Who gets the most access to network data (like emails at CRU)?

Post updated – see below.

Climategate – whodunnit?

Well, according to this story in Help Net Security, the Information Technology people might be good candidates to see what has been going on behind the scenes at UEA’s Climate Research Unit, since it seems that they have broad access and according to a recent survey, many in IT positions can’t resist peeking:

“IT security staff will be some of the most informed people at the office Christmas party this year. A full 26 per cent of them admit to using their privileged log in rights to look at confidential information they should not have had access to in the first place. It has proved just too tempting, and maybe just human nature, for them to rifle through redundancy lists, payroll information and other sensitive data including, for example, other people’s Christmas bonus details.”

Here’s some eye opening survey stats about what IT people do with that access:

  • 42 percent of those surveyed said that in their organisations’ IT staff are sharing passwords or access to systems or applications
  • 26 percent said that they were aware of an IT staff member abusing a privileged login to illicitly access sensitive information
  • 48 percent of respondents work at companies that are still not changing their privileged passwords within 90 days – a violation of most major regulatory compliance mandates and one of the major reasons why hackers are still able to compromise the security of large organisations.

Remember the HARRY READ ME file from Climategate 1? That programmer was bemoaning the sad state of the database an methodologies because he had a broad view afforded by working with the data within the organizational group. He knew more than any single person he was doing work for.

In the case of the UEA Climategate 1 and 2 emails, it seems clear now that to gather up as much information as has been shown to be available, it wasn’t likely a quick in and out job. As this WUWT guest post by David M. Hoffer shows that this wasn’t just a simple hack. He wrote:

So…who had administration rights on the email system itself?  There’s reason to believe that it was not any of the researchers, because it is clear from many of the emails themselves that they had no idea that things like archives and backup tapes existed.

Whoever did it likely got it from the email archive system, knew what they were doing, and they had to have broad access to get all these emails gathered together.

Then, when we see that 256 bit AES encrytion was the choice to secure the remaining nearly 1/4 of a million emails, we know that “FOIA” whoever he/she is, knows enough to choose the kind of security that would not likely be cracked in any reasonable amount of time. This probably rules out script kiddies and students at UEA who might have had accidental network access and just grabbed a few files when they thought nobody was looking.

And what about the original first “hack” of the RealClimate.org server that Gavin Schmidt squelched? When we see survey results like 42 percent of those surveyed said that in their organisations’ IT staff are sharing passwords or access to systems or applications and we know how close and interconnected UEA/CRU and GISS staff are, the likelihood that whomever left that first drop of emails on the RealClimate server probably had some shared password or other sort of access.

The sharing of system access in emails was broadly demonstrated in Climategate 2.0. For example, Dr. Phil Jones and others at CRU sent some emails out years ago that linked to papers under review at the Journal of Geophysical Research. Some WUWT readers found these early on, and sure enough, such links from years ago in the CG2 emails still worked.

A few days ago I made the issue known to Dr. Phil Jones and to the JGR journal staff so they could close this security hole. As far as I know, all have been closed. I’ve tested again tonight and the live link fails now. Now that they have been closed, I can talk about it safely without putting JGR’s manuscript system at risk.

From: Anthony
Sent: Thursday, November 24, 2011 5:10 PM
To: p.jones@uea.xxxx.xxx
Cc: grlonline@xxxx.xxx ; jgr-atmospheres@xxxxx.xxx
Subject: password enabled JGR links in Climategate 2 files
Dear Dr. Jones,
I know that you know me, and probably do not like me for my views and publications. Regardless of what you may think of me and my work, it has been brought to my attention by a reader of my blog that there are open access links to your manuscripts at JGR included in the email that are now in the public view.
Therefore, it is my duty to inform you that in the recent release of Climategate 2 files there are links to JGR journal review pages for your publications and also for the publications for Dr. Keith Briffa.
For example, this link:
http://jgr-atmospheres-submit.agu.org/cgi-bin/main.plex?el=[access code redacted]
I have verified that in fact that link opens your JGR account and provides full access to your JGR account.
In fact there are 35 different emails in this release that contain live links to JGR/AGU author pages. Similar other links exist, such as for Dr. Keith Briffa and others at CRU.
This of course is an unintended and unacceptable consequence of the email release.
I am cc:ing Joost de Gouw Editor, JGR Atmospheres in hopes that he can take action to close this open access to these accounts. It is a holiday here in the USA (Thanksgiving) and there may not be office hours on Friday but hopefully he is monitoring emails.
JGR should immediately change all passwords access for these CRU members and I would advise against allowing transmission of live links such as the one above in the future. JGR might also consider a more secure method of manuscript sharing for review.
The open nature of these links is not publicly “on the radar” even though they are in fact public as a part of the email cache, and I do not plan on divulging them for any reason. Any mention of these links will be deleted from any public comments on my blog should any appear.
Dr. de Gouw (or anyone at JGR) and Dr. Jones, please acknowledge receipt of this email.
Thank you for your consideration.
Best regards,
Anthony Watts

