This lends cred to WUWT’s previous analysis done by our own Charles the moderator: The CRUtape Letters™, an Alternative Explanation,
Climate-Gate: Leaked
by Lance Levsen, Network Analyst – courtesy of Small Dead Animals
Some time starting in mid November 2009, ten million teletypes all started their deet-ditta-dot chatter reeling off the following headline: “Hackers broke into the University of East Anglia’s Climate Research Unit….”
I hate that. It annoys me because just like everything else about climate-gate it’s been ‘value-added’; simplified and distilled. The contents of FOIA2009.zip demand more attention to this detail and as someone once heard Professor Jones mutter darkly, “The devil is in the details…so average it out monthly using TMax!”
The details of the files tell a story that FOIA2009.zip was compiled internally and most likely released by an internal source.
The contents of the zip file hold one top-level directory, ./FOIA. Inside that it is broken into two main directories, ./mail and ./documents. Inside ./mail are 1073 text files ordered by date. The files are named in order with increasing but not sequential numbers. Each file holds the body and only the body of an email.
In comparison, ./documents is highly disorganized. MS Word documents, FORTRAN, IDL and other computer code, Adobe Acrobat PDF’s and data are sprinkled in the top directory and through several sub-directories. It’s the kind of thing that makes the co-workers disorganized desk look like the spit and polish of a boot camp floor.
What people are missing entirely is that these emails and files tell a story themselves.
Proponents of the hacker meme are saying that s/he broke into East Anglia’s network and took emails. Let’s entertain that idea and see where it goes.
There is no such thing as a private email. Collecting all of the incoming and outgoing email is simple in a mail server. Using: Postfix the configuration is always_bcc=<email address>, here are links on configuring the same for Sendmail, and for Exim. Those are the three main mail servers in use in the Unix environment. Two of them, Sendmail and Exim are or were in use as the external mail gateways and internal mail servers at the University of East Anglia (UEA).
When a mail server receives an email for someone@domain.net, it checks that it is authoritative for that domain. This means that a server for domain.net will not accept email for domain.ca. The mail server will usually then run checks on the email for spam, virus, and run other filters. It will then check to see whether to route the email to another server or to drop the email in a users mailbox on that server. In all examples examined in the released emails, the mail gateway forwarded the emails to another server.
The user then has a mail client that s/he uses to read email. Outlook Express, Eudora, Apple Mail, Outlook, Thunderbird, mutt, pine and many more are all mail clients.
Mail clients use one of two methods of reading email. The first is called POP and that stands for Post Office Protocol. A mail client reading email with POP logs into the mail server, downloads the email to the machine running the mail client and will then delete the original email from the users spool file on the mail server.
The second protocol is called IMAP, Internet Message Access Protocol. IMAP works by accessing the mailboxes on the mail server and doing most of the actions there. Nothing is actually downloaded onto the client machine. Only email that is deleted and purged by the mail client is gone. Either protocol allows the user the opportunity to delete the email completely.
Most email clients are setup for reading emails with POP by default and POP is more popular than IMAP for reading email.
The released emails are a gold mine for a system administrator or network administrator to map. While none of the emails released contained headers, several included replies that contained the headers of the original emails. An experienced administrator can create an accurate map of the email topography to and from the CRU over the time period in question, 1998 thru 2009.
Over the course time, UEA’s systems administrators made several changes to the way email flows through their systems. The users also made changes to the way they accessed and sent email.
The Users
Using a fairly simple grep1 we can see that from the start of the time-frame, 1999, until at least 2005 the CRU unit accessed their email on a server called pop.uea.ac.uk. Each user was assigned a username on that server. From the released emails, we can link username to people as such:
- Prof. Trevor Davies was user e022
- Dr. Timothy Osborn was user f055
- Prof. Phil Jones was user f028
- Prof. Mike Hulme was user f037
- Prof. Keith Briffa was user f023
In the previously referenced grep comes some more useful information. For instance, we know that Professor Davies was using QUALCOMM Windows Eudora Light Version 3.0.3 (32) in September of 1999. (ref Email: 0937153268.txt). If you look at the README.txt for that version you can see that it requires a POP account and doesn’t support IMAP.
