a giant waste of time, as far as I can tell.
If the “pure” data no longer exists…sorry guys and gals…time to start over, and try and do a better job this time?
JimB
I think it’s an insider, probably in IT department, maybe a sys admin.
The insider had been periodically ‘peaking’ at email boxes and documents on the servers and just casually copied items of interest. He was simply collecting bits and pieces over time.
briefly, on provenance……from Paul Hudson’s BBC Blog.
But I will in the meantime answer the question regarding the chain of e-mails which you have been commenting about on my blog, which can be seen here, and whether they are genuine or part of an elaborate hoax.
I was forwarded the chain of e-mails on the 12th October, which are comments from some of the worlds leading climate scientists written as a direct result of my article ‘whatever happened to global warming’. The e-mails released on the internet as a result of CRU being hacked into are identical to the ones I was forwarded and read at the time and so, as far as l can see, they are authentic.
NMice graphic on the CRU front page.
Still lying, I see.
The other theory that I’m starting to like more and more is that Jones directed some lower level IT guys to delete files from the server and backup tapes. We have an email where Jones is directing people to delete emails from their email accounts. He’s probably smart enough to know that there would be files on the servers and tapes as well. So he tries to get a low level IT guy to do the deed. But he picks the wrong guy, he picks a guy who has some integrity. Since he’s a low level guy, he feels trapped — he doesn’t know where to go or who to complain to and he worries (a lot) about retribution (gee, I don’t know why, they seem like such nice guys). So he leaks it.
Basil (12:49:07) :
The BBC is claiming that it had the emails a month earlier:
http://www.bbc.co.uk/blogs/paulhudson/2009/11/climategate-cru-hacked-into-an.shtml
How would that affect the theory under discussion here?
I should point out that I’m skeptical of the BBC’s claim, as many of the emails continue on into this month! So they may have seen something, but who knows what
http://flashforward.net/
Basil (12:49:07) :
The BBC is claiming that it had the emails a month earlier:
http://www.bbc.co.uk/blogs/paulhudson/2009/11/climategate-cru-hacked-into-an.shtml
How would that affect the theory under discussion here?
I should point out that I’m skeptical of the BBC’s claim, as many of the emails continue on into this month! So they may have seen something, but who knows what?
If that’s true, then there is little question that these emails were leaked.
Sorry if this a repeat, but 175 preceding comments is a lot to search
Fourth theory:
The “leak” was a quite deliberate camouflage job, to hide the equally deliberate destruction of seriously indictable material that was perceived to be vulnerable to FOI exposure
The released material is embarassing, but falls far short of evidence that could support criminal prosecutions. The story is being suppressed in the main stream media, being presented as a spat between science camps.
For this to work, it is vital that the hacker is never found, or the hacking methodology.
If this is right, we will see claims that the hacking caused extensive deletion of files.
Better to be embarrassed than go to prison.
Mike G
@alleagra
I heard it too and have been looking to spot another source of that claim all day.
OT , but since I’m here , I’ll post it here . Obama was just on the tube – he’s still talking about green jobs and the climate “crisis” . It will take a lot to dissuade the current crowd in DC , I’m afraid . Crimony , if nothing else this should prove that the science is not now , nor has it ever been “settled” . Fools , the lot of them .
It appears that the leak was internal. On November 17th the zip file was sent to multiple recipients. Notice how the opening is worded, and how the selected emails are summarized to get the recipients interested:
How is it that the emails are presented as text (,txt) files?
Whilst not an expert on email servers, the ones I have used (and the clients such as Microsoft Outlook) do not store in this format. All emails are stored in one large file (eg, ,pst), not individual text files. So, how did the released files get into this format? Could someone with full access to other’s email accounts (an insider?) have been looking for incriminating marerial and copied/pasted the offending emails into text files?
Also, the recipients and the original senders of the emails should have copies on their own mail servers/email clients/etc so it is useless to gather these together on any one server for deletion to escape detection.
Any investigation should look into whether there has been deletion of the same files from the many disparate email servers/accounts involved. If so, would this could prove collusion to ‘hide’ the actions of the people concerned?
