Who gets the most access to network data (like emails at CRU)?

Don’t hold your breath waiting to be thanked by JGR or UEA.
RR

“we know that “FOIA” whoever he/she is, knows enough to choose the kind of security that would not likely be cracked in any reasonable amount of time. This probably rules out script kiddies and students”
Not really, they are likely to be more able than the IT staff. Also, it is not that difficult to encrypt a file and it does not take a genius to know that you need a long key.

Nothing in this situation surprises me any longer. I had suspected from the beginning that a system IT personality would have been in the best position to leak those e-mails. He (or she) should, of course, be given a medal. But that won’t happen, obviously, once this person is found out.

boyscouts. nuff said

Did they acknowledge your email?

Good throw off. Whodunit is probably closer then we think. “This of course is an unintended and unacceptable consequence of the email release”. How did ya know it was unintended, Anthony?
Yes, you meant unintended in your release.
The topology of UEA system gives clues where servers of interest could be, and who handled them. However, only a deep investigation might flush out a suspect. There could be lots of leakage sites, like storage mediums, hardware & system crash rebuilds, upgrades and what about a myriad of technicians and service providers. What about all the different campus characters from mischievous students to administrators.
2009 seems to be the extent of the files, the second tranche of Emails could very well be a hostile IT guy spilling because of the heat generated at UEA over the first lot. Who knows?
Love to be able to follow the money trail paid for the establishment of that Ruski provider.
How ever much I long to know the content of the other 220K Emails, and exposing Whodunit would reveal that 256K encryption, I’d like Whodunit to remain anonymous, for his/her own benefit. I admire Whodunit’s tenacity.

Seriously, Anthony, well done, that was a decent and responsible act. You’ll never get a job in “Climate Science” with a conscience like that!
Re. previous comment, for non-habitués of the Register: The BOFH is the “B#st#rd Operator From Hell”. The series details the eternal power struggles between the BOFH, with his assistant the PFY (Pasty Faced Youth), and the Boss, who is crazy enough to think that he runs the show. The battle is frequently lethal, generally hilarious, and more accurate than many Bosses would care to admit.

Based on what I’ve seen so far, I don’t think any of the research staff at CRU had either broad access nor the specific tech knowledge to pull this “hack” off.
It only takes one. Most of my co-workers can barely run an Excel file (although admittedly they can find a trend line [/smirk]). But I can do rather more than that, certainly enough to download old e-mails and encrypt them securely. Most people aren’t aware that I can do that, because I’m not that interested in being unofficial IT support, which is what will happen if they know I can help them.
It could easily be the case here. One person might have somewhat more skill than appears.

Who cares what the name of the mystery man/woman is. they have done a great service to those of us looking for the truth.
Whoever you are, many thanks.

Hmmm…
Perhaps we could start our investigation by asking “Who doesn’t have access?”.

Even as we speak, a clandestine network of hundreds of home computers is using idle cycles to crunch away at the key … \9-)

Encrypted ZIP file = “emplyment insurance”? As in, “you try to fire me [or otherwise cause professional harm] and I’ll send the decryption key all over the net?” (May even have been placed in escrow.)

Then, when we see that 256 bit AES encryption was the choice to secure the remaining nearly 1/4 of a million emails, we know that “FOIA” whoever he/she is, knows enough to choose the kind of security that would not likely be cracked in any reasonable amount of time. This probably rules out script kiddies and students at UEA …

It doesn’t rule out anyone. The technique to encrypt and disseminate the CRU emails was almost certainly inspired by the July 2010 release of an encrypted 1.4 GB Wikileaks Cablegate archive. The CRU archive was encrypted using the same 7zip program and AES-256 cipher that Wikileaks used to encrypt their so-called “insurance file”. You don’t need to be an IT security genius to copy from the best.
Interestingly, the insurance file was compromised in September 2011 when a Guardian journalist mistakenly published the top secret decryption key in a book he wrote about Wikileaks (believing the key to be no longer valid). Here is the relevant passage from that book:

Assange wrote down on a scrap of paper: ACollectionOfHistorySince_1966_ToThe_PresentDay#. “That’s the password,” he said. “But you have to add one extra word when you type it in. You have to put in the word ‘Diplomatic’ before the word ‘History’. Can you remember that?”

Informing Phil Jones was the right thing to do.
The police would need the help of the IT staff at UEA to investigate. If provided unconditionally this would of course give the police access to all data for the whole University not just the emails of climate scientists. Perhaps the UEA management, staff and scientists distrust the police more than someone who had access to their IT systems in 2009 and exposed the climategate emails.
Uk Government agencies have form for losing data. In November 2008 the Treasury lost ‘in the post’ two CD’s containing the personal details of 25 million child benefit claimants and their parents.

Don’t bring Whodoesint into it or before to long Whatsiname will turn up.