As mentioned previously, POP deletes email on the server usually after it is downloaded. Modern POP clients do have an option to save the email on the server for some number of days, but Eudora Light 3.0.3 did not. We can say that Professor Davies’ emails were definitely removed from the server as soon as “Send/Recv” was finished.
This revelation leaves only two scenarios for the hacker:
- Professor Davies’ email was archived on a server and the hacker was able to crack into it, or
- Professor Davies kept all of his email from 1999 and he kept his computer when he was promoted to Pro-Vice Chancellor for Research and Knowledge Transfer in 2004 from his position as Dean of the School of Environmental Sciences.
The latter scenario requires that the hacker would have had to know how to break into Prof. Davies’ computer and would have had to get into that computer to retrieve those early emails. If that were true, then the hacker would have had to get into every other uea.ac.uk computer involved to retrieve the emails on those systems. Given that many mail clients use a binary format for email storage and given the number of machines the hacker would have to break into to collect all of the emails, I find this scenario very improbable.
Which means that the mail servers at uea.ac.uk were configured to collect all incoming and outgoing email into a single account. As that account built up, the administrator would naturally want to archive it off to a file server where it could be saved.
This is a simple evolution. You just run a crontab to start a shell-script that will stop the mail server, move the mail spool file into a file somewhere else, nulls the live spool and restart the mail server. The account would reside on the mail server, the file could be on any server.
Alternatively you could use a procmail recipe to process the email as it comes in, but that may be a bit too much processing power for a very busy account.
This also helps to explain the general order of the ./mail directory. Only a computer would be able to reliably export bodies of email into numbered files in the FOIA archive. As the numbers are in order not just numerically but also by date, the logical reasoning is that a computer program is numbering emails as they are processed for storage. This is extremely easy to do with Perl and the Mail::Box modules.
The Email Servers
I’ve created a Dia diagram2 of the network topography regarding email only as demonstrated in the released emails. Here’s a jpeg of it:
The first thing that springs to mind is that the admins did a lot of fiddling of their email servers over the course of ten years. 🙂 The second thing is the anomaly. Right in the middle of 2006-2009 there is a Microsoft Exchange Server. Normally, this wouldn’t be that big of an blip except we’ve already demonstrated that the servers at UEA were keeping a copy of all email in and out of the network. Admins familiar with MS Exchange know that it too is a mail server of sorts.
It is my opinion that the MS Exchange server was working in conjunction with ueams2.uea.ac.uk and I base this opinion on the fact that ueams2.uea.ac.uk appears both before and after the MS Exchange Server. It doesn’t change its IP address nor does it change the type of mail server that is installed on it. There is a minor version update from 4.51 to 4.69. You can see Debian’s changelog between the Exim versions here.
I’ve shown that the emails were collected from the servers rather than from the users accounts and workstations, but I haven’t shown which servers were doing the collection. There are two options, the mail gateway or the departmental mail servers.
As demonstrated above, I believe that the numbers of the filenames correspond to the order that the emails were archived. If so, the numbers that are missing, represent other emails not captured in FOIA2009.zip.
I wrote a short Bash program3 to calculate the variances between the numbering system of the email filenames. The result is staggering, that’s a lot of email outside of what was released. Here’s a graph of the variances in order as well as a graph with the variances numerically sorted . Graph info down below.
The first graph is a little hard to read, but that’s mostly because the first variance is 8,805,971. To see a little better, just lop off the first variance and rerun gnuplot. For simplicity, that graph is here. The mean of the variances is 402839.36 so the average amount of emails between each released email is 402,839. While not really applicable, but useful, the standard deviation is 736228.56 and you can visualize that from the second graph.
I realize that variance without reference is useless, in this instance the number of days between emails. Here is a grep of the emails with their dates of origin.