So clearly, CRU and others in the emails didn’t think twice about sending around open access live links. As David M. Hoffer points out in his article, the researchers don’t seem to have a clue about security. They also leave “sensitive” files they don’t want to share under FOIA requests lying about on open FTP servers. Based on what I’ve seen so far, I don’t think any of the research staff at CRU had either broad access nor the specific tech knowledge to pull this “hack” off.

Somebody who had the ability to peek at these emails as part of their job might just as easily have had access to the RealClimate Server too. Remember there’s almost a quarter million emails we haven’t seen. Chances are, one of those contained the key to the RC server, which allowed them to become an RC administrator and post the original FOIA story which Gavin Schmidt caught and squelched.

I and others I correspond with have our theories about who the leaker might be. From my perspective now, someone with broad system access looks to be a more likely candidate than a malicious outsider.

UPDATE: Many people in comments think I’m doing something wrong by writing to Phil Jones and AGU/JGR.  In Phil Jones reply to me, he wrote: A couple of other people sent me emails about this issue.

So clearly I wasn’t the first to notify him of the open links to AGU. But more importantly, my email was also sent to AGU editors and the editor of JGR Atmospheres. Despite what troubles Jones and his group have caused over the year with skeptics, AGU/JGR has been a reasonable journal that has published skeptical papers, including my own. Protecting that relationship with skeptics who publish is valuable and the last thing we need is a scandal where papers submitted to AGU/JGR are showing up on other skeptic websites before they are reviewed because Jones sent active links around in emails. Having the knowledge of the security holes was a damned if I do damned if I don’t proposition, but I opted on the side of doing what I felt was the right course of action. If that upsets a few people, so be it. – Anthony

 

Advertisements

  Subscribe  
newest oldest most voted
Notify of
Ruhroh

Don’t hold your breath waiting to be thanked by JGR or UEA.
RR

ok, that’s a big enough clue.

Dave Me

“we know that “FOIA” whoever he/she is, knows enough to choose the kind of security that would not likely be cracked in any reasonable amount of time. This probably rules out script kiddies and students”
Not really, they are likely to be more able than the IT staff. Also, it is not that difficult to encrypt a file and it does not take a genius to know that you need a long key.

Phil is still looking for the Any key to press to continue. 😉

Larry in Texas

Nothing in this situation surprises me any longer. I had suspected from the beginning that a system IT personality would have been in the best position to leak those e-mails. He (or she) should, of course, be given a medal. But that won’t happen, obviously, once this person is found out.

Roy

I don’t think it is a good idea to try and unmask the leaker (assuming that it was a leak and not a hack). It could possibly cause him or her problems in their future career.

Glenn GP

boyscouts. nuff said

TheBigYinJames

I don’t think we should help them catch FOIA, she or he is a godsend and should stay where they are as long as possible.

40 Shades of Green

Did they acknowledge your email?

Steve C

Ah, the BOFH is the first suspect, as usual!

markus

Good throw off. Whodunit is probably closer then we think. “This of course is an unintended and unacceptable consequence of the email release”. How did ya know it was unintended, Anthony?
Yes, you meant unintended in your release.
The topology of UEA system gives clues where servers of interest could be, and who handled them. However, only a deep investigation might flush out a suspect. There could be lots of leakage sites, like storage mediums, hardware & system crash rebuilds, upgrades and what about a myriad of technicians and service providers. What about all the different campus characters from mischievous students to administrators.
2009 seems to be the extent of the files, the second tranche of Emails could very well be a hostile IT guy spilling because of the heat generated at UEA over the first lot. Who knows?
Love to be able to follow the money trail paid for the establishment of that Ruski provider.
How ever much I long to know the content of the other 220K Emails, and exposing Whodunit would reveal that 256K encryption, I’d like Whodunit to remain anonymous, for his/her own benefit. I admire Whodunit’s tenacity.