Anthony
I’ve followed your blog for several years, learned a great deal, been amazed with your dedication and invaluable contributions and wondered where do you find the time! Now you demonstrate true integrity but warning the AGW “cult” ogaping holes in their defenses.
Job well done!
Like others, I wish FOIA to remain hidden so he/she can release the code to unlock the rest of the emails. My guess the info will come at another critical juncture.
Bill

Anthony, have you lost it?
Why on earth should you in any shape or form abet them in trying to catch the person/persons behind the leak? As some have pointed out in their comments.
And Charles.U.Farleys comments are spot on
“In fact if the roles were reversed i think theyd have used any foothold, any loophole to ensure they brought you down rather than simply seek the truth.
Personally i dont think its wise to assist them in any way shape or form as its simply helping them to continue unabated.
After all, this is a global war theyre involved in, a war based on lies and disinformation, of treachery and vilification of anyone not supporting “the cause”, and comfort shouldnt be given to enemies of freedom, especuially ones who stoop so low as these.”
Sadly, you very much remind me of commander, Colonel Nicholson played by Alec Guinness in the movie The Bridge on the River Kwai (1957).
The prisoners (British soldiers) are working as little as possible and sabotaging whatever they can at the construction of a bridge.
When Nicholson and his officers are released, he conducts an inspection of the bridge and is shocked by what he finds. Against the protests of some of his officers, he orders Captain Reeves and Major Hughes to design and build a proper bridge, despite its military value to the Japanese, for the sake of his men’s morale. The Japanese engineers had chosen a poor site, so the original construction is abandoned and a new bridge is begun 400 yards downstream.
Nicholson drives his men, even volunteering to have them work harder to complete the bridge on time
The commandos who where parachute in, plant explosives to destroy the bridge and a train carrying Japanese soldiers and important dignitaries is scheduled to be the first to use the bridge the following morning
Making a final inspection, Nicholson spots the wire and brings it to Japanese commander attention. As the train is heard approaching, the two hurry down to the riverbank to investigate. Joyce, hiding with the detonator, breaks cover and stabs Saito to death; Nicholson yells for help, while attempting to stop Joyce from reaching the detonator. Joyce is killed by Japanese fire. Shears swims across the river, but is shot just before he reaches Nicholson.
Recognising the dying Shears, Nicholson exclaims, “What have I done?”
I think it sums it up quiet well.
Sophia

Pleasing your enemies doesn’t make you friends. Outing the whistleblower will serve no useful purpose in any of this. You are assuming your antagonists in all of this operate on the same moral plane as yourself. Be assured, they most certainly do not. Let them find their own vulnerabilities.- you don’t owe them a duty of care. They would destroy you if they could. This is not a fair fight.

@Lucy.
Academic “success” has nothing to do with integrity, originality or honesty. Success depends entirely being able to draw funding and publish papers. As for lecturers taking the effort to lecture, that’s a fantasy. It’s a distraction from climbing the greasy pole.

I have spent a fair amount of my professional life repairing electronics. The inside workings of computers are easily obtained from the makers. The inside workings of most operating systems are nearly as available. All one needs is the smallest amount of training to link these sets of information and hack whatever, where ever. The weakest link, of course, are lazy users and IT geeks. I once worked in a school system where the access codes design was so simple the students had figured it out and were sharing it openly within two weeks of the opening of school. (Warnings to the IT guy, ahead of time, were poo-pooed)
Then again some people are just invisible. One day, as I fixed a piece of equipment in a financial institution, I over heard a planning session for the secret acquisition of a large piece of property. Enough critical information was discussed that, had an unscrupulous listener had a rich friend, The friend could have made a killing.
Security is increased when the users of a system are aware that someone somewhere is always looking, or trying to look. Anyone who gets the key, or finds the key, can look any time, all the time.
I think the argument in this post is defective. Any onetime hacker can keep his window open until clever security people close it. I have a window screen with fewer holes than these AGW people.

“A full 26 per cent of them admit to using their privileged log in rights to look at confidential information they should not have had access to in the first place.”
================================================================
That is shocking to find out !!!!

Anthony,
We know the hacker was actually “you”. You are just trying to throw the investigators off your trail with this post. (sarcasm)

MSM is still trying to single out China as having broken ranks, however:
5 Dec: Times of India: Nitin Sethi: Durban talks: China scorches rumours of rift with India
DURBAN: China scorched all rumours that it had moved away from India’s position on Kyoto Protocol and a new global deal on Monday…
His statement came a day after developed countries had attempted to paint India as the bad boy of climate claiming it was the only impediment to talks on a new global deal in Durban and China had taken a more flexible stance…
But on the weekend news reports originating from Durban suggested that China had diluted its stance on this and was willing to a new deal right away.
Zhenhua made it clear that it had always been in favour of a new global deal but only after 2020 and that too with several important riders – most of which the western countries are inimical to completely at the moment. He noted that fast start and long term funds and technology transfer – as envisioned under the Cancun Agreements needed to be operationalised too before talks on a new deal begin in 2015.
India has stated exactly the same on various ocassions before but some developed countries have attempted to draw out a rift in the BASIC ranks, which negotiators in the developing world suggest are early signs of Europe being isolated yet again at the climate talks with its trenchant position…
Zhenhua said it was important to first see the existing commitments – under Kyoto Protocol and Cancun Agreements – first be fulfilled and the review of the existing UN convention show how well the developed countries had done in meeting their obligations.
The Indian position also got support from the African groups and other developing countries with the leader of the African group of countries saying Europe was interested in the carbon trade and not in Kyoto Protoco likening it to someone loving mangoes but disliking a mango tree.
http://timesofindia.indiatimes.com/home/environment/developmental-issues/Durban-talks-China-scorches-rumours-of-rift-with-India/articleshow/10995262.cms

Just wondering if we should be referring to the FOIA leaker with a kewl name…like Deep Throat for Watergate? Maybe Deep IT?

To Matthew W. 5:06am
Shocking? Prehaps. Research, and this post confirms, that under the right conditions (for a given individual) about 50% will do a dirty.
I try to be a fair and honest person, giving back excess change etc. But I have my price: $6,000,000 (USD) up front, free and clear.
I think everyone should consider what their “price” is. It could save a lot of indecision later. For myself, I am pretty sure no one will be willing to meet mine.