I do not see the administrators copying the email at the departmental level, but rather at the mail gateway level. This is logical for a few reasons:
- The machine name ueams2.uea.ac.uk implies that there are other departmental mail servers with the names like ueams1.uea.ac.uk, (or even ueams.uea.ac.uk), maybe a ueams3.uea.ac.uk. If true, then you would need to copy email from at least one other server with the same scripts. This duplication of effort is non-elegant.
- There is a second machine that you have to copy emails from and that is the MS Exchange server so you would need a third set of scripts to create a copy of email. Again, this would be unlike an Administrator.
- Departmental machines can be outside the purview of Administration staff or allow non-Administrative staff access. This is not where you want to be placing copies of emails for the purposes of Institutional protection.
- As shown with the email number variances, and if they are representative of the email number as it passed through UEA’s email systems, that’s a lot of emails from a departmental mail server and more like an institutional mail gateway.
So given the assumptions listed above, the hacker would have to have access to the gateway mail server and/or the Administration file server where the emails were archived. This machine would most likely be an Administrative file server. It would not be optimal for an Administrator to clutter up a production server open to the Internet with sensitive archives.
The ./FOIA/documents directory is a complete mess. There are documents from Professor Hulme, Professor Briffa, the now famous HARRY_READ_ME.txt, and many others. There seems to be no order at all.
One file in particular, ./FOIA/documents/mkhadcrut is only three lines long and contains:
tail +13021 hadcrut-1851-1996.dat | head -n 359352 | ./twistglob > hadcrut.dat # nb. 1994- data is already dateline-aligned cat hadcrut-1994-2001.dat >> hadcrut.dat
Pretty simple stuff, get everything in hadcrut-1851-1996.dat starting at the 13021st line. From that get only the first 359352 lines and run that through a program called twistglob in this directory and dump the results into hadcrut.dat. Then dump all of the information in hadcrut-1994-2001.dat into the bottom of hadcrut.dat.
….Except there isn’t a program called twistglob in the ./FOIA/documents/ directory. Nor is there the resultant hadcrut.dat or the source files hadcrut-1851-1996.dat and hadcrut-1994-2001.dat.
This tells me that the collection of files and directories in ./documents isn’t so much a shared directory on a server, but a dump directory for someone who collected all of these files. The originals would be from shared folders, home directories, desktop machines, workstations, profiles and the like.
Remember the reason that the Freedom of Information requests were denied? In email 1106338806.txt, Jan 21, 2005 Professor Phil Jones states that he will be using IPR (Intellectual Property Rights) to shelter the data from Freedom of Information requests. In email 1219239172.txt, on August 20th 2008, Prof. Jones says “The FOI line we’re all using is this. IPCC is exempt from any countries FOI – the skeptics have been told this. Even though we (MOHC, CRU/UEA) possibly hold relevant info the IPCC is not part our remit (mission statement, aims etc) therefore we don’t have an obligation to pass it on.”
Is that why the data files, the result files and the ‘twistglob’ program aren’t in the ./documents directory? I think this is a likely possibility.
If Prof. Jones and the UEA FOI Officer used IPR and the IPCC to shelter certain things from the FOIA then it makes sense that things are missing from the ./documents directory. Secondly it supports the reason that ./documents is in such disarray is that it was a dump folder. A dump folder explicitly used to collect information for the purpose of release pursuant to a FOI request.
Conclusion
I suggest that it isn’t feasible for the emails in their tightly ordered format to have been kept at the departmental level or on the workstations of the parties. I suggest that the contents of ./documents didn’t originate from a single monolithic share, but from a compendium of various sources.
For the hacker to have collected all of this information s/he would have required extraordinary capabilities. The hacker would have to crack an Administrative file server to get to the emails and crack numerous workstations, desktops, and servers to get the documents. The hacker would have to map the complete UEA network to find out who was at what station and what services that station offered. S/he would have had to develop or implement exploits for each machine and operating system without knowing beforehand whether there was anything good on the machine worth collecting.
The only reasonable explanation for the archive being in this state is that the FOI Officer at the University was practising due diligence. The UEA was collecting data that couldn’t be sheltered and they created FOIA2009.zip.
It is most likely that the FOI Officer at the University put it on an anonymous ftp server or that it resided on a shared folder that many people had access to and some curious individual looked at it.
