This lends cred to WUWT’s previous analysis done by our own Charles the moderator: The CRUtape Letters™, an Alternative Explanation,
Climate-Gate: Leaked
by Lance Levsen, Network Analyst – courtesy of Small Dead Animals
Some time starting in mid November 2009, ten million teletypes all started their deet-ditta-dot chatter reeling off the following headline: “Hackers broke into the University of East Anglia’s Climate Research Unit….”
I hate that. It annoys me because just like everything else about climate-gate it’s been ‘value-added’; simplified and distilled. The contents of FOIA2009.zip demand more attention to this detail and as someone once heard Professor Jones mutter darkly, “The devil is in the details…so average it out monthly using TMax!”
The details of the files tell a story that FOIA2009.zip was compiled internally and most likely released by an internal source.
The contents of the zip file hold one top-level directory, ./FOIA. Inside that it is broken into two main directories, ./mail and ./documents. Inside ./mail are 1073 text files ordered by date. The files are named in order with increasing but not sequential numbers. Each file holds the body and only the body of an email.
In comparison, ./documents is highly disorganized. MS Word documents, FORTRAN, IDL and other computer code, Adobe Acrobat PDF’s and data are sprinkled in the top directory and through several sub-directories. It’s the kind of thing that makes the co-workers disorganized desk look like the spit and polish of a boot camp floor.
What people are missing entirely is that these emails and files tell a story themselves.
Proponents of the hacker meme are saying that s/he broke into East Anglia’s network and took emails. Let’s entertain that idea and see where it goes.
There is no such thing as a private email. Collecting all of the incoming and outgoing email is simple in a mail server. Using: Postfix the configuration is always_bcc=<email address>, here are links on configuring the same for Sendmail, and for Exim. Those are the three main mail servers in use in the Unix environment. Two of them, Sendmail and Exim are or were in use as the external mail gateways and internal mail servers at the University of East Anglia (UEA).
When a mail server receives an email for someone@domain.net, it checks that it is authoritative for that domain. This means that a server for domain.net will not accept email for domain.ca. The mail server will usually then run checks on the email for spam, virus, and run other filters. It will then check to see whether to route the email to another server or to drop the email in a users mailbox on that server. In all examples examined in the released emails, the mail gateway forwarded the emails to another server.
The user then has a mail client that s/he uses to read email. Outlook Express, Eudora, Apple Mail, Outlook, Thunderbird, mutt, pine and many more are all mail clients.
Mail clients use one of two methods of reading email. The first is called POP and that stands for Post Office Protocol. A mail client reading email with POP logs into the mail server, downloads the email to the machine running the mail client and will then delete the original email from the users spool file on the mail server.
The second protocol is called IMAP, Internet Message Access Protocol. IMAP works by accessing the mailboxes on the mail server and doing most of the actions there. Nothing is actually downloaded onto the client machine. Only email that is deleted and purged by the mail client is gone. Either protocol allows the user the opportunity to delete the email completely.
Most email clients are setup for reading emails with POP by default and POP is more popular than IMAP for reading email.
The released emails are a gold mine for a system administrator or network administrator to map. While none of the emails released contained headers, several included replies that contained the headers of the original emails. An experienced administrator can create an accurate map of the email topography to and from the CRU over the time period in question, 1998 thru 2009.
Over the course time, UEA’s systems administrators made several changes to the way email flows through their systems. The users also made changes to the way they accessed and sent email.
The Users
Using a fairly simple grep1 we can see that from the start of the time-frame, 1999, until at least 2005 the CRU unit accessed their email on a server called pop.uea.ac.uk. Each user was assigned a username on that server. From the released emails, we can link username to people as such:
- Prof. Trevor Davies was user e022
- Dr. Timothy Osborn was user f055
- Prof. Phil Jones was user f028
- Prof. Mike Hulme was user f037
- Prof. Keith Briffa was user f023
In the previously referenced grep comes some more useful information. For instance, we know that Professor Davies was using QUALCOMM Windows Eudora Light Version 3.0.3 (32) in September of 1999. (ref Email: 0937153268.txt). If you look at the README.txt for that version you can see that it requires a POP account and doesn’t support IMAP.
