Post updated – see below. 
Climategate – whodunnit?
Well, according to this story in Help Net Security, the Information Technology people might be good candidates to see what has been going on behind the scenes at UEA’s Climate Research Unit, since it seems that they have broad access and according to a recent survey, many in IT positions can’t resist peeking:
“IT security staff will be some of the most informed people at the office Christmas party this year. A full 26 per cent of them admit to using their privileged log in rights to look at confidential information they should not have had access to in the first place. It has proved just too tempting, and maybe just human nature, for them to rifle through redundancy lists, payroll information and other sensitive data including, for example, other people’s Christmas bonus details.”
Here’s some eye opening survey stats about what IT people do with that access:
- 42 percent of those surveyed said that in their organisations’ IT staff are sharing passwords or access to systems or applications
- 26 percent said that they were aware of an IT staff member abusing a privileged login to illicitly access sensitive information
- 48 percent of respondents work at companies that are still not changing their privileged passwords within 90 days – a violation of most major regulatory compliance mandates and one of the major reasons why hackers are still able to compromise the security of large organisations.
Remember the HARRY READ ME file from Climategate 1? That programmer was bemoaning the sad state of the database an methodologies because he had a broad view afforded by working with the data within the organizational group. He knew more than any single person he was doing work for.
In the case of the UEA Climategate 1 and 2 emails, it seems clear now that to gather up as much information as has been shown to be available, it wasn’t likely a quick in and out job. As this WUWT guest post by David M. Hoffer shows that this wasn’t just a simple hack. He wrote:
So…who had administration rights on the email system itself? There’s reason to believe that it was not any of the researchers, because it is clear from many of the emails themselves that they had no idea that things like archives and backup tapes existed.
Whoever did it likely got it from the email archive system, knew what they were doing, and they had to have broad access to get all these emails gathered together.
Then, when we see that 256 bit AES encrytion was the choice to secure the remaining nearly 1/4 of a million emails, we know that “FOIA” whoever he/she is, knows enough to choose the kind of security that would not likely be cracked in any reasonable amount of time. This probably rules out script kiddies and students at UEA who might have had accidental network access and just grabbed a few files when they thought nobody was looking.
And what about the original first “hack” of the RealClimate.org server that Gavin Schmidt squelched? When we see survey results like 42 percent of those surveyed said that in their organisations’ IT staff are sharing passwords or access to systems or applications and we know how close and interconnected UEA/CRU and GISS staff are, the likelihood that whomever left that first drop of emails on the RealClimate server probably had some shared password or other sort of access.
The sharing of system access in emails was broadly demonstrated in Climategate 2.0. For example, Dr. Phil Jones and others at CRU sent some emails out years ago that linked to papers under review at the Journal of Geophysical Research. Some WUWT readers found these early on, and sure enough, such links from years ago in the CG2 emails still worked.
A few days ago I made the issue known to Dr. Phil Jones and to the JGR journal staff so they could close this security hole. As far as I know, all have been closed. I’ve tested again tonight and the live link fails now. Now that they have been closed, I can talk about it safely without putting JGR’s manuscript system at risk.
From: Anthony
Sent: Thursday, November 24, 2011 5:10 PM
To: p.jones@uea.xxxx.xxx
Cc: grlonline@xxxx.xxx ; jgr-atmospheres@xxxxx.xxx
Subject: password enabled JGR links in Climategate 2 files
Dear Dr. Jones,
I know that you know me, and probably do not like me for my views and publications. Regardless of what you may think of me and my work, it has been brought to my attention by a reader of my blog that there are open access links to your manuscripts at JGR included in the email that are now in the public view.
Therefore, it is my duty to inform you that in the recent release of Climategate 2 files there are links to JGR journal review pages for your publications and also for the publications for Dr. Keith Briffa.
For example, this link:
http://jgr-atmospheres-submit.agu.org/cgi-bin/main.plex?el=
I have verified that in fact that link opens your JGR account and provides full access to your JGR account.
In fact there are 35 different emails in this release that contain live links to JGR/AGU author pages. Similar other links exist, such as for Dr. Keith Briffa and others at CRU.
This of course is an unintended and unacceptable consequence of the email release.