If as some say, this was a targeted crack, then the cracker would have had to have back-doors and access to every machine at UEA and not just the CRU. It simply isn’t reasonable for the FOI Officer to have kept the collection on a CRU system where CRU people had access, but rather used a UEA system.
Occam’s razor concludes that “the simplest explanation or strategy tends to be the best one”. The simplest explanation in this case is that someone at UEA found it and released it to the wild and the release of FOIA2009.zip wasn’t because of some hacker, but because of a leak from UEA by a person with scruples.
1 See file ./popaccounts.txt
2 See file ./email_topography.dia
3 See file ./email_variance.sh
4 See file ./gnuplotcmds
Notes
Graphs created with gnuplot using a simple command file4 for input. I use a stripped down version of the variants_results_verbose.txt file, it’s the same, just stripped of comment and the filenames.. The second graph is a numerically sorted version, $> sort -n ./variance_results.txt > variance_sorted_numerically.txt.
Assigned Network Numbers for UAE from RIPE.NET
RIPE.NET has assigned 139.222.0.0 – 139.222.255.255,193.62.92.0 – 193.62.92.255, and 193.63.195.0 – 193.63.195.255 to the University of East Anglia for Internet IP addresses.
RIPE.NET Admin contact for the University of East Anglia: Peter Andrews, Msc, Bsc (hons) – Head of Networking at University of East Anglia. (Linked In, Peter isn’t in the UEA directory anymore so I assume he is no longer at UEA.)
RIPE.NET Tech Contact for the University of East Anglia: Andrew Paxton
Current Mail Servers at UEA
A dig for the MX record of uea.ac.uk (email servers responsible for the domain uea.ac.uk) results in the following:
$> dig mx uea.ac.uk ; <<>> DiG 9.6.1-P2 <<>> mx uea.ac.uk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 737 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 13 ;; QUESTION SECTION: ;uea.ac.uk. IN MX ;; ANSWER SECTION: uea.ac.uk. 50935 IN MX 2 ueamailgate01.uea.ac.uk. uea.ac.uk. 50935 IN MX 2 ueamailgate02.uea.ac.uk.
The IP addresses for the two UEA email servers are:
ueamailgate01.uea.ac.uk. 28000 IN A 139.222.131.184
ueamailgate02.uea.ac.uk. 28000 IN A 139.222.131.185
Test connections to UEA’s current mailservers:
$> telnet ueamailgate01.uea.ac.uk 25 Trying 139.222.131.184... Connected to ueamailgate01.uea.ac.uk. Escape character is '^]'. 220 ueamailgate01.uea.ac.uk ESMTP Sendmail 8.13.1/8.13.1; Mon, 7 Dec 2009 01:45:42 GMT quit 221 2.0.0 ueamailgate01.uea.ac.uk closing connection Connection closed by foreign host. $> telnet ueamailgate02.uea.ac.uk 25 Trying 139.222.131.185... Connected to ueamailgate02.uea.ac.uk. Escape character is '^]'. 220 ueamailgate02.uea.ac.uk ESMTP Sendmail 8.13.1/8.13.1; Mon, 7 Dec 2009 01:45:49 GMT quit 221 2.0.0 ueamailgate02.uea.ac.uk closing connection
I’ve been a Unix, Windows, OS X and Linux systems and network administrator for 15 years. I’ve compiled, configured, and maintained everything from mail servers to single-signon encrypted authentication systems. I run lines, build machines and tinker with code for fun. You can contact me via: lance@catprint.ca.
Lance Levsen,
December, 2009
Sponsored IT training links:
We offer 100% pass result in first attempt for all kind of IT exams including 70-685 and 70-271. Join 640-460 online course to save a big deal on real exam.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
crosspatch (14:59:46) :
Exactly what I wrote here:
http://wattsupwiththat.com/2009/11/23/the-crutape-letters%C2%AE-an-alternate-explanation/
Håkan B (08:09:33) :
I return to the files timestamps. There are quite a lot of files with manipulated timestamps, most 2009-01-01-06:00:00, but also from 1980-01-01 and 2004-01-01, they all carry the “06:00:00″ part, that’s what shows up in my timezone CET. Why would someone set it to 06:00:00, wouldn’t it be easier to set it to 00:00:00, while your finger is ther at the “0″? Maybe he set it to 00:00:00 when he added those files, but he was doing it on a computer with timezone set to US Eastern Time?