As mentioned previously, POP deletes email on the server usually after it is downloaded. Modern POP clients do have an option to save the email on the server for some number of days, but Eudora Light 3.0.3 did not. We can say that Professor Davies’ emails were definitely removed from the server as soon as “Send/Recv” was finished.
This revelation leaves only two scenarios for the hacker:
- Professor Davies’ email was archived on a server and the hacker was able to crack into it, or
- Professor Davies kept all of his email from 1999 and he kept his computer when he was promoted to Pro-Vice Chancellor for Research and Knowledge Transfer in 2004 from his position as Dean of the School of Environmental Sciences.
The latter scenario requires that the hacker would have had to know how to break into Prof. Davies’ computer and would have had to get into that computer to retrieve those early emails. If that were true, then the hacker would have had to get into every other uea.ac.uk computer involved to retrieve the emails on those systems. Given that many mail clients use a binary format for email storage and given the number of machines the hacker would have to break into to collect all of the emails, I find this scenario very improbable.
Which means that the mail servers at uea.ac.uk were configured to collect all incoming and outgoing email into a single account. As that account built up, the administrator would naturally want to archive it off to a file server where it could be saved.
This is a simple evolution. You just run a crontab to start a shell-script that will stop the mail server, move the mail spool file into a file somewhere else, nulls the live spool and restart the mail server. The account would reside on the mail server, the file could be on any server.
Alternatively you could use a procmail recipe to process the email as it comes in, but that may be a bit too much processing power for a very busy account.
This also helps to explain the general order of the ./mail directory. Only a computer would be able to reliably export bodies of email into numbered files in the FOIA archive. As the numbers are in order not just numerically but also by date, the logical reasoning is that a computer program is numbering emails as they are processed for storage. This is extremely easy to do with Perl and the Mail::Box modules.
The Email Servers
I’ve created a Dia diagram2 of the network topography regarding email only as demonstrated in the released emails. Here’s a jpeg of it:
The first thing that springs to mind is that the admins did a lot of fiddling of their email servers over the course of ten years. 🙂 The second thing is the anomaly. Right in the middle of 2006-2009 there is a Microsoft Exchange Server. Normally, this wouldn’t be that big of an blip except we’ve already demonstrated that the servers at UEA were keeping a copy of all email in and out of the network. Admins familiar with MS Exchange know that it too is a mail server of sorts.
It is my opinion that the MS Exchange server was working in conjunction with ueams2.uea.ac.uk and I base this opinion on the fact that ueams2.uea.ac.uk appears both before and after the MS Exchange Server. It doesn’t change its IP address nor does it change the type of mail server that is installed on it. There is a minor version update from 4.51 to 4.69. You can see Debian’s changelog between the Exim versions here.
I’ve shown that the emails were collected from the servers rather than from the users accounts and workstations, but I haven’t shown which servers were doing the collection. There are two options, the mail gateway or the departmental mail servers.
As demonstrated above, I believe that the numbers of the filenames correspond to the order that the emails were archived. If so, the numbers that are missing, represent other emails not captured in FOIA2009.zip.
I wrote a short Bash program3 to calculate the variances between the numbering system of the email filenames. The result is staggering, that’s a lot of email outside of what was released. Here’s a graph of the variances in order as well as a graph with the variances numerically sorted . Graph info down below.
The first graph is a little hard to read, but that’s mostly because the first variance is 8,805,971. To see a little better, just lop off the first variance and rerun gnuplot. For simplicity, that graph is here. The mean of the variances is 402839.36 so the average amount of emails between each released email is 402,839. While not really applicable, but useful, the standard deviation is 736228.56 and you can visualize that from the second graph.