Sparks says:
December 6, 2011 at 4:27 am
…
Too Sci-Fi?? Lol

That was so bad that I really wish I could send data back in time to tell myself not to read it. lol

It serves no purpose to speculate about who leaked these emails….. I don’t think it is a good idea to give those who would persecute this brave individual any clue to who he or she might be…. Just keep your theories to yourselves and focus on the info instead.

If the person or pesons who leaked the email files is ever identified, it would be appropriate to award him/them a Nobel Prize, and the highst civilian award which can be bestowed by Britain or the US. Few times in history have the billions of mankind owed so much to so few.. He/they have acted tosave the world from poverty, starvation, and increasingly authoratative government action.

FWIW, my view has been that the police and university could unmask the insider if they wished. I don’t think they wish to, because that person might then show the world how code was manipulated to get the desired result, etc. Things would be even worse.
If this is reasonably accurate, there is a sort of Faustian bargain going on: the insider hasn’t given up everything he or she knows, and the authorities leave the insider alone because of the further embarrassment it would cause the Climate Hockey Team should the insider tell all he or she knows.
Just a thought….

Anthony,
Remember, they don’t play by your rules. If you expect a reciprocating decency you are a dreamer for a world that no longer exists.
REPLY: I play by my rules, doing what is right. I expect nothing except scorn. No good deed goes unpunished. – Anthony

@Sophia: Well, you’ve ruined that movie. 🙂

As an IT admin, I *NEVER* look casually at the data I am entrusted with. That would be *poor* stewardship. I do on occasion have to view data elements to ensure that things are OK (not corrupted from a restore, etc.). If I were then to come across evidence of a crime in progress, or massive academic dishonesty and conspiracy to violate laws and to besmirch the reputations of innocent people, I can assure you that I would handle it in the most ethical manner possible, in accordance with commonly practiced ethical standards. IT folks can do jail time if they take part in the conspiracy, even if they had nothing to do with it.
Some illegal activity is reportable to ombudsmen or local authorities. In fact, the appropriate authorities is the perfect place to report in order to nip conspiracies in the bud before they embroil entire universities. However, if the university authorities are also deeply involved in the case (as Penn State has been — I think no one will disbelieve that there has been a widespread culture of corruption there), then some other safety valve must be found, in order to prevent the IT professional’s unwilling inclusion in the corruption. Simply complying with the FOIA requests, exposing the corruption to the light of day is a very effective, and defensible way to do this.
You may note that that leaves a wide spectrum of activities open for me to use — I will not ever casually “dump” data. This is a position most IT professionals take.
However, to assume that an IT professional was the one who did this is a bit rash. Most of these systems are poorly protected in other ways than just password access — often in regrettable ways. Often a casual observer in the right place at the right time can have physical access to a stack of 8mm backup tapes.
As an IT professional, although I cannot and will not say that it was the IT guys, if I ever find myself at Penn State, I will be buying their IT people many rounds of Guinness Stout, the fuel of IT professionals & BOFH’s the world around.

@O2BNAZ, Anthony’s reply
If you, Anthony, had been in FOIA’s position, would you have leaked the mails?
Was FOIA ‘doing what is right’?
Is contributing to his discovery before he is ready to expose himself ‘doing what is right’?

TerryS said “Therefore the [new] archive could not contain post CG 1.0 emails.”
This is a key observation.
Because what it means is that both the CG 1.0 and CG 2.0 emails were gathered all at one time. Which in turn means that firstly FOIA has held the latest release for two years. Secondly it means that FOIA has not further exposed themselves by carrying out a second attack against an now alerted infrastructure.
That last means that discovering who FOIA is, and will remain, virtually impossible from a purely technical standpoint.

Bernd Felsche [December 6, 2011 at 12:27 am] says:
“Phil is still looking for the Any key to press to continue. 😉“

ROTFLMFAO!

brc [December 6, 2011 at 2:09 am] says:
“The idea that a sophisticated person could only use 7Zip to encrypt the rest of the files is not true.
Once you had an idea to release an encrypted set, about 15 minutes on Google would have found you the right direction and tools. The software is free, the advice is free. Literally anyone with half a brain could figure it out.“

But it certainly does rule out some of the main players though. Phil Jones for instance. Press Any Key to Continue 🙂

For all the speculation as to the identity of the leaker, don’t forget how disappointing it was when “Deep throat” was revealed !!!

As an IT specialist I would also like to chime in and say, unfortunately for my profession, that the 256 bit AES encryption does automatically mean it is some IT person on the inside who is doing this. A hacker is more likely to use high level encryption than is the average IT staffer since the former trusts no one and the latter tends to think everyone but them is too stupid to figure it out. 🙂
That’s really as far as I want to reveal because I don’t want to help them catch the guy.

Gary Mount says:
December 6, 2011 at 5:54 am
“That was so bad that I really wish I could send data back in time to tell myself not to read it. lol”
…
Ha Ha!!
Do you think it needs more killer robots and maybe an Alien-zombie hybrid sub-plot??

If the security holes were left open, would it have been a violation of any law to use them to secure information (as opposed to malicious sabotage)? Just wondering….