Okay, here’s another theory which I haven’t seen suggested yet:
Suppose an insider wanted to extort money from CRU. He assembles an archive of selected emails and other files which he knows will be quite damaging if released. He also assembles one or more additional archives of other emails and files which contain even more damaging information. Then he uploads them to a variety of anonymous FTP servers and prepares “dead man” switches which will distribute the information at his command or upon failure to countermand his instructions by preset dates.
Now he makes his extortion demand upon CRU. They blow it off. So he sends the first archive to BBC, which sits on it but probably notifies CRU. They still can’t believe he’d do something so destructive, and hence stonewall him. He releases the first archive to the public, and the fallout from Climategate is immense. It threatens world leaders and prominent scientists, with ramifications in the trillions of dollars (not to mention the political power grab).
Now he ups his demands to CRU and they cave, since the consequences of releasing a second archive are unthinkable. If he’s done a good job with his dead man switches, he may even live to enjoy his hush money.
Hey, it’s a neat theory and it can be made to fit the facts…
I don’t understand why you skeptics aren’t more skeptical. Lance’s analysis is poor to say the least. Firstly, as others have noted, he didn’t even realize that the email filenames are Unix timestamps. Secondly, he had nothing to say about the modified timestamp information of all the email text files and some of the documents. Thirdly, he didn’t even consider the idea that in all likelihood the documents were attachments to the emails. So it seems that the mighty skeptics, the dedicated band of contrarians who are going to save us all from the climate change fraud have been taken in by a filename – FOIA.zip.
To Chris of Hervey Bay.
The movie is ¨Downfall¨ The girl is Eva Braun crying
because the gig is up for the Nazis.
It´s a German film starring Bruno Ganz as Hitler in
the last days in the bunker before the Russians
capture Berlin.
Question, what led you to this video in the first place?
Cheers.
PS. Greetings from Scarness!
This is the issue that will give ClimateGate a new and powerful boost. Until now, the Warmists have been able to cloud the issue with the integrity behind “stealing” data. Once it is clear it was a whistleblower, that issue goes away. But also, because this likelihood was so bleeding obvious, the deviousness of CRU in claiming it was hacked, will be exposed.
This pattern of deception will be (surely!) a scandal in itself.
Here’s my theory – which I posted a little while ago on ClimateAudit:
I think the route into the CRU server – and directly to Jones’s emails is found in the file: 1248862973 – dated July 29 2009.
Here Mann writes to Jones:
“Santer et al paper still didn’t come through in your followup message. Can you post in on ftp where it can be downloaded?”
Jones replies to Mann:
“See below for instructions […]
file is at http://ftp.cru.xxx.xx.xx
login anonymously with emails as pw
then go to people/philjones
and you should find santeretal2001.pdf”
(my emphasis)
This email is CCed to
Kevin Trenberth
Jim Salinger
j.renwick
b.mullan
Gavin Schmidt
James Annan
Grant Foster
Foster’s address being a ‘tamino’ Hotmail account. Now ‘Tamino’ isn’t the most appealing character on the block for “loathesome” AGW sceptics – and much of what made him so depended upon his hiding behind a pseudonym that many people would have liked to officially ‘out’ him from. Apparently, Hotmail email accounts are fairly easy to crack – with instructions on how to do so openly available via a quick search on the internet. Anyone succeeding in such a crack would have found Jones’ ftp instructions in ‘Tamino’s’ in box.
If Jones did indeed have a folder named “emails” on http://ftp.cru.xxx.xx.xx (as his password suggests), and if that folder was intended to be a password-protected repository for the “loads of emails” Jones claimed to have deleted “2 months ago” (on December 3rd 2008) in response to FOI requests (1228330629), then anyone cracking into Tamino’s Hotmail email account would have come up trumps.