I realize that variance without reference is useless, in this instance the number of days between emails. Here is a grep of the emails with their dates of origin.
I do not see the administrators copying the email at the departmental level, but rather at the mail gateway level. This is logical for a few reasons:
- The machine name ueams2.uea.ac.uk implies that there are other departmental mail servers with the names like ueams1.uea.ac.uk, (or even ueams.uea.ac.uk), maybe a ueams3.uea.ac.uk. If true, then you would need to copy email from at least one other server with the same scripts. This duplication of effort is non-elegant.
- There is a second machine that you have to copy emails from and that is the MS Exchange server so you would need a third set of scripts to create a copy of email. Again, this would be unlike an Administrator.
- Departmental machines can be outside the purview of Administration staff or allow non-Administrative staff access. This is not where you want to be placing copies of emails for the purposes of Institutional protection.
- As shown with the email number variances, and if they are representative of the email number as it passed through UEA’s email systems, that’s a lot of emails from a departmental mail server and more like an institutional mail gateway.
So given the assumptions listed above, the hacker would have to have access to the gateway mail server and/or the Administration file server where the emails were archived. This machine would most likely be an Administrative file server. It would not be optimal for an Administrator to clutter up a production server open to the Internet with sensitive archives.
The ./FOIA/documents directory is a complete mess. There are documents from Professor Hulme, Professor Briffa, the now famous HARRY_READ_ME.txt, and many others. There seems to be no order at all.
One file in particular, ./FOIA/documents/mkhadcrut is only three lines long and contains:
tail +13021 hadcrut-1851-1996.dat | head -n 359352 | ./twistglob > hadcrut.dat # nb. 1994- data is already dateline-aligned cat hadcrut-1994-2001.dat >> hadcrut.dat
Pretty simple stuff, get everything in hadcrut-1851-1996.dat starting at the 13021st line. From that get only the first 359352 lines and run that through a program called twistglob in this directory and dump the results into hadcrut.dat. Then dump all of the information in hadcrut-1994-2001.dat into the bottom of hadcrut.dat.
….Except there isn’t a program called twistglob in the ./FOIA/documents/ directory. Nor is there the resultant hadcrut.dat or the source files hadcrut-1851-1996.dat and hadcrut-1994-2001.dat.
This tells me that the collection of files and directories in ./documents isn’t so much a shared directory on a server, but a dump directory for someone who collected all of these files. The originals would be from shared folders, home directories, desktop machines, workstations, profiles and the like.
Remember the reason that the Freedom of Information requests were denied? In email 1106338806.txt, Jan 21, 2005 Professor Phil Jones states that he will be using IPR (Intellectual Property Rights) to shelter the data from Freedom of Information requests. In email 1219239172.txt, on August 20th 2008, Prof. Jones says “The FOI line we’re all using is this. IPCC is exempt from any countries FOI – the skeptics have been told this. Even though we (MOHC, CRU/UEA) possibly hold relevant info the IPCC is not part our remit (mission statement, aims etc) therefore we don’t have an obligation to pass it on.”
Is that why the data files, the result files and the ‘twistglob’ program aren’t in the ./documents directory? I think this is a likely possibility.
If Prof. Jones and the UEA FOI Officer used IPR and the IPCC to shelter certain things from the FOIA then it makes sense that things are missing from the ./documents directory. Secondly it supports the reason that ./documents is in such disarray is that it was a dump folder. A dump folder explicitly used to collect information for the purpose of release pursuant to a FOI request.
Conclusion
I suggest that it isn’t feasible for the emails in their tightly ordered format to have been kept at the departmental level or on the workstations of the parties. I suggest that the contents of ./documents didn’t originate from a single monolithic share, but from a compendium of various sources.