I am cc:ing Joost de Gouw Editor, JGR Atmospheres in hopes that he can take action to close this open access to these accounts. It is a holiday here in the USA (Thanksgiving) and there may not be office hours on Friday but hopefully he is monitoring emails.
JGR should immediately change all passwords access for these CRU members and I would advise against allowing transmission of live links such as the one above in the future. JGR might also consider a more secure method of manuscript sharing for review.
The open nature of these links is not publicly “on the radar” even though they are in fact public as a part of the email cache, and I do not plan on divulging them for any reason. Any mention of these links will be deleted from any public comments on my blog should any appear.
Dr. de Gouw (or anyone at JGR) and Dr. Jones, please acknowledge receipt of this email.
Thank you for your consideration.
Best regards,
Anthony Watts
So clearly, CRU and others in the emails didn’t think twice about sending around open access live links. As David M. Hoffer points out in his article, the researchers don’t seem to have a clue about security. They also leave “sensitive” files they don’t want to share under FOIA requests lying about on open FTP servers. Based on what I’ve seen so far, I don’t think any of the research staff at CRU had either broad access nor the specific tech knowledge to pull this “hack” off.
Somebody who had the ability to peek at these emails as part of their job might just as easily have had access to the RealClimate Server too. Remember there’s almost a quarter million emails we haven’t seen. Chances are, one of those contained the key to the RC server, which allowed them to become an RC administrator and post the original FOIA story which Gavin Schmidt caught and squelched.
I and others I correspond with have our theories about who the leaker might be. From my perspective now, someone with broad system access looks to be a more likely candidate than a malicious outsider.
UPDATE: Many people in comments think I’m doing something wrong by writing to Phil Jones and AGU/JGR. In Phil Jones reply to me, he wrote: A couple of other people sent me emails about this issue.
So clearly I wasn’t the first to notify him of the open links to AGU. But more importantly, my email was also sent to AGU editors and the editor of JGR Atmospheres. Despite what troubles Jones and his group have caused over the year with skeptics, AGU/JGR has been a reasonable journal that has published skeptical papers, including my own. Protecting that relationship with skeptics who publish is valuable and the last thing we need is a scandal where papers submitted to AGU/JGR are showing up on other skeptic websites before they are reviewed because Jones sent active links around in emails. Having the knowledge of the security holes was a damned if I do damned if I don’t proposition, but I opted on the side of doing what I felt was the right course of action. If that upsets a few people, so be it. – Anthony
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
1DandyTroll;
You did incriminate yourself by having accessed files, and trying to access the same files, you didn’t have the right to access.>>>
Debatable at best. For starters, if the link including password were in an email, by whom was it sent, and to whom? For example, if the sender owned that account and sent his account link and password to someone else, he’d probably be in violation of JGR’s security policies which would have had to have been accepted on sign up. Further, the sharing of password information in clear text in an email is most likely also prohibited by JGR security policy (or should be) even if the sending of same was for a ligitimate purpose. Given that the links and passwords became public domain due to the release, any damage to JGR would be the resonsibility of those who improperly shared passwords and put them in clear text in emails.
In other words, any damage to Phil Jones would be Phil Jones responsibility for not having followed the acceptable use policies he was supposed to. Any damage to JGR would fall first on Phil Jones for violating their security policies, and second on UEA for failing to safe guard the emails in the first place, and third on JGR for leaving the links and passwords up for long periods of time without demanding a change to the passwords, or better still deleting any access to those accounts altogether once the article was published and those accounts no longer of use for the purpose they were intended.
Anthony has no more incriminated himself than had he found a sheet of paper on the street that, when read, turned out to be a top secret CIA document. Once in the public domain, it is public.
I disagree with Anthony’s conclusion. I think that there are hundreds of thousands of people with the ability to break into CRU in 2009.
I used to frequent a spam-fighting newsgroup years ago. A lot of spam came from compromised academic servers. The consensus in the newsgroup was that “security” was a joke in much of academia. If that was the case at UAE, I’m sure that hundreds of thousands of people around the planet, ranging from snotty-nosed-14-year-old kids to ordinary hobbyists like me to competent IT personnel could easily have broken into CRU from the outside, if they felt like it. I could rattle off a break-in scenario off the top of my head, but people would probably yell and scream about me giving bad guys ideas on how to break into systems, so I won’t.
davidmhoffer says:
“December 6, 2011 at 3:49 pm
1DandyTroll;
You did incriminate yourself by having accessed files, and trying to access the same files, you didn’t have the right to access.>>>”
“Debatable at best.”