Each of the files in the mail directory contains more than just an email message and is a complete email thread, which provides some additional context.
I definitely agree that the documents directory looks like the response to the FOIA request. The thing about the mail directory, is that the selection criteria seems a little broad for the FOIA and would be more appropriate for an FOIA requesting evidence of fraud, not just one requesting the data. I also don’t know the relevance of the marooned.jpg file, relative to the FOIA request.
There is something fishy about the Holdren references. There’s the one that shows him resort to an idiotic justification when confronted with the loosing end of a logical argument, but other than having Holdren’s name on it has no real significance. Also, the others with his name are from being a cc to one of Mike MacCracken’s emails. Mike and he are buddies with a shared interest in geoengineering and the original messages was with regard to cooling being caused by increased sulfur aerosols, which is what MacCracken wants to convince Holdren to do in order to offset the warming that isn’t occurring. Of course, it’s true that Holdren is not very far removed from the cabal.
It’s odd that this Holdren reference showed up in a bunch of unrelated emails. They were all around the same time. One possibility is that there was a lot of ‘reply to all include previous message’ going on, however, in some cases, the <<< that are prepended to the previous messages don't always add up right.
I've seen other instances of unrelated messages being inserted in the middle of threads, so it's also a possibility that this is just an artifact of the mail archive system and how it retrieves messages. BTW, many corporate environments routinely capture and copy all incoming and outgoing email. Sarbanes-Oxley compliance even requires this (like deleting email really does any good).
George
To Dave at Scarness,
I do believe the link was in a comment on RealClimate, but not 100% sure. I did go back to get it again but the link was gone, fortunately I remembered the name and located it again by doing a YouTube search.
What you have added above, makes the video more suspicious and warrants more investigation. I have linked many more of the subtitles with the contents of the emails in the file FOI2009 just by doing a quick search in XP, I do have a copy of the zip file.
I guess my main point has always been, how did the poster of “Peer Review 1945” know the contents of FOI2009.zip at least before the 19 November. I got the file (FOI2009) on the 20 November at 5:06 AM (my computers date and time stamp) and we are 18 hours ahead of the West Coast of the US, 14 ahead of the East Coast and 10 infront of GMT.
Chris in Urangan.
” Håkan B (16:17:02) : ”
But the offset isn’t consistent. Whoever did this was clever. It appears that the “hours” value has been varied at random. Sometimes the date is 3 hours off, sometimes 4 sometimes 5 sometimes 6.
That that is only by looking at a handful of the emails. It appears that someone had a nice little script that parsed the date and changed the “hours” value at random but the minutes/seconds always hold.
From a layman who can’t hope to follow the technical discussion:
Is there a reason for assuming that FOIA2009.zip actually represents an FOIA file of some sort created by/at the university, or related to actual FOIA activity there?
I originally just assumed that it was a name given to the file by the leaker, perhaps as a pointed bit of irony.
My initial suspicion was that someone inside, trusted, but not necessarily part of the cabal, was tasked with assembling the information for a recently denied FOIA request. As a result of doing this, they recognized the deceit going on, and wanted to be on the right side of history by ‘leaking’ the assembled data, along with a few extra tidbits to corroborate what we all already knew was happening. It almost seemed too good to be true.
The initial response by CRU was that they were aware that there was some kind of data theft, which was really just an.admission that the data was real.
I agree that one out of context email message can be misleading, but hundreds of email threads with a common theme definitely means something. Statistically, the email samples are more representative of underlying intent and behavior, than say proxies are for temperature reconstructions.
Leif Svalgaard (10:30:19) :
> About Vostok: when it is really cold there the CO2 also freezes out…
Oh No! The Ghost of Horrors Past! Not this month! Oh, Whew:
> Yeah, I forgot about the low partial pressure bit. But perhaps if it became REALLY, REALLY cold 🙂
Oh Leif, please don’t do that to me – I couldn’t handle another round of that argument, certainly not with all the other nonsense going on!