For the hacker to have collected all of this information s/he would have required extraordinary capabilities. The hacker would have to crack an Administrative file server to get to the emails and crack numerous workstations, desktops, and servers to get the documents. The hacker would have to map the complete UEA network to find out who was at what station and what services that station offered. S/he would have had to develop or implement exploits for each machine and operating system without knowing beforehand whether there was anything good on the machine worth collecting.
The only reasonable explanation for the archive being in this state is that the FOI Officer at the University was practising due diligence. The UEA was collecting data that couldn’t be sheltered and they created FOIA2009.zip.
It is most likely that the FOI Officer at the University put it on an anonymous ftp server or that it resided on a shared folder that many people had access to and some curious individual looked at it.
If as some say, this was a targeted crack, then the cracker would have had to have back-doors and access to every machine at UEA and not just the CRU. It simply isn’t reasonable for the FOI Officer to have kept the collection on a CRU system where CRU people had access, but rather used a UEA system.
Occam’s razor concludes that “the simplest explanation or strategy tends to be the best one”. The simplest explanation in this case is that someone at UEA found it and released it to the wild and the release of FOIA2009.zip wasn’t because of some hacker, but because of a leak from UEA by a person with scruples.
1 See file ./popaccounts.txt
2 See file ./email_topography.dia
3 See file ./email_variance.sh
4 See file ./gnuplotcmds
Notes
Graphs created with gnuplot using a simple command file4 for input. I use a stripped down version of the variants_results_verbose.txt file, it’s the same, just stripped of comment and the filenames.. The second graph is a numerically sorted version, $> sort -n ./variance_results.txt > variance_sorted_numerically.txt.
Assigned Network Numbers for UAE from RIPE.NET
RIPE.NET has assigned 139.222.0.0 – 139.222.255.255,193.62.92.0 – 193.62.92.255, and 193.63.195.0 – 193.63.195.255 to the University of East Anglia for Internet IP addresses.
RIPE.NET Admin contact for the University of East Anglia: Peter Andrews, Msc, Bsc (hons) – Head of Networking at University of East Anglia. (Linked In, Peter isn’t in the UEA directory anymore so I assume he is no longer at UEA.)
RIPE.NET Tech Contact for the University of East Anglia: Andrew Paxton
Current Mail Servers at UEA
A dig for the MX record of uea.ac.uk (email servers responsible for the domain uea.ac.uk) results in the following:
$> dig mx uea.ac.uk ; <<>> DiG 9.6.1-P2 <<>> mx uea.ac.uk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 737 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 13 ;; QUESTION SECTION: ;uea.ac.uk. IN MX ;; ANSWER SECTION: uea.ac.uk. 50935 IN MX 2 ueamailgate01.uea.ac.uk. uea.ac.uk. 50935 IN MX 2 ueamailgate02.uea.ac.uk.
The IP addresses for the two UEA email servers are:
ueamailgate01.uea.ac.uk. 28000 IN A 139.222.131.184
ueamailgate02.uea.ac.uk. 28000 IN A 139.222.131.185
Test connections to UEA’s current mailservers:
$> telnet ueamailgate01.uea.ac.uk 25 Trying 139.222.131.184... Connected to ueamailgate01.uea.ac.uk. Escape character is '^]'. 220 ueamailgate01.uea.ac.uk ESMTP Sendmail 8.13.1/8.13.1; Mon, 7 Dec 2009 01:45:42 GMT quit 221 2.0.0 ueamailgate01.uea.ac.uk closing connection Connection closed by foreign host. $> telnet ueamailgate02.uea.ac.uk 25 Trying 139.222.131.185... Connected to ueamailgate02.uea.ac.uk. Escape character is '^]'. 220 ueamailgate02.uea.ac.uk ESMTP Sendmail 8.13.1/8.13.1; Mon, 7 Dec 2009 01:45:49 GMT quit 221 2.0.0 ueamailgate02.uea.ac.uk closing connection
I’ve been a Unix, Windows, OS X and Linux systems and network administrator for 15 years. I’ve compiled, configured, and maintained everything from mail servers to single-signon encrypted authentication systems. I run lines, build machines and tinker with code for fun. You can contact me via: lance@catprint.ca.