I like what Bob Kutz says:
“They’ve got a problem on their hands at EAU; they cannot let it be known that this was a leak, or they’re sunk. This is all admissible, if it’s a leak. There are things in there that constitute criminal waste, fraud and abuse. It’s amazing to me that there aren’t retractions in the journals, based on some of the stuff in the code/data files, but more importantly, if it were admissible in court there are discussions of actions which constitute fraudulent use of taxpayer dollars and collusion to do so. It would at the very least be untenable for them to remain employed in government sponsored research.”
I made a similar point earlier (above), that CRU/UEA didn’t want the leaker to spill his or her guts, it would be worse than what they have now.
But Bob’s point is more trenchant: everything in a leak is admissable, all sorts of bad things (for them) would happen in court, so please, please, don’t find the leaker! And sure enough, the police are cooperating.
Slightly off topic, the image I used to have of the UK is taking a beating. First, Murdoch and Co. have been bribing the bobbies for years, even bribed them to teach their paraparazzi how to hack into phone mails. Now they’re apparently cooperating with UEA/CRU to NOT find the leak (IMHO). Not so Churchillian, any more.

Pamela Gray says:
December 6, 2011 at 6:10 am
Any and all attempts to form a professional relationship with the other side has turned sour. I predict this one will as well. You have been bitten so many times yet you continue to put your hand in the snake pit.
———————————————————
I agree with Pamela. Anthony should read (or re-read) Aesop’s fable:
“The Scorpion and the Frog
A scorpion and a frog meet on the bank of a stream and the
scorpion asks the frog to carry him across on its back. The
frog asks, “How do I know you won’t sting me?” The scorpion
says, “Because if I do, I will die too.”
The frog is satisfied, and they set out, but in midstream,
the scorpion stings the frog. The frog feels the onset of
paralysis and starts to sink, knowing they both will drown,
but has just enough time to gasp “Why?”
Replies the scorpion: “It’s my nature…”
There is no point in behaving like the frog. It may theoretically be the honorable thing to do, but you will get stung and drown anyway.

Just another agenda driven survey that should be taken cum grano salis.

I don’t think this was an attempt to form a professional relationship so much as a professional handling a responsibility. So rare it’s not recognized I guess.

More than a decade ago, at a University not 60 miles from UEA the IT were using the
Login Administrator and Password Admin, for access to the files on the I:Drive. You could see anyone’s files using this privilege.

Oi! Don’t be calling my Anthony a Mensch!
o0h…..Wait a minute………(WIKI Mensch Answer: means “a person of integrity and honor )
Oh. Okay!

Everyone knows IT security can be inconvenient. That’s why some IT people exempt themselves from the same rules and practices the rest of us have to follows.
We also know many scientists and engineers think they are smarter than the IT people and will do anything to get around the inconveniences. Throw in a sloppy administrator who shares accounts with passwords that never change and you have a situation where virtually anybody could be using an admin account for any purpose.
I worked in an IT shop where they would change the network root admin password because it was hard-coded into so many applications, nobody knew what would break if they changed it.
In today’s business environment, you can’t get away with such practices in a large company. Apparently academia is a little behind. (I also teach part-time and I say that from experience).
~More Soylent Green!

As an IT professional I abhor those in my profession that break chain of custody or browse sensitive data. I take my job more seriously than those surveyed.

In fact, broad system access rights was self-evident from the beginning. Someone with such rights would have been responsible for compiling the email data for the original FOI request. A researcher “might” have let cruft accumulate in the email archive on an individual system, but no FOI accumulation would rely on that. Hard disk space is limited and sooner or later the user would scour the older material retrieve disk space. An institution that was concerned to cover itself legally would work through the email archiving system. It would ask the subject researcher for relevant material and then also scour the archive in order to protect itself from the researcher’s carelessness.
Even if the AGW club thought their public “enemies” did the “hack” job, the police certainly would have known better. They would have to interview such individuals with “motives” as a matter of course, but it would readily become clear that few if any such individuals would have the system skills, even if they had the motives. One fact I noticed was the confused use of “.” and “,” in numbers in the readme text that accompanied the recent release. Some parts of Europe commonly use a comma to mark a decimal point while other regions – e.g. US and Britain – use a period. In the readme file BOTH forms are used suggesting either two people from different parts of the continent or one person attempting to disguise their origins.

Anthony,
I don’t understand why you think it necessary to help close their security gaps and weaknesses.
Whats next… Will you volunteer advice to the Mafia to secure their communications from the FBI. There may not have been any leak at all, had they followed your advice. If any THING must remain hidden, can that THING be good. I think you have severely damaged intelligence gathering and endorsed secrecy. All for the purpose of a dubious brownie point. GK
REPLY: I was told in the reply from Phil Jones and from AGU that others had also been made aware of it, so I wasn’t the first. – Anthony

I know it sounds counter-intuitive for it to be a positive for Anthony to help the CRU close those open doors. I’m reminded of the practice for a while, during the Battle of Britain, for shot down Luftwaffe pilots to be taken to the officer’s mess for beers and the like. A fact i’m proud of and having felt this since I first heard of it as a kid (my Dad was a Spit pilot). Why? I don’t know.

It makes perfect sense that someone just swiped a CD off someone’s desk that had the filtered archive on it. A password protected file was also on the CD, because they wanted to cover themselves for potential disclosure issues in court.
It could be anyone who had access to someone’s desk. A secretary, a janitor, a grad student.

The IT People seem to be the logical choice. It may have started with one IT Person who was ticked off at what was happening, but my best guess is that the number grew as others found out.
Whoever it is let me say, “Thanks, Climategate 2.0” was a great early Christmas Gift!!!