Peter Plail

There can’t be many candidates who fit AW’s description, yet the police have still drawn a blank after 2 years. Is this due to the incompetence of the investigation, or is it perhaps due to the fact that any answer might be politically embarrassing. I am sure it suits the agenda of the establishment to be able to blame illegal hacking rather than highlighting deficiencies within the UEA.

Steve C

Seriously, Anthony, well done, that was a decent and responsible act. You’ll never get a job in “Climate Science” with a conscience like that!
Re. previous comment, for non-habitués of the Register: The BOFH is the “B#st#rd Operator From Hell”. The series details the eternal power struggles between the BOFH, with his assistant the PFY (Pasty Faced Youth), and the Boss, who is crazy enough to think that he runs the show. The battle is frequently lethal, generally hilarious, and more accurate than many Bosses would care to admit.

Charles.U.Farley

While it may have been a laudable thing to do Mr Watts, as others have stated, dont expect to be thanked for being so honest, its not in the oppositions nature (no pun) to be that way with the rest of the world.
In fact if the roles were reversed i think theyd have used any foothold, any loophole to ensure they brought you down rather than simply seek the truth.
Personally i dont think its wise to assist them in any way shape or form as its simply helping them to continue unabated.
After all, this is a global war theyre involved in, a war based on lies and disinformation, of treachery and vilification of anyone not supporting “the cause”, and comfort shouldnt be given to enemies of freedom, especuially ones who stoop so low as these.
Having stated all of that, i can see why you did it, and i as well as others on the sceptical side will applaud you for it if only because it proves the openess, honesty and conscience the sceptical viewpoint is based on.
Something that jones et al could well learn from but unfortunately wont.
Best wishes, Charles.

Mooloo

Based on what I’ve seen so far, I don’t think any of the research staff at CRU had either broad access nor the specific tech knowledge to pull this “hack” off.
It only takes one. Most of my co-workers can barely run an Excel file (although admittedly they can find a trend line [/smirk]). But I can do rather more than that, certainly enough to download old e-mails and encrypt them securely. Most people aren’t aware that I can do that, because I’m not that interested in being unofficial IT support, which is what will happen if they know I can help them.
It could easily be the case here. One person might have somewhat more skill than appears.

TerryS

Re: markus

the second tranche of Emails could very well be a hostile IT guy spilling because of the heat generated at UEA over the first lot.

The earliest email in the encrypted archive is dated Mon Feb 26 16:16:09 1990 GMT and latest is dated Fri Nov 13 14:54:11 2009. This guess is based purely upon the names of files in the encrypted archive, and the file naming convention used in the first release.
Therefore the archive could not contain post CG 1.0 emails.

I was contacted yesterday by a journo wanting help with identifying ‘foia’
http://tallbloke.wordpress.com/2011/12/05/opinion-foia-and-where-its-at-with-the-global-warming-issue/
The journo also wanted the IP address ‘foia’ posted from, but the price wasn’t right (zilch) so I declined to assist. 🙂
Not that it would have helped the journo much, as I’ve no doubt ‘foia’ would have used a proxy server to post through.

Tony McGough

Well, it was always a leak and never a hack, wasn’t it? And by someone with more than minimal IT competence.
Of course, it is one thing to know who did it, and another to prove that he/she did it. Hence the reticence from the police and academic authorities, perhaps.
But it is difficult not to applaud the results of the exposure…

John Marshall

Who cares what the name of the mystery man/woman is. they have done a great service to those of us looking for the truth.
Whoever you are, many thanks.

brc

The idea that a sophisticated person could only use 7Zip to encrypt the rest of the files is not true.
Once you had an idea to release an encrypted set, about 15 minutes on Google would have found you the right direction and tools. The software is free, the advice is free. Literally anyone with half a brain could figure it out.
I agree that the person needs to have some IT savvy – or access to someone who does, like a brother, childhood friend, that sort of thing. It really doesn’t narrow the field.
Given they seem to have had woeful security and procedures in place before the 1st release, I don’t think it helps much. We already know from plenty of other evidence they didn’t take passwords or security seriously.
I suspect we’ll know more once the second set of emails is released. My guess is they are restricted because they are either more incriminating, or might be used to determine the identity of the leaker.
The bit about IT staff peeking at sensitive data is very true, however. Most consider it a perk of the job.