It’s not debatable, since it is against the law to access files via the internet you don’t have the explicit right to access. A mitigating factor for the perpetrator is not knowing you have no right to access the files or the fact that the unconcerning hacker, i.e. average joe, knows f*ck all about the law, but in this case when a person is making sure to point out that the files are accessible to just about everyone, including the file owners supposed enemy, by the enemy’s own account, having so made sure, …
If you know you shouldn’t access, you really shouldn’t access, unless you have a right to do so, however, just because someone tells you you have the right to do so doesn’t mean you actually a have legal right to do so, because the person saying you have a right to do so probably don’t have the right to authorize you to. It’s all in the fine print you know.
davidmhoffer,
“Anthony has no more incriminated himself than had he found a sheet of paper on the street that, when read, turned out to be a top secret CIA document. Once in the public domain, it is public.”
Pending on the country you live in, the information is in the public domain, that does not mean that just because the information on how to access systems and files is on the internet, in the public domain, that you have the right to legally access those systems or files.
Anthony, despite some protests, you took the ethical and honorable course. People can take many things from you, but only you can forfeit your integrity.
REPLY: That’s quite an extrapolation. I don’t see angry protestors demanding “FOIA” be apprehended. Get a grip. If the Norfolk Police have stopped investigating (and all indications are that they have) I think the UEA probably doesn’t want to push the issue further. – Anthony
You may be right. No angry protesters, certainly. And not a lot of police activity evident, either. But there are other parties involved, UEA being merely a for-hire entity. FOIA may have helped plug a hole that other people were planning to siphon a trillion dollars through. The stakes are huge and the players are very, very big, including the UN, and not benign. Remember those two men who, 4 months apart, “fell” to their deaths at a UN building in Vienna?
http://www.ruthfullyyours.com/2009/10/25/second-nuclear-expert-falls-to-his-death-in-vienna/
Dandy,
I take it you haven’t read any of the e-mails (which you have no right to access)….
The computer code does show they did exactly what they said they would do faked the data .
juanslayton says:
December 6, 2011 at 4:35 pm
Dandy,
“I take it you haven’t read any of the e-mails (which you have no right to access)….”
Oh, you’re ever trying to have so much fun on my expense. Sadly, for you, in my country, it is not especially illegal to read digital files, it is considered a nuances in my country still. 😉
“… lead me to speculate on a direction for a “whodunnit””
“UPDATE: Many people in comments think I’m doing something wrong by writing to Phil Jones and AGU/JGR.”
Forget helping the Global Cooling deniers with the possible identity of the “whodunnit”. There is only one good reason to identify the “whodunnit”.
To give the “whodunnit” accolades and a large financial reward for bringing down the corrupt GW cabal. The “whodunit” has likely saved Taxpayers billions of dollars in wasted funding and saved Consumers (worldwide) trillions of dollars in bogus Carbon costs.
As for the claims by the Global Cooling deniers and GW cabal that the “whodunnit” did wrong and should be arrested and punished —- hogwash! When someone sees the amount of corruption and wrong doing that was taking place behind GW cabal curtains, it is the person(s) responsibility to Blow the Whistle. People need to remember the GW cabal was Lying to humanity for power and profit, in one of the most despicable ways — using F.U.D.
The best defence against corruption simply is to stay clean. And the best attitude in any conflict is to always be courteous to your opponent. It doesn’t show weakness, it shows strength.
Being courteous isn’ the same as showing your cards or complying. It is a way to keep your own dignity and to keep an open channel to the other side, which is always a wise strategy in any conflict.
For me this site is not about conflict, although a lot of fighting goes on here… 🙂 It is about science. Clearly science, although the rules of the game are well known and in themselves not too difficult to uphold, is a difficult trade, with many pitfalls around. Within the scientific process itself, within the scientist’s psyche and the culture of their organizations, because of the high status of science in society and the use and misuse of science in politics and commerce. It’s all here on WUWT to see and learn from.