Lance Levsen,
December, 2009
Sponsored IT training links:
We offer 100% pass result in first attempt for all kind of IT exams including 70-685 and 70-271. Join 640-460 online course to save a big deal on real exam.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
Has anyone suggested that the person who may have collected all this information, named the file, and even been part of the leak could be the FOI officer himself?
You are all wrong. The dingo did it! [Oz joke]
Invariant (11:48:21) :
John Galt (11:30:35) :BBC: UK Climate Code May Be Scrapped. According to a report by the BBC, a computer software expert says the source code used by the Climatic Research Unit at the University of East Anglia is “below the standard in any commercial software.”
I think it’s an amusing red herring for to scrap the source because it is “below the standard in any commercial software.” Surely this is exactly the mediocre quality kind of source code found in most academic institutions…
Unfortunately, the quality is not far off most of what is developed for most large businesses.
GMT+1 is also British Summer time, in effect from March to October. From the example above
1123622471.txt
1123622471 is unix time August 9, 2005 21:21:11 GMT
The date/time stamp on that email is:
Date: Tue Aug 9 17:21:11 2005
This is four hours behind GMT, or (USA) Eastern Daylight Time. It’s the wrong direction for Kiev.
I think Harry did it.
@chris Schonveld
If you put climategate in quotes you will get climategate in quotes?
Climategate is producing 31.5million?
Am Imissing something?
acementhead (12:44:18) : Your comment is awaiting moderation
OK I won’t waste any more time trying to post here.
[Reply: you begrudge an unpaid volunteer for taking off for less than 90 minutes before approving a comment, out of a 10 – 12 hour day of moderating 300 – 500+ posts, every day, 7 days a week? This site usually posts comments promptly, but sometimes there’s an hour or two delay; climategate and Copenhagen have really increased the traffic. There’s a way to show some appreciation: hit the tip jar. ~dbs, mod.]
Carsten Arnholm, Norway (13:02:20) :
JustPassing (11:34:22) :
Am I now seeing right?
Google now produces 280,000,000 results for climategate.
WOW
I get precisely 33,500,000
“Results 1 – 10 of about 33,500,000 for climategate. (0.08 seconds) ”
How odd we get these precisely round numbers and still totally different values?
Everyone should look at their Goolge search settings. Mine is set to filter (because I’m at the office) and only to return English pages (since that’s the only language I am literate in).
Your settings likely affect the number of results.
I´d like to clear up one thing. Many people are suggesting that the BBC
had the files before the internet release.
What really happened was that a reporter had written an article
suggesting warming had slowed. (Approx a month before the hack.)
He was sent some emails by CRU decrying his article.
When the hack occurred, many people screamed ¨hoax¨.
However, the reporter confirmed at least some emails
were genuine as these were the ones sent to him
regarding his article, again, approx a month before
the leak.
I too favour the insider theory.
What are odds of this folder,which is full of juicy stuff, accidentally
being uploaded. Especially just before Copenhagen.
I´d look towards the ¨Harry¨ file.Notice the frustration in
the comments. Also notice how it finishes abruptly.
Perhaps the commentor had seen enough, got sacked,
given up etc.
Robinson says:
There are 86,400 seconds in a day.
Do you want to rethink your remark?
(Since 402,839 is actually the average number of seconds between emails, which is about 4.6 days.)
” Carsten Arnholm, Norway (13:33:15) : ”
I am aware of that but the timestamps generated are consistently 5 hours ahead of GMT no matter what the TZ of the header is.
What is 5 hours ahead of GMT? Russia time zone 4 in winter and time zone 3 in summer.