Steeptown

Anthony: Did you get a response with a big thank you?
I’m sure a Xmas card will be in thepost.

Sparks

It was the butler, it’s always the butler.

Jack Simmons

Hmmm…
Perhaps we could start our investigation by asking “Who doesn’t have access?”.

Greg Holmes

Antony, although it is morally sound to tell UEA about what you have found, it also is morally justifiable, in my view, that the truth should come out. I sincerely hope that the information does not target the FOIA chap/chapess. There is much talk about protecting whistleblowerrs etc in Government circles, however if this person is unmaksed, I suspect the full weight of the judicial system will drop on them like a stone. Never embarrass a politician unless you have megga clout.

Brian H

Even as we speak, a clandestine network of hundreds of home computers is using idle cycles to crunch away at the key … \9-)

Charlie

Here we go again same mistake was done with MUller why? help them in any way? these people are criminals!

Encrypted ZIP file = “emplyment insurance”? As in, “you try to fire me [or otherwise cause professional harm] and I’ll send the decryption key all over the net?” (May even have been placed in escrow.)

Sparks says:
December 6, 2011 at 2:15 am (Edit)
It was the butler, it’s always the butler.

As I noted the other day:
It was either Mr Green in the library with the USB stick… or
Ms Scarlett in the server room with the admin password

Daniel H

Then, when we see that 256 bit AES encryption was the choice to secure the remaining nearly 1/4 of a million emails, we know that “FOIA” whoever he/she is, knows enough to choose the kind of security that would not likely be cracked in any reasonable amount of time. This probably rules out script kiddies and students at UEA …

It doesn’t rule out anyone. The technique to encrypt and disseminate the CRU emails was almost certainly inspired by the July 2010 release of an encrypted 1.4 GB Wikileaks Cablegate archive. The CRU archive was encrypted using the same 7zip program and AES-256 cipher that Wikileaks used to encrypt their so-called “insurance file”. You don’t need to be an IT security genius to copy from the best.
Interestingly, the insurance file was compromised in September 2011 when a Guardian journalist mistakenly published the top secret decryption key in a book he wrote about Wikileaks (believing the key to be no longer valid). Here is the relevant passage from that book:

Assange wrote down on a scrap of paper: ACollectionOfHistorySince_1966_ToThe_PresentDay#. “That’s the password,” he said. “But you have to add one extra word when you type it in. You have to put in the word ‘Diplomatic’ before the word ‘History’. Can you remember that?”

CodeTech

I agree with what others have said, in fact, IMO it’s actually LESS likely to be an authorized IT person. In my experience IT people tend to think the fortress they’ve built is impenetrable and are not willing to believe otherwise. I saw one long-term IT guy with a “test” account… password “test”. Granted, it didn’t have much access… but it had enough that if someone had gotten in, they could have done a lot of harm.
Couple that with users that find password changes to be an annoyance, don’t understand the most basic security concepts, and can’t even begin to comprehend the idea that someone might want their data… (as opposed to the opposite, overly-paranoid types that put passwords on simple Word documents and are convinced that Bill Gates personally can read their email… and does.)
Isn’t 256-bit encryption the default for 7Zip?
I wouldn’t be surprised if some of these people ASKED their IT department if they were secure before sending any of these links, and were assured that yes, everything was secure.
On the other hand, it makes sense that someone in the IT department did, in fact, decide that they could expose this whole charade, and took action. And as others have also said, I consider that person to be a hero.
And for the record, I’ve NEVER used my IT position to snoop on others’ information, other than pure idle curiosity (ie, I check logs sometimes to see how many people are on Facebook during the day, or other timewasting sites, but don’t report or judge. If some particular site starts getting big traffic from everyone I know to start looking for virus/adware/spyware problems. And I try to stop them from giving me their passwords.)
I don’t WANT to know who’s making more than me, or got a bigger bonus. Knowing would just make me even more dissatisfied with my job.