My main contribution in settling it was to point out that if the dewpoint is -10°C, then frost will form on objects colder than that, but not on objects warmer than that.
The main links to the second round of that argument (we had settled it once before too) are http://wattsupwiththat.com/2009/06/13/results-lab-experiment-regarding-co2-snow-in-antarctica-at-113%c2%b0f-80-5%c2%b0c-not-possible/ and http://wattsupwiththat.com/2009/06/09/co2-condensation-in-antarctica-at-113f/
It really didn’t help when someone posted a similar claim by a physicist at Argonne, but I chased him down and he fixed it. It’s rather interesting how people (including myself) have no trouble with the frost on the windshield analogy, but had trouble applying the same reasoning to CO2 at Vostok.
The reason some of the hours are off may be because the messages are to and from a wide variety of time zones.
I made a comment on climate audit or the air vent several days ago on this subject but nobody seemed interested.
However, here are my posts on my own blogsite http://castlecarrie.wordpress.com/
Climategate – was the leak in the USA?
December 6, 2009 at 12:37 pm | In Climategate | Leave a Comment | Edit this post
Tags: Climategate
Climategate:- I wonder why everyone assumes that the leaked files were obtained from the CRU server? It seems strange to me that Prof Jones said they had been broken into three days ago and he had done nothing about it. Did he just throw up a “straw man” to cover himself? Say the files were hacked and hope that people would focus on the hacker and ignore the content of the emails?
The whistleblower did not say the files were obtained from CRU.
Here is a statement by the Prof Jones on email number 1233245601.txt dated 29th January 2009 From Phil Jones to Ben Santor at the Lawrence Livermore National Library in California, and he makes mention how funny that Ben has put information in a directory called FOIA.
So that means that there was a directory in the US named FOIA?
Perhaps the leak has come from a file on Ben’s computer in California?
The released emails as has been pointed out by others, were collated Jan 1st 2009.
> With free wifi in my room, I’ve just seen that M+M have
> submitted a paper to IJC on your H2 statistic – using more
> years, up to 2007. They have also found your PCMDI data –
> laughing at the directory name – FOIA? Also they make up
> statements saying you’ve done this following Obama’s
> statement about openness in government! Anyway you’ll likely
> get this for review, or poor Francis will. Best if both
> Francis and Myles did this. If I get an email from Glenn I’ll
> suggest this.
0.000000 0.000000
climategate – read what the whistleblower actually wrote
December 6, 2009 at 2:12 pm | In Climategate | Leave a Comment | Edit this post
Re Climategate: Listen to what the whistleblower said – and what he/she didn’t say.
It is worthwhile noting that the whistleblower described the file on the http://www.megaupload.com site as
File description: climate audit whistleblower FOIA wuwt FOI2009.zip
In other words, the so called “hacker” used the word “whistleblower” when uploading the files. He also did not say that he got them from CRU although we are assuming he did. See my posting below re the FOIA directory in the US.
The Whistleblower – a US citizen aged 39?
December 8, 2009 at 10:40 am | In Climategate | Leave a Comment | Edit this post
Further to my investigation into who is the whistleblower, I posted a comment some days ago on the climate audit site which no one has followed up.
I believe that there is a connection between an YouTube video posted on 19th November 2009 by a person who joined YouTube on 19th November, calling himself Induseiumgresium and the FOIA release FOI2009.zip.
The video shows a clip from an old movie of Hitler and staff spoken in German. The subtext has many of the words of the emails in them. This was posted a day before the general release on Nov 20th. It beggars belief that this person did not know of the content of the emails.
Furthermore, the pseudonym can be broken down into two words, Indusium Gresium, which (roughly) is a layer which covers the sorus of a leaf. There can also be a “false indusium”. Now the connection here to Soros, one of the leading AGW behind the scenes funder, is another coincidence too good to be true.
I have sent two messages to this person, neither one of which has been answered. The person says he is 39 years old.
See http://www.youtube.com/watch?v=-VRBWLpYCPY
Climategate – Prof Jones strange statement
December 7, 2009 at 10:43 pm | In Climategate | Leave a Comment | Edit this post
Further to my discussion about it being odd that when the story broke, Prof Jones said that the breakin had happened 3 days ago, how could that be true if the BBC reporter got it in early October?