Just what are you trying to do here? First you tip off Jones, then you try to out FOIA. Whose side are you on, anyway?
I think I’ll stick with Pointerman.
REPLY: Read the update I’ll post in a minute, you like many others are getting the wrong idea. – Anthony

I dont disagree that Anthony did the right thing, certainly from a professional, moral and honesty driven point of view it definitely was.
For me (maybe im crooked? 😀 ) its just the certainty that playing on a slanted table can only be problematic in terms of gaining an upper hand and laying bare the web of deceit being woven?
Although having said that, the old adage- “The truth will out” holds water vapour indeed.
I have absolutely no doubt whatsoever if we discovered that the sceptical side was indeed wrong/misinformed that itd soon be put to rights by admitting it and then we could all direct our energies into “the cause”….(ok maybe not. :D)
I cant really see the likes of the “team” ever doing that in public even though they certainly do in private!
Which is rather the point of what Anthonys done- he’s shown them the path.
One theyve strayed rather a long way from.
If youve any conscience left at all Phil J, do the right thing and come clean.

dadgervais says:
December 6, 2011 at 10:26 am
If only, back in 1942/43, the allies had such an ethical chap covering their backs, they could have notified the axis that Enigma and JU-5 were compromised. “Gentlemen do not read other people’s mail”
Luckily for us, the world was being saved by people like Churchill, who understood there was a time for tea and crumpets, and a time for punching people in the throat.

Anthony,
You may recall from days gone by, anyone who was an aware user on one of the
old regular Bell Labs Unix systems, one with the Berkely flavored modifications,
or an after-market hybrid, with just general read permission on
the system could rove the user files, and generally pull up filenames.
If the user allowed anyone in their “group” to have read permission for
a one of their files, the entire “group” shared the read permission unless the file
was specifically password protected. User + group read = rwx r– r– .
If you could read the file, you could copy it. Even if the orginating user file was
“linked” using ln to a file under the second users file directory, the other
user still had to have read permission to the original user’s file directory and then
the file itself.
A lot of regular users automatically set the file permissions to “all read” so all
other authorized users on that system had read access to most of their common
files, including their “out” box for e-mails.
If a user mistakenly, or for some reason (like revising data entries in columns in
a preexisting file) would give write permission to one of their
“group” that would involve giving the “group” both read and write permission to
both the user’s file account AND the file to be edited. All group read + write =
rwx rw- r– .
Passwords on individual files were a hassle. Unless the system administrators
set the default “permissions” for user file creation to rwx — — (read, write, and
execute for the file creator ONLY, the original Bell Labs default (rwx rwx rwx)
was generally modified to rwx r– r– . That gave the user read, write, and execute
ability on his/her file, with the group and the other system users read
permission to the file structure (filenames) only.
After a while a really active user had a file system that looked like swiss cheese
from a security point of view.
…AND THEN there were “guest” users, who had to have both a system password
to get into the system (usually from either an institutional computer system
(T- 1 or T – 3 connections) or with a modem or from a home stsyem. Their
permissions to the systems were specifically set by the administrators when the
“guest” account was set up using whatever the organizations general protocal for
outside accounts called for.
Up until the mid-1990’s home connections were intolerably slow.
In the Cimategate 1 & 2 e-mails, I don’t see any hint of mail coming from or going
to a “guest” user account.
As Neal notes above, there’s lots of hints the Climategate material came from
somewhere inside the CRU system.

An interesting post and I support giving Jones and JGR a heads-up because if something bad had happened (someone leaked work in progress to the public) it would only make WUWT look bad.
But I don’t buy the disillusioned IT guy thing. Someone had an axe to grind. Someone was close enough to the science to see the fraud. Maybe it was someone on the inside – not a scientist as they can’t even buy groceries – but perhaps a technician or an associate who was given temporary access to a poorly secured server.
But not an IT person. They are only 16-18 years old and carry a skate-board everywhere they go. Not malicious enough to carry this out so thoughtfully. Who would have predicted Climategate 2.0? Somebody out there is very patient. Like Gore’s ex-wife kind of person.
You know what they say about revenge. Might as well dig two graves.

FYI – “the server of interest”
This was given in the Muir Report as a backup mail server in the IT facility.
It was probably just a single file for the CRU department and wasn’t even as much as a quick “in and out job” since the perp wouldn’t have had to even be on the premises all he’d need was remote login credentials. It was almost certainly an inside job but that doesn’t mean the perp was physically inside but rather just means he had credentials either because he was an insider or knew an insider who gave him a credential. The least likely thing is that this was some sort of break-in where normal security was defeated.

More Soylent Green! says:
December 6, 2011 at 1:09 pm
“Anthony, you did the right thing by alerting them to the security hole.”
I found the active JGR passwords for Briffa, Jones, and someone else and passed them along to Anthony on August 23rd, the day before Anthony informed Jones and JGR. I wondered what he’d do with the information. I figured he’d do the right thing but it’s nice to know he did the right thing the very next day.

Eternal Optimist :
‘IwasWorkingInTheLabLateOneNightWhenMyEyesBeheldATerribleSight’
Dang, now I’m going to have change my pass-phrase back to 7777! Seriously Email is not secure and any privacy is a courtesy, not an entitlement . If you are using an employer provided Email service, your email does not belong to you. You can’t control what happens to your email after you send it so if you wouldn’t put it on a billboard, don’t send it.

“UPDATE: Many people in comments think I’m doing something wrong by writing to Phil Jones and AGU/JGR. In Phil Jones reply to me, he wrote: A couple of other people sent me emails about this issue.”
You did incriminate yourself by having accessed files, and trying to access the same files, you didn’t have the right to access. These days it can be illegal to access files you don’t have a right to access in EU, it pend on the country and how far they went implementing the EU directives. However, consider some states in the US, like Florida, they’re hard as* on any kind of “hacking”.