mfosdb

Informing Phil Jones was the right thing to do.
The police would need the help of the IT staff at UEA to investigate. If provided unconditionally this would of course give the police access to all data for the whole University not just the emails of climate scientists. Perhaps the UEA management, staff and scientists distrust the police more than someone who had access to their IT systems in 2009 and exposed the climategate emails.
Uk Government agencies have form for losing data. In November 2008 the Treasury lost ‘in the post’ two CD’s containing the personal details of 25 million child benefit claimants and their parents.

Morph

Administrator access is not the magic key to everything that people seem to think – that access is actually given to what/whoever does the backups of the systems. Administrators are allowed to administer – setup passwords and access for others. A reasonable IT management scheme would limit their own access – for example I am an admin for my work IT systems (as I work in IT) but I am still excluded from sensitive financials or personnel records.
Also looking at the work involved in sifting through the emails (encrypting them is fairly simple) and picking out the most relevant ones suggests this was done offline and offsite.
Putting these two ideas together I would think that the person involved made a physical theft of a backup at some point, restored it offsite, and then replaced it before anyone noticed. There would be no electronic record that the backup had been accessed and no physical evidence of it being taken at all, at least unless someone noticed which is unlikely – say in a weekly rotating backup scenario or a backup being made to another removable system.
Once restored offsite the data could be exported to a suitable format (if it is not in it already) and a selection made at that person’s leisure.
Disclaimer – I am no IT Admin “expert” so this could be total carp and a herring of a rouge hue.

markus

Don’t bring Whodoesint into it or before to long Whatsiname will turn up.

Thank you Anthony for your high integrity and courtesy in handling this issue.
Well, I’m going to restate my previous thoughts. But this goes deep.
We’re dealing with corruption, hysteria, and indolence in high places, concerning Science and professional integrity. Though Climate Science is by far the worst current offender (medical science and agricultural science running second and third), there is a deep issue of integrity in Science that goes right into the history of Science and the deep implications of Scientific Method. It’s like the Church selling indulgences, and what Martin Luther did in standing up to them. This is probably a closer parallel than any involving Godwin’s Law. But Luther still risked excommunication and worse AFAIK, which was pretty awful at that time.
But the corruption of Science we’ve seen in Climate Science is not the only deep issue. If we look at the founders of Science, we see that pretty much to a man they had interests in what today is relegated by many scientists today to “pseudoscience”. Yet all indications show that these same “pseudosciences” were highly representative of the driving force behind the scientists. Take Kepler the astrologer seeking the harmony of the universe, or Newton who spent most of his time pursuing alchemy or apocalyptic biblical passages.
Science thinks it has “outgrown” the mysterious and the miraculous. Yet any truly open and thorough search will provide copious contemporary evidence of miracles, things that happen in a way that none of our laws of physics can explain. I know that this blog has enough work on its hands without going down this line of exploration, so I won’t even name the most obvious of them – but nevertheless, I cannot discount the possibility of the miraculous, in the appearance of these emails – and as suggested, by the wording and the placement of FOIA’s original note at CA – and as suggested to me by the simplicity and relevance and integrity of the message delivered by FOIA.
Thank you FOIA, human or miraculous, for your service to humanity.

Bill Yarber

Anthony
I’ve followed your blog for several years, learned a great deal, been amazed with your dedication and invaluable contributions and wondered where do you find the time! Now you demonstrate true integrity but warning the AGW “cult” ogaping holes in their defenses.
Job well done!
Like others, I wish FOIA to remain hidden so he/she can release the code to unlock the rest of the emails. My guess the info will come at another critical juncture.
Bill