IPCC boss says of Climategate:the only debate is who is behind [the leak]…
In remarks to AFP, Pachauri said he did not believe that the affair would sway the opinion of people who had carefully weighed the evidence for or against climate change.
“I think people are informed enough to realise that the Fourth Assessment Report is completely objective, totally unbiased and solid in its scientific assessment.
“The only debate is who is behind it, I think we should catch the culprits.”
“On a somewhat related note, Google is still hiding the autosuggest!”
Google does evil. Google is evil.
There are several online tools for timestamp to date and vice versa conversion, one is here:
http://ibboard.co.uk/timestamp.php
Pat,
I suspect Hudson received an e-mail from a BBC colleague (Black?), that included the chain of text Black had received by e-mail from a UEA scientist . That message, complaining about the BBC’s lapse in editorial standards, contained the comments by Trenberth, Mann and others.
As you can see from most of the e-mails, the chain of text is copied to the next recipient.
When Climategate broke, Hudson misconstrued the significance of the e-mail and wrote a poor and misleading article/blog post. He then disappeared to avoid embarrassment;)
acementhead (12:44:18) :
not according to to any phase diagram that I can find(well my conclusion from examining them). Coldest ever recorded temp at Vostok ~184 K which would give a CO2 vapour pressure of ~ 0.3 bar.
Yeah, I forgot about the low partial pressure bit. But perhaps if it became REALLY, REALLY cold 🙂
The time stamps were not generated by the server. Someone parsed the date headers of the emails, generated a timestamp and renamed the files to be a function of the timestamp. This is because both exim and sendmail name mail files as a function of the message-id. If you have the original filename, you can go back through the logs and determine exactly which machine the files were originally removed from. So you “mask” the original file name by going through the files and renaming them according to the date header. In this case it works because there apparently weren’t two emails in the same second.
Both the filename and the file creation date were change. The creation dates of all the files was set the same which is a date earlier than the last email. Notice the file dates (using ls -1) is in 2008 though some of the emails are from 2009. The file names and dates were changed after the fact to remove a trail.
Invariant (11:48:21) :
John Galt (11:30:35) :BBC: UK Climate Code May Be Scrapped. According to a report by the BBC, a computer software expert says the source code used by the Climatic Research Unit at the University of East Anglia is “below the standard in any commercial software.”
I think it’s an amusing red herring for to scrap the source because it is “below the standard in any commercial software.” Surely this is exactly the mediocre quality kind of source code found in most academic institutions…
————————————————————
So does that mean that crappy, improper mediocre code that doesn’t function properly IS GOOD ENOUGH for academia????
The cat is out of the bag, whatever they try, AGW is dead.. so skeptics don’t fret about current news stories etc. The cru story is self replicating and won’t go away. Even MSM is slowly becoming embedded in it. In the end people will notice that the weather/climate ain’t changing…. In one year, this won’t be an issue it will have changed to environmental stuff but not global warming which is OK
And to be clear about what I am getting at … it appears that someone modified their computer clock to make it 4 or 5 hours later than it was. This is because if I am in 10 different timezones and I parse a date/time string that gives its offset from GMT (-0000 in this case) I will get exactly the same date string output because unix time is seconds elapsed since 0000 01-01-1970 UTC. So if I have 10 computers in 10 different timezones, as long as the timezone is set right and the internal clock is correct, I will get exactly the same timestamp when I parse the date header. My location shouldn’t matter. Now if I intentionally change my computer’s timezone but don’t adjust my clock or if I adjust my clock but don’t adjust the computer’s timezone, the generated datestamp will be off, as is what appears to have happened here.
Let me go through this: Assume an email with a Date: header of February 13, 2009 3:31:30 -0000
If I convert that to unix time on my computer, I will get 1234567890 no matter what my computer’s time is set to. Now if I leave off the -0000 and only parse the date/time, it is going to assume MY timezone and offset the result to obtain GMT. If the command generating the timestamp took the offset into account, there would be no difference between the timestamp and the date. There is a 5 hour difference between the GMT time in the header and the generated date stamp. This means the offset in the email header was not considered and either the computer generating it was … oh, holy crap .. the computer was on the East coast of the US in GMT -0500 and added 5 hours to get what it thought was GMT.