1DandyTroll;
You did incriminate yourself by having accessed files, and trying to access the same files, you didn’t have the right to access.>>>
Debatable at best. For starters, if the link including password were in an email, by whom was it sent, and to whom? For example, if the sender owned that account and sent his account link and password to someone else, he’d probably be in violation of JGR’s security policies which would have had to have been accepted on sign up. Further, the sharing of password information in clear text in an email is most likely also prohibited by JGR security policy (or should be) even if the sending of same was for a ligitimate purpose. Given that the links and passwords became public domain due to the release, any damage to JGR would be the resonsibility of those who improperly shared passwords and put them in clear text in emails.
In other words, any damage to Phil Jones would be Phil Jones responsibility for not having followed the acceptable use policies he was supposed to. Any damage to JGR would fall first on Phil Jones for violating their security policies, and second on UEA for failing to safe guard the emails in the first place, and third on JGR for leaving the links and passwords up for long periods of time without demanding a change to the passwords, or better still deleting any access to those accounts altogether once the article was published and those accounts no longer of use for the purpose they were intended.
Anthony has no more incriminated himself than had he found a sheet of paper on the street that, when read, turned out to be a top secret CIA document. Once in the public domain, it is public.

davidmhoffer says:
“December 6, 2011 at 3:49 pm
1DandyTroll;
You did incriminate yourself by having accessed files, and trying to access the same files, you didn’t have the right to access.>>>”
“Debatable at best.”
It’s not debatable, since it is against the law to access files via the internet you don’t have the explicit right to access. A mitigating factor for the perpetrator is not knowing you have no right to access the files or the fact that the unconcerning hacker, i.e. average joe, knows f*ck all about the law, but in this case when a person is making sure to point out that the files are accessible to just about everyone, including the file owners supposed enemy, by the enemy’s own account, having so made sure, …
If you know you shouldn’t access, you really shouldn’t access, unless you have a right to do so, however, just because someone tells you you have the right to do so doesn’t mean you actually a have legal right to do so, because the person saying you have a right to do so probably don’t have the right to authorize you to. It’s all in the fine print you know.

Anthony, despite some protests, you took the ethical and honorable course. People can take many things from you, but only you can forfeit your integrity.

Dandy,
I take it you haven’t read any of the e-mails (which you have no right to access)….

juanslayton says:
December 6, 2011 at 4:35 pm
Dandy,
“I take it you haven’t read any of the e-mails (which you have no right to access)….”
Oh, you’re ever trying to have so much fun on my expense. Sadly, for you, in my country, it is not especially illegal to read digital files, it is considered a nuances in my country still. 😉

The best defence against corruption simply is to stay clean. And the best attitude in any conflict is to always be courteous to your opponent. It doesn’t show weakness, it shows strength.
Being courteous isn’ the same as showing your cards or complying. It is a way to keep your own dignity and to keep an open channel to the other side, which is always a wise strategy in any conflict.
For me this site is not about conflict, although a lot of fighting goes on here… 🙂 It is about science. Clearly science, although the rules of the game are well known and in themselves not too difficult to uphold, is a difficult trade, with many pitfalls around. Within the scientific process itself, within the scientist’s psyche and the culture of their organizations, because of the high status of science in society and the use and misuse of science in politics and commerce. It’s all here on WUWT to see and learn from.
What is mankind’s new frontier right now? Is it space and going to Mars or discovering new planets around distant stars? Is it the exploration of the oceans? No, it is right on our doorstep. It is our weather, our climate as we experience it everyday. How does it work? Where does it go? What part do we humans play in it?
These questions are extremely difficult to answer. I don’t think they are high on the international agenda because some clever individuals have hijacked them and provided all kinds of wrong answers for their own agenda. They are high on the agenda because in the end most people do want good answers to these questions.
There may come a day mr. Gore c.s. will be remembered not for their foresight, not even for their clever manipulations of the public opinion, but for putting climate on the international agenda. So something good can come out of the “warmista’s” actions in the end. But it will be a long haul and a lot of effort. May WUWT be around for a long time to come!