cedarhill

The range of suspects could be quite large. Just at the CRU you’d have all those with any level of system privileges, dept administrators, all those those groups had as their own vacation backups down to the person that carries media to offsite disaster backup locations (presuming they’re competent and funded for such things).
And it takes a huge effort to secure any facility. Even more so an academic one. Then apply the golden rule of budgeting:
Those that bring in gold, get the goods.
What’s surprising is that anyone is surprised the emails were obtained. The environment is one of academic freedom, open systems, public access, no national security issues, underfunded IT, not-to-be-bothered with security things even to changing passwords, intellectual technical ignorance of the typical PhD…and the list goes on and on. One would not be surprised if CRU IT “staffers” included pre and post grads working just for a lab grade.
I’d bet a farthing (it is the UK after all) the Brit law enforcement chaps quickly determined
just about anyone with any interest in climate had access to CRU and (2) there’s not enough money even from Bernanke’s presses to track down the culprit.
The only way you’ll ever really know is when the person(s) write their death bed bio confession. Go google Mark Felt and you’ll understand.

Bloke down the pub

From what you say Anthony, they haven’t done much since CG1.0 to improve security. That raises the possibility that if FOIA is (still) an employee, she could have filed away lots more since the original download. Or maybe plod left the bait there to see who would have a nibble, but that credits them with more intelligence than they are probably due.

As an ‘IT Professional’ I would concur on the ease of encryption, however enterprise email is somewhat specialist, I’ve no doubt with my MSDN sub I could install all the relevant software and figure it out, what bits to save, the relevant file types etc but that option would take some time for me to be sure of myself going into unfamiliar servers, where my access is almost certainly being logged.
Anyone else think that some specialist knowledge is required to find, save and then unpack what was most certainly compressed data?

And what about the original first “hack” of the RealClimate.org server that Gavin Schmidt squelched?

I am still far from convinced that this alleged “hack” – for the alleged purpose of uploading a file – at RealClimate ever took place. Apart from the fact that it makes absolutely no sense – and could have jeopardized FOIA’s mission – there are far to many inconsistencies in what I have found to be his everchanging story.
And, let’s face facts … “Honesty is the best policy” is not a motto that immediately springs to mind when one thinks of the members of The Team, is it?!

Leon Brozyna

Bravo Anthony for showing real class.
What’s really telling is how, despite this information being out there all this time, no one at JGR and especially CRU, caught this little security problem. CRU was so into “damage control mode” that they didn’t see the obvious. It took the talents of a skeptic blog to raise the isssue, a problem that should have been addressed two years ago as a simple precaution — change all access accounts and passwords.
Of course it’s someone from IT. They are as much into office politics as the next guy, and knowing what everyone’s saying gives them an inside track on the game. I always assumed that anything I sent out onto the office net could be read by any of the IT staff.

Anthony, have you lost it?
Why on earth should you in any shape or form abet them in trying to catch the person/persons behind the leak? As some have pointed out in their comments.
And Charles.U.Farleys comments are spot on
“In fact if the roles were reversed i think theyd have used any foothold, any loophole to ensure they brought you down rather than simply seek the truth.
Personally i dont think its wise to assist them in any way shape or form as its simply helping them to continue unabated.
After all, this is a global war theyre involved in, a war based on lies and disinformation, of treachery and vilification of anyone not supporting “the cause”, and comfort shouldnt be given to enemies of freedom, especuially ones who stoop so low as these.”
Sadly, you very much remind me of commander, Colonel Nicholson played by Alec Guinness in the movie The Bridge on the River Kwai (1957).
The prisoners (British soldiers) are working as little as possible and sabotaging whatever they can at the construction of a bridge.
When Nicholson and his officers are released, he conducts an inspection of the bridge and is shocked by what he finds. Against the protests of some of his officers, he orders Captain Reeves and Major Hughes to design and build a proper bridge, despite its military value to the Japanese, for the sake of his men’s morale. The Japanese engineers had chosen a poor site, so the original construction is abandoned and a new bridge is begun 400 yards downstream.
Nicholson drives his men, even volunteering to have them work harder to complete the bridge on time
The commandos who where parachute in, plant explosives to destroy the bridge and a train carrying Japanese soldiers and important dignitaries is scheduled to be the first to use the bridge the following morning
Making a final inspection, Nicholson spots the wire and brings it to Japanese commander attention. As the train is heard approaching, the two hurry down to the riverbank to investigate. Joyce, hiding with the detonator, breaks cover and stabs Saito to death; Nicholson yells for help, while attempting to stop Joyce from reaching the detonator. Joyce is killed by Japanese fire. Shears swims across the river, but is shot just before he reaches Nicholson.
Recognising the dying Shears, Nicholson exclaims, “What have I done?”
I think it sums it up quiet well.
Sophia

Ken Harvey

Ambivalence in spades. I don’t want FOIA to be identified but how else are we ever to know to whom the honest citizens of this world are so greatly indebted?