There were emails dated after October. So the person if it was a hacker is supposed to have broken into the system twice?
There is something decidedly smelly about Prof Jones statement.
Also another theory aired is that the file may have been accidentally left in a computer that had some sort of public access to it, and the hacker stumbled across it. In that case, he must have stumbled across it twice accidentally, once for the BBC release, and another for the later release.
0.000000 0.000000
I agree with Optimist that it’s a file of “not to be seen” things, not anything in response to FOIA. Perhaps it was Phil Jones’s file of what to delete, as he promised. Only if the hacker was a skeptic would I go for that. Seems much more like an insider, even one of the scientists themselves who doesn’t want to be offed by Professor Watson, who I believe fully capable of such acts, after seeing him on video.
Ric Werme (18:36:46) :
> “Yeah, I forgot about the low partial pressure bit. But perhaps if it became REALLY, REALLY cold :-)”
Oh Leif, please don’t do that to me – I couldn’t handle another round of that argument, certainly not with all the other nonsense going on!
I don’t see where the problem is. At the low partial pressure there is no liquid phase of CO2 [and I didn’t think about that in my hasty reply], and by REALLY cold, I meant like -200C. As some poster pointed out, we are getting too far off topic [leak or hack?].
Whence comes this great river, all this uproar?
Leif Svalgaard (12:28:36) :
David Porter (12:10:25) :
Your comment that “CO2 also freezes out” I believe is impossible above a temperature of around -120 degree centigrade.
Gary Hladik (12:13:01) :
I thought we had a whole thread here awhile ago that concluded CO2 can’t freeze naturally on Earth, as it does on Mars.
I agree the partial pressure of CO2 would be too low for it to freeze here, 0.0387% of the atmosphere. On Mars whose atmosphere has 95% CO2 and much lower temperatures – yes.
Come to think of it the warmists say if the CO2 goes up by 0.03% we will have crossed the tipping point, look at Venus (which has 97%). But what about Mars? (which has 95%). Maybe the sun has got something to do with it.
Ric Werme (18:36:46) : Hey that was a really cool experiment. Thanks for the link. Proving that the phase diagram is correct and partial pressure matters.
Not everyone has the wherewithal to do that experiment.
Now THAT’S real investigation! Good job!
And that can only make me wonder how the “investigation” is going for the other side. I can HEAR (of) them all over the place, but I’m just not seeing the Russian Hacker yet! (I have a feeling that if he ever turns up, he’ll have the annoying accent of an English climate professor 🙂
“Perhaps it was Phil Jones’s file of what to delete, as he promised.”
No, it can’t be because not all of the emails are Jones’ but all of the emails DO have a recipient or sender address at UEA.
crosspatch (13:07:21) :
For example Here is a plot of transmittance of two atmospheres. One is pure CO2, the other is a mix of H2O and CO2 at a 5:1 mixture (5x more H2O)
Only relevant for a planet with a surface temp of about 1500K!
Try the band around 15μm for something relevant to Earth.
Third Party (08:52:03) :
from http://thehill.com/blogs/congress-blog/energy-a-environment/70857-climategate-sparks-luetkemeyer-call-for-investigation-sparks-interest-in-legislation-rep-blaine-luetkemeyer
The atmosphere contains from 4-percent water vapor in the troposphere to 40-percent near the surface.
Is this in the original? There is no way the atmosphere contains 40 percent water vapor anywhere. Perhaps someone read 40 0/00 as 40 percent rather than 40 per thousand.
GMT+1:00 is simply England time in daylight savings mode, i.e. a majority of the year.
“The reason some of the hours are off may be because the messages are to and from a wide variety of time zones.”
Which is why I compared messages with a Date: header in the same timezone. The ones that explicitly had +0000 or -0000 in the date string to be specific. Those are mails that would have originated in GMT.
The “offset” varied from 3 hours to 6 hours in the handful of emails that I looked at. That shouldn’t happen.