What is mankind’s new frontier right now? Is it space and going to Mars or discovering new planets around distant stars? Is it the exploration of the oceans? No, it is right on our doorstep. It is our weather, our climate as we experience it everyday. How does it work? Where does it go? What part do we humans play in it?
These questions are extremely difficult to answer. I don’t think they are high on the international agenda because some clever individuals have hijacked them and provided all kinds of wrong answers for their own agenda. They are high on the agenda because in the end most people do want good answers to these questions.
There may come a day mr. Gore c.s. will be remembered not for their foresight, not even for their clever manipulations of the public opinion, but for putting climate on the international agenda. So something good can come out of the “warmista’s” actions in the end. But it will be a long haul and a lot of effort. May WUWT be around for a long time to come!
Jurgen says:
December 6, 2011 at 5:22 pm
“The best defence against corruption simply is to stay clean.”
The real question is though, who decide’s who is clean? You, me, Mr Watts, Al Gore, …or whom?
It turns out the UEA policy guidelines regarding email retention, deletion, and backup are actually on their site!
http://www.uea.ac.uk/is/itregs/ictpolicies/File+and+email+restoration+policy
This version is dated 10/10/11. Without knowing what previous versions looked like, we can nonetheless draw some important conclusions regarding how the central email system was run, and what may (or may not) have been done correctly in terms of servicing FOIA requests. I’ve cut out some of the more interesting policy statements (italics) and my comments follow.
POLICY; File and email digital assets held on centrally-provided systems administered by ISD are regularly backed up to ensure service resumption following disaster in line with Disaster Recovery and Business Continuity (DR & BC) planning. End users of these systems are encouraged to delete items no longer required.
COMMENT: From this we can surmise that email systems are (currently anyway) being backed up centrally. Note the last sentence about deleting items that are no longer “required” as it becomes important later.
POLICY; (Staff only). Deletion of items should be in line with records retention schedules.
COMMENT: There clearly exists a records retention policy, but this document does not spell out what it is. In general, a records retention policy should specific what can be deleted at any time, what must be deleted on a given schedule, and what must never be deleted.
POLICY: (Staff only). Items subject to legal hold (for compliance purposes) should not be deleted.
COMMENT: This is important. Legal hold means that if an FOIA request has been filed, and an email is subject to that FOIA request, it may NOT be deleted under ANY circumstance until the FOIA request has been dealt with. If Phil Jones et al deleted any email AFTER an FOIA request had been made that would otherwise have turned up that specific email….I don’t know about the U.K., but in the U.S. that is BIG trouble. Further, the onus seems to be on the end user to preserve the email. Again, without understanding the nuances of UK compliance law, that seems rather odd. In Canada and the US, once an FOIA request has been submitted, the IT department searches for the relevant emails and puts a “legal hold” on them that prevents them from being deleted…by ANYONE.
POLICY: Once deleted, items may be held in a Deleted Items folder (e.g. Outlook for email) or Recycle Bin (e.g. Windows for files). A user can then choose to recover these items from the appropriate location should the item still be required, and the deletion was conducted in error.
COMMENT: Anyone who read this ought to have known that “deleting” emails didn’t actually permanently erase them. Anyone who was the subject of an FOIA request, ought to have read this, and ought to have been directed to do so by the FOIA officer.
POLICY: However, it should be noted that advice from the Information Commissioner’s Office (ICO) states that items which have been deleted but remain in a Deleted Items folder or a Recycle Bin are held by the Public Authority for the purposes of the Freedom of Information Act 2000 or Environmental Information Regulations 2004. This means they should be considered for release subject to a relevant request for information. However, when removed from these temporary deleted items stores, they are permanently deleted and no longer considered to be held.