Paul Coppin

Pleasing your enemies doesn’t make you friends. Outing the whistleblower will serve no useful purpose in any of this. You are assuming your antagonists in all of this operate on the same moral plane as yourself. Be assured, they most certainly do not. Let them find their own vulnerabilities.- you don’t owe them a duty of care. They would destroy you if they could. This is not a fair fight.

Sparks

About these “FOIA” e-mails, Instead of concentrating on Whodunit, it may be more important to ask the question When Whodunit, these days when CERN scientists are doing ground breaking research in physics and many universities have been researching and developing quantum computers for sometime, maybe in the future to avoid the biggest most draconian restrictions on human development ever known to mankind, influenced by scientific fraud that sparked the eventual loss of billions of lives and caused an irreversible chain of events that set the human race back thousands of years in development and set in motion the beginning of our own extinction with no hope of ever recovering, Maybe we discovered a way to send data back in time, just enough to send back a virus with the intention of exposing to the world those involved, Maybe it was just a technician who got lucky and used his/her own judgment to release them, what ever the current theory is on the release of these e-mails, there is one point that it exposes and it is the “Cause”, The dangerous ideological belief that
People = Co2 and Co2 = Climate Change and the prevention of which is to stop people from producing Co2 and this would mean the loss of life,
This hypothesis based on fraudulent science is disgusting and misanthropic in it’s core belief and must be STOPPED.
If I had access to those e-mails I too would have released them, I wouldn’t have to think twice about it.
Too Sci-Fi?? lol

Hector Pascal

@Lucy.
Academic “success” has nothing to do with integrity, originality or honesty. Success depends entirely being able to draw funding and publish papers. As for lecturers taking the effort to lecture, that’s a fantasy. It’s a distraction from climbing the greasy pole.

Alvin

I am surprised no one has fisked the metadata on the files. In many cases, the “provider” of the info slips up and does not clean their account or other data from the files. PDF are bad about that, as zip files.

I have spent a fair amount of my professional life repairing electronics. The inside workings of computers are easily obtained from the makers. The inside workings of most operating systems are nearly as available. All one needs is the smallest amount of training to link these sets of information and hack whatever, where ever. The weakest link, of course, are lazy users and IT geeks. I once worked in a school system where the access codes design was so simple the students had figured it out and were sharing it openly within two weeks of the opening of school. (Warnings to the IT guy, ahead of time, were poo-pooed)
Then again some people are just invisible. One day, as I fixed a piece of equipment in a financial institution, I over heard a planning session for the secret acquisition of a large piece of property. Enough critical information was discussed that, had an unscrupulous listener had a rich friend, The friend could have made a killing.
Security is increased when the users of a system are aware that someone somewhere is always looking, or trying to look. Anyone who gets the key, or finds the key, can look any time, all the time.
I think the argument in this post is defective. Any onetime hacker can keep his window open until clever security people close it. I have a window screen with fewer holes than these AGW people.

Ditto what Dave Me says. Grad students are the ones who know everything in a lab, partly because the professionals tend to ignore them or look down on them, and partly because the grad students are in the lab at all hours of the day.
Also, students haven’t yet picked up the full load of careerist orthodoxies and self-censorship … in other words they still have a healthy scientific curiosity.

“A full 26 per cent of them admit to using their privileged log in rights to look at confidential information they should not have had access to in the first place.”
================================================================
That is shocking to find out !!!!

Brian H says:
December 6, 2011 at 2:48 am
Even as we speak, a clandestine network of hundreds of home computers is using idle cycles to crunch away at the key … \9-)
==================================================================
Oh the irony if someone could get into the METs supercomputer and crack the code there !!!
http://wattsupwiththat.com/2009/08/28/met-office-supercomputer-a-megawatt-here-a-megawatt-there-and-pretty-soon-were-talking-real-carbon-pollution/