It turns out the UEA policy guidelines regarding email retention, deletion, and backup are actually on their site!
http://www.uea.ac.uk/is/itregs/ictpolicies/File+and+email+restoration+policy
This version is dated 10/10/11. Without knowing what previous versions looked like, we can nonetheless draw some important conclusions regarding how the central email system was run, and what may (or may not) have been done correctly in terms of servicing FOIA requests. I’ve cut out some of the more interesting policy statements (italics) and my comments follow.
POLICY; File and email digital assets held on centrally-provided systems administered by ISD are regularly backed up to ensure service resumption following disaster in line with Disaster Recovery and Business Continuity (DR & BC) planning. End users of these systems are encouraged to delete items no longer required.
COMMENT: From this we can surmise that email systems are (currently anyway) being backed up centrally. Note the last sentence about deleting items that are no longer “required” as it becomes important later.
POLICY; (Staff only). Deletion of items should be in line with records retention schedules.
COMMENT: There clearly exists a records retention policy, but this document does not spell out what it is. In general, a records retention policy should specific what can be deleted at any time, what must be deleted on a given schedule, and what must never be deleted.
POLICY: (Staff only). Items subject to legal hold (for compliance purposes) should not be deleted.
COMMENT: This is important. Legal hold means that if an FOIA request has been filed, and an email is subject to that FOIA request, it may NOT be deleted under ANY circumstance until the FOIA request has been dealt with. If Phil Jones et al deleted any email AFTER an FOIA request had been made that would otherwise have turned up that specific email….I don’t know about the U.K., but in the U.S. that is BIG trouble. Further, the onus seems to be on the end user to preserve the email. Again, without understanding the nuances of UK compliance law, that seems rather odd. In Canada and the US, once an FOIA request has been submitted, the IT department searches for the relevant emails and puts a “legal hold” on them that prevents them from being deleted…by ANYONE.
POLICY: Once deleted, items may be held in a Deleted Items folder (e.g. Outlook for email) or Recycle Bin (e.g. Windows for files). A user can then choose to recover these items from the appropriate location should the item still be required, and the deletion was conducted in error.
COMMENT: Anyone who read this ought to have known that “deleting” emails didn’t actually permanently erase them. Anyone who was the subject of an FOIA request, ought to have read this, and ought to have been directed to do so by the FOIA officer.
POLICY: However, it should be noted that advice from the Information Commissioner’s Office (ICO) states that items which have been deleted but remain in a Deleted Items folder or a Recycle Bin are held by the Public Authority for the purposes of the Freedom of Information Act 2000 or Environmental Information Regulations 2004. This means they should be considered for release subject to a relevant request for information. However, when removed from these temporary deleted items stores, they are permanently deleted and no longer considered to be held.
COMMENT: Again, anyone subject to an FOIA request ought to have been directed to read this, and ought to have known as a result that simply deleting their email did not exempt it from being accessed by an FOIA request. MORE IMPORTANTLY, provided this same policy was in place for an extended period of time, Phil Jones comment that he had provided David Palmer all the relevant emails based on a search from Eudora (his email client) would have been a violation of the stated Freedom of Information Act 2000 because the UEA would have been legally required to also search all deleted email that they still held and Phil Jones did not. Given that the act was in place since 2000, even if the policy hadn’t been publicly disseminated, the FOIA officer would have been responsible for this, and accepting Phil Jones assertion that he’d provided “all” the correspondence without also asking IT for a search of any deleted email would be a serious breach of compliance policy and possibly the law.
POLICY: On occasions when files have been deleted permanently in error, end users may recover their own files via snapshot backups operating on centrally managed filestore. Snapshots can be used to recover files up to seven days after deletion. Beyond this period, ISD will not offer a service to aid their restoration.
COMMENT: While this policy applies to files rather than email, it suggests that the central IT department is in fact making on disk snapshots of data, and there is no reason to believe that email would be any different. Assuming that is correct, even email deleted by the end user the moment it was sent (combined with retaining deleted email in deleted folders) would ensure that even an email deleted seconds after it was sent would still wind up being held for at least 7 days, and hence it would also be backed up by the tape backup system. While IT seems to consider this “permanently” deleted after 7 days, with no responsibility on their part to restore it, unless they also delete it from their backup tapes (a very difficult thing to do) the files and any emails subject to the same retention policy would absolutely exist on tape backup. Again, not knowing the nuances of UK compliance law, I do not know if that makes them discoverable via FOIA requests. In Canada and the US, it certainly would.
POLICY: Under exceptional circumstances, for example to support security investigations, ISD can be called upon to attempt to recover files.
COMMENT: A tacit admission that they can probably recover pretty much anything if under the gun, just they’d prefer not to unless it is uber important. BUT, the files are most likely on tape backup based on this policy statement. So… to catch a hacker, they could restore files, but not for an FOIA request!
CLARIFICATION: The policy document contains a link to another document that discusses what can be “held” or subject to an FOIA request, including it being on backup tapes.
http://www.ico.gov.uk/foikb/PolicyLines/FOIPolicyDeletedelectronicinformation.htm
The relevant paragraph reads:
The Tribunal found in Harper that information on backup media can be held and the Section 46 Code of Practice (records management) says that “A record cannot be considered to have been completely destroyed until all copies, including back-up copies, have been destroyed, if there is a possibility that the data could be recovered”. However, the ICO takes the view that in general information on backup will not be held for the purposes of the Act as the public authority will have no use for it otherwise than where it is required after data loss.
COMMENT: That’s a bit vague for my liking, but it sounds like a huge get out of jail free card. Even though the email exists in the backup system, and may be evidence of criminal conduct, it cannot be discovered by an FOIA request UNLESS is was deleted in error in the first place. So, if Phil Jones deleted email to keep it from being discovered by an FOIA request, and did so prior to the FOIA request being filed, which in turn was at least 7 days or more after Phil Jones deleted it, then it would exist on tape backup, but would NOT be subject to FOIA.

Something to ponder…..
Today most of us all use email and instant messaging of one sort or another. Every bit of data that is sent from any computer world wide is trafficked through one of many server farms both public and private. Everything you send out is on a server somewhere in the world.
And all my kids ask me why i dont have a Facebook or My Yearbook… The US government has five strategically placed server farms for listening to US citizenry here in the states. No telling how many they have world wide for other purposes.. When is big brother too big?
Kudos Anthony for having the honorable fortitude to do “what was right”
Bill

There really, REALLY shouldn’t be a need for FOIA. All those emails and all the data behind their studies, papers, algorithms, etc, should be completely open source and available to all 7+ billion people that will be impacted by their clandestine actions–even (oh, heaven forbid!) to those that might try to find something wrong with their interpretations!
Where the attention should REALLY be placed is on the “climate scientists” (a completely disparaging term) that have perpetrated what they hoped would be the biggest scam on the world’s population. And all for filthy lucre.
Forget FOIA–concentrate on exposing “The Team” and “The Cause”!