Perusing some of these emails, I think it’s nothing short of academic fraud. Particularly since these so-called scientists and their data has created or changed legislation in several countries.
I wonder if this would change the minds of our politician’s minds in regards to the cap and tax legislation?
Someone needs to take charge and bring this to a world audience.
In some comments it is said that the files were placed in an “insecure” place. While this may be technically true, I think “unsecure” was meant.
ATD (12:56:30) :
So Hudson was forwarded a chain of emails, on October 12, than run through a month later? Neat trick.
Theory no 3 doesn’t account for the nature of the content nor the sheer volume of the file.
My theory; theory no 4 = theory no 3 + theory no 1 OR theory no 3 + theory no 2.
That is, stuff have been added to a smaller, more benign file.
Isn’t the “I” an extract/summary from 1120593115.txt?
[Yes, it was edited out.]
BENEFIT OF THE DOUBT?
Why is it we are always expected to extend kindness to those who never do so to us? To them, we are “climate criminals,” even though it is they who manufacture and manipulate data to falsify the record. Yet we are to believe they just made a stupid mistake resulting in “out of context” material to be “misinterpreted?”
No. I’m going with conspiracy on this one, just because the evidence is so overwhelming. Honest people don’t write the things they worte, even “in context.”
Besides, as posted in a previous article of yours, “You can claim an email you wrote years ago isn’t accurate saying it was ‘taken out of context’, but a programmer making notes in the code does so that he/she can document what the code is actually doing at that stage, so that anyone who looks at it later can figure out why this function doesn’t plot past 1960. In this case, it is not allowing all of the temperature data to be plotted.”
http://wattsupwiththat.com/2009/11/22/cru-emails-may-be-open-to-interpretation-but-commented-code-by-the-programmer-tells-the-real-story/
They knew what they were doing, and deserve to be cut no slack. They may have also been stupid, which is why they got caught, but the are and remain primarily dishonest hacks.
Listen: Inhofe Says He Will Call for Investigation on “Climategate” on Wash Times Americas Morning
Optics Are Important
This is turning into a hyperpartisan tabloid feeding frenzy – and this will be many peoples’ first impression of WUWT.
What’s happening with El Nino? Record November snowfall in Whistler, BC where the Winter Olympics will be held in a few months. Floods in other parts of coastal BC. Heavy rains in northeast England. Fires in Australia…
Paul Vaughan:
Yes, your explanation fits well.
Odd leetle story from one of my own clients (names omitted to protect the terminally innocent).
Requirement: to scan in source documents to an accounting system, using an early-generation mopier/scanner with a document feeder, to generate the images.
Unfortunately: said mopier cannot see anything else on the network except itself. So cannot do the preferred option, which is to write scans to a network resource.
Fortunately: the mopier can be set up as an FTP server, so it can write to itself, and be seen by the rest of the network.
Unfortunately: so can the rest of the world.
Fortunately: my scans happened just fine. I’m outta there and in the clear.
Unfortunately: over the following weekend, some enterprising types downloaded a mirror of their entire East European pron site onto the mopier, as revealed by the next Monday’s logs, which had their Internet pipe red-lined the whole time.
Fortunately, they realised what was up and shut down the FTP server on the mopier.
Unfortunately, they then could not easily delete the files downloaded, as the downloads included some tricky tricks to stop such maintenance.
Fortunately, the boys could read the files.
Unfortunately, there was a way round the hack, and the files were deleted.
Fortunately, that took about two weeks.
Moral of the story: open FTP is an accident waiting to happen.
I just fired off an email to Peter G. Neumann asking if he was following this. If you don’t know who he is check his web site. http://catless.ncl.ac.uk/Risks/25.83.html and his bio @ur momisugly http://www.csl.sri.com/users/neumann/neumann.html
“I have been a member of the SRI International Computer Science Laboratory since September 1971. I spent eight years at Harvard (1950-58, with my A.B. in Math in 1954, S.M. in Applied Math in 1955, and PhD in 1961 after returning from my two-year Fulbright in Germany (1958-60), where I also received the German Dr rerum naturarum in 1960. “
I don’t see where he “ends with ‘I'”…?
THe I is part of an example grabbed from an email?
JimB