While Joe Romm and Keith Olberman spin the most absurd conspiracy theory imaginable related to Climategate, that it was the work of “News of the World”, Murdoch, and/or Wallis, we find another example of academic file hacking, this one far simpler but far larger in volume. Our keystone cops Romm and Olberman miss the obvious, if it was NOTW/Murdoch, why didn’t it show up in those newspapers first, instead of on blogs like CA, tAV, RC, and of course WUWT?
While they rage ridiculously, we now have an example of a scientific hack that illustrates just how simple it is to do, and how bad the academics were (at MIT no less) at preventing it even though they knew it was happening. All it took was one guy, a laptop, some simple scripts, and an unsecured network switch cabinet like this one on campus at right. Apparently the guy just shoved his laptop into the cabinet under the wires and boxes, hooked it to the switch, and MIT was none the wiser.
From the Register:
Reddit programmer charged with massive data theft
Harvard ethics fellow accused of hacking MIT
By Dan Goodin
Posted in Crime, 19th July 2011 17:43 GMT
A former employee of Reddit has been accused of hacking into the computer systems of the Massachusetts Institute of Technology and downloading almost 5 million scholarly documents from a nonprofit archive service.
Aaron Swartz, a 24-year-old researcher in Harvard University’s Center for Ethics, broke into a locked computer-wiring closet in an MIT basement and used a switch there to gain unauthorized access the college’s network, federal prosecutors alleged Tuesday. He then downloaded 4.8 million articles from JSTOR , an online archive of more than 1,000 academic journals, according to an indictment filed in US District Court in Boston.
When JSTOR blocked the MIT IP address Swartz used in September, for example, the Harvard fellow allegedly incremented a single digit and resumed his wholesale downloading binge, which was streamlined with a custom Python script. JSTOR at times responded by blocking huge ranges of IP addresses, causing legitimate JSTOR users at MIT to be denied access.
It has long been speculated (and analysed) that the Climategate release was an inside job, or at the very least done by somebody with inside access. Hooking up your laptop to the intyernal network via an unsecured switch cabinet seems to be a pretty simple way to go about getting internal access.
Given how sloppy CRU was at leaving files lying around in the open (Steve McIntyre had fun with the “mole” story prior to Climategate), getting onto the internal UEA/CRU network might have been all that was needed.
h/t to WUWT reader AndiC