Now here is something that could be very innocent…. but it sure sounds odd. In wandering around UEA’s web site where they publish IT policies, documentation etc, they have a section on infrastructure. Goodie says I to myself, hopefully they have info on what their backup system is, retention policies, off site tape procedures….no such luck. But…
http://www.uea.ac.uk/is/cis/infrastructure
What the heck is a “single point of truth database” ?!?
That link requires a username and password to access. Goshg, it may be completely innocent, but… a single point of truth database? What the heck is that? And why is it the only link in the list that requires a username and password?
How curious.

my spider senses are tingling, …

What the heck is a “single point of truth database” ?!?>>>
Upon doing a bit more digging. it sounds like SPOT is their name for their central authentication directory. Poor choice of naming in my opinion, but that’s sorta what a driectory is in IT, a central repository for who has access to what and when and why.

Whoever FOIA may be, they are not likely to be caught.
Reason: The government does not really want to. For if the culprit(s) is apprehended some kind of charge will need to be filed. That is likely to produce a public “trial of the century” in which the advocates will characterize them as the worst criminal since Jack the Ripper, while the skeptics will elevate them to the hero of the age. This is the last thing the UK gov wants.

Having supported public sector IT and then also in private enterprise, i can say that both environments generally suffer from narrow subject mater experts with no time for the “details”;-) Very intelligent people sometimes lac sense and reason. OMG I’m reliving every dead end infrastructure design argument………
“single point of truth database” is probably very benign. Its common in large enterprise environments (too many chiefs!) to have multiple disparate locations or duplicated infrastructure information, thus you then have to manage at another layer and have an aggregate location that is considered ultimately authoritative. This being on the DBS page is probably some sort of DB/table data lookup that translates the many TBytes of DB and million row tables with arcane names and fields into something recognizable by someone other than the person who made it.

David Ball says:
December 6, 2011 at 7:55 pm
If they admit it is a leak, that would be the end for funding.>>>
Ya know, a forensic IT audit proving exactly who “did it” is really tough to do. But…
Proving that it was or was not an outside hacker isn’t that hard to do.
There’s little doubt in my mind that this was an inside job. Someone know how to do an FOIA request for their firewall and server logs? An insider can sweep for fingerprints, an outsider cannot. If there’s no activity in the logs that supports an outside hacker theory, then certainty is as close to 100% as one will ever get on the matter.

Anthony
Once you became aware of the nature of these breaches, you really didn’t have much choice but to do the right thing and inform them. Their thanks and appreciation (or more likely lack of it), or that they may not have done the same thing for you is irrelevant.
Good on you mate! – as we Aussies say.

I don’t really care whether Anthony tips off Jones and some journals about their breached security. That’s up to him and was IMO probably the right thing to do.
But I am appalled at the number of boneheads who have dived into the game ‘let’s work out who the leaker is’ on this thread.
If it weren’t so distasteful it would be quite amusing reading all the soi disant IT experts helpfully opining with great certitude about FOIA.
Sophia’s parallel to the behaviour of Colonel Nicholson in the movie Bridge on the River Kwai was brilliant and summed up the situation on this thread perfectly.
The police seem to have dropped the investigation into C1? Well then, let sleeping dogs lie.
FOIA, for whatever reasons, wants anonymity. He/she deserves the gratitude of every person interested in climate change policy, warmist and skeptics alike.
Just imagine where skeptics would be now, if the two climategates had never happened.
He/she should be thanked, not exposed.

Anthony
It would be worth checking to see if UEA (and other organisations linked to climategate) have installed Symantec Enterprise Vault. This is an add-on for email systems that automatically archives email after a set period, thus reducing the size of mailboxes.
However, it can operate in two modes. Most big organisations have installed it since the Sarbanes-Oxley Act came into force. The first mode is plain old archiving – if you haven’t read an email for say a month, off it goes to the archive. You can quickly retrieve it, but your mailbox bloat is reduced.
Mode two is “journaling”. In journal mode, every incoming and outgoing email is copied to a massive central store (called a journal funnily enough) before it even gets to the users inbox. Doesn’t matter if they instantly delete it – the journal has a copy. And not even the Admins can break into it to delete the journalled copy. However, if you have the right Vault tools installed, you can search it to your heart’s content – very useful for lawsuits.
If the UEA and other universities have it installed, they have no excuse for failing to comply with FOI requests. None at all. The email is all there, and it’s all readily (and cheaply) searchable.

Seems to me, the easiest way to protect Mr FOIA ( or miss-missis) is for eveyone to claim tis they wot done it. 🙂

boy on a bike says:
December 7, 2011 at 2:43 am
Anthony
It would be worth checking to see if UEA (and other organisations linked to climategate) have installed Symantec Enterprise Vault.>>>
There are several products on the market that are similar. Having gone through the documentation on the UEA web site as regards their retention and recovery policies for deleted email and files, it is clear to me that Symantec EV or similar was not in place.

The prosecutor could depose his dog.

It’s important that the family dog NEVER be apprised of such possibility; don’t be fooled by that wagging tail …

The life and work of math genius John Nash was portrayed in A Beautiful Mind by Sylvia Nasar. The book inadvertently reveals the inflated egos, back stabbing, and nastiness that perculates just below the surface in our academic institutions; especially where research and research grants are involved. Imagine yourself in Dr. Jones’ Birkenstocks for a moment, as you survey the smoking ruin of what was supposed to be your life’s work. I don’t have enough knowledge about the issues to judge whether Anthony did the right thing or not but I can speculate what Dr. Jones muttered to himself when he read Anthony’s message. It probably went something like: “screw him AND the noble steed he just rode in on”