It wasn’t 5 hours EAST of GMT, it was 5 hours WEST of GMT. The computer added 5 hours assuming the date/time was local.
Maybe the hacker just entered the system and took a FOIA file that had been prepared. The conclusion that it was a “person with scruples” doesn’t seem to follow from the technical analysis.
The profs in the emails talk about using the FTP server as an intranet. I think it was put there for Mann et al to review, and someone at UEA posted the link knowing it was there.
It was obvious when the e-mails were confirmed as genuine that this was not a hack. It would have taken far too long to compile the information and is totally at odds with the rather puerile behavior of normal hackers. Also this was not a file prepared in response to an FOI request. Such requests are by definition very targeted and would never cover such a long time period or such a broad range of topic. I suspect that the FOI name on the directory was a neat piece of misdirecton while the information was being gathered together over a long period of time. No question this was a deliberate inside job, though the mole’s motivation may not have been as pure as is widely assumed here.
Finally do not worry about speculating on the identity of the leaker as I am sure better and more sinister brains than ours ( mostly from Cheltenham) will have been all over the UEA servers.
“this was not a hack”
agreed, but steps apparently WERE taken to cover the tracks of whoever obtained the files. The file names of the emails and the file dates were changed.
Here is a copy of an email I sent Lance:-
G-Day Lance,
I have just finished reading your article on the web site “Smalldeadanimals” and it seemed to me that you like solving puzzles.
On thing I discovered after reading the emails was that there also was a directory FOIA located on Ben Santers computer in the USA. Phil Jones laughed about having a directory of that name.
This was contained in file 1233249393.txt .
Anyway here is another part of the puzzle. Below is a posting I put up on an Australian blog site, Andrew Bolt, days ago.
Andrew,
I posted here in your blog about a week ago, that the whistle blower had left clues to his or her identity .
Check out the movie “Peer Review 1945” posted on YouTube.
It was posted on YouTube on the 19th November. Time and dates are important here.
I myself was on “The Air Vent” web site reading the posts on the “Open Letter On Climate Legislation” when the link from FOIA to http://ftp.tomcity.ru/incoming/free/FOI2009.zip was up, message 10. That link was posted on the 17 November at 9:57 PM.
When I tried the link it was dead. But later FOIA DATA MIRROR on the 20 November at 12:59 AM posted a new link to http://www.megaupload.com/?d=XD050VKY This link still works.
Now Andrew, you tell me, how did the poster of the movie know what was in the emails before the files were publicly available on the net ?
But there is more. Have a look at the name of the poster at YouTube, “indusieumgresium” made up of two Latin words. Indusieum and gresium” both words have references to botany and biology. Botany, trees, tree rings ??
I have found many meanings but come back to some which suggest a grey protective layer. Also a layer to protect the sorus eg “In fungi and lichens, the sorus is surrounded by an external layer” ( indusieumgresium ).
(George Soros,, another link ??)
Also the poster of “Peer Review 1945” says he / she is 39 years old.
Along with the sub titles in the movie that directly refer to what we now know as “Climategate” I would like to know what the original movie was about and its history. What the dialogue is in the German, and why there is the emphasis on the girl crying.
So go to it.
Chris in Hervey Bay
The clues seem to be in the sub titles. “Hans”, 3 reviewers, who wanted more research done ? etc.
I’ll leave it to you to decide if this clue is worthwhile pursuing.
Chris
Hervey Bay, Australia.
A Lovell (12:56:14) :
“Forget ‘hacked’, or even ‘leaked’. I say they were LIBERATED!”
Right on! (Serves them right.)