COMMENT: Again, anyone subject to an FOIA request ought to have been directed to read this, and ought to have known as a result that simply deleting their email did not exempt it from being accessed by an FOIA request. MORE IMPORTANTLY, provided this same policy was in place for an extended period of time, Phil Jones comment that he had provided David Palmer all the relevant emails based on a search from Eudora (his email client) would have been a violation of the stated Freedom of Information Act 2000 because the UEA would have been legally required to also search all deleted email that they still held and Phil Jones did not. Given that the act was in place since 2000, even if the policy hadn’t been publicly disseminated, the FOIA officer would have been responsible for this, and accepting Phil Jones assertion that he’d provided “all” the correspondence without also asking IT for a search of any deleted email would be a serious breach of compliance policy and possibly the law.
POLICY: On occasions when files have been deleted permanently in error, end users may recover their own files via snapshot backups operating on centrally managed filestore. Snapshots can be used to recover files up to seven days after deletion. Beyond this period, ISD will not offer a service to aid their restoration.
COMMENT: While this policy applies to files rather than email, it suggests that the central IT department is in fact making on disk snapshots of data, and there is no reason to believe that email would be any different. Assuming that is correct, even email deleted by the end user the moment it was sent (combined with retaining deleted email in deleted folders) would ensure that even an email deleted seconds after it was sent would still wind up being held for at least 7 days, and hence it would also be backed up by the tape backup system. While IT seems to consider this “permanently” deleted after 7 days, with no responsibility on their part to restore it, unless they also delete it from their backup tapes (a very difficult thing to do) the files and any emails subject to the same retention policy would absolutely exist on tape backup. Again, not knowing the nuances of UK compliance law, I do not know if that makes them discoverable via FOIA requests. In Canada and the US, it certainly would.
POLICY: Under exceptional circumstances, for example to support security investigations, ISD can be called upon to attempt to recover files.
COMMENT: A tacit admission that they can probably recover pretty much anything if under the gun, just they’d prefer not to unless it is uber important. BUT, the files are most likely on tape backup based on this policy statement. So… to catch a hacker, they could restore files, but not for an FOIA request!
CLARIFICATION: The policy document contains a link to another document that discusses what can be “held” or subject to an FOIA request, including it being on backup tapes.
http://www.ico.gov.uk/foikb/PolicyLines/FOIPolicyDeletedelectronicinformation.htm
The relevant paragraph reads:
The Tribunal found in Harper that information on backup media can be held and the Section 46 Code of Practice (records management) says that “A record cannot be considered to have been completely destroyed until all copies, including back-up copies, have been destroyed, if there is a possibility that the data could be recovered”. However, the ICO takes the view that in general information on backup will not be held for the purposes of the Act as the public authority will have no use for it otherwise than where it is required after data loss.
COMMENT: That’s a bit vague for my liking, but it sounds like a huge get out of jail free card. Even though the email exists in the backup system, and may be evidence of criminal conduct, it cannot be discovered by an FOIA request UNLESS is was deleted in error in the first place. So, if Phil Jones deleted email to keep it from being discovered by an FOIA request, and did so prior to the FOIA request being filed, which in turn was at least 7 days or more after Phil Jones deleted it, then it would exist on tape backup, but would NOT be subject to FOIA.
davidmhoffer says: December 6, 2011 at 1:42 pm
I agree, wholeheartedly.
While I agree that there’s no certainty (and it could just be that your memory has temporarily faiied you!), if we take FOIA (whom I prefer to call The Saint) at her/his words (which, I believe, s/he chose quite carefully), consider the following relevant parts of the accompanying messages (bolding is mine -hro)
FOI2009:
FOIA2011:
Consider, as well, that a year ago, Nature‘s David Adam reported that:
This suggests to me that (Muir Russell’s findings and “evidence” notwithstanding) UEA/CRU have long been well aware that there could be more coming!
I realize that this doesn’t refute your theory, but, IMHO, it does offer an alternative way of looking at the bigger picture. For those who are interested, I do have some additional speculations pertaining to FOIA and timing (past, present and possible future) in the context of other (you should pardon the expression) anomalies:
Climategate: Of thumbnails, big pictures and timing
Something to ponder…..
Today most of us all use email and instant messaging of one sort or another. Every bit of data that is sent from any computer world wide is trafficked through one of many server farms both public and private. Everything you send out is on a server somewhere in the world.
And all my kids ask me why i dont have a Facebook or My Yearbook… The US government has five strategically placed server farms for listening to US citizenry here in the states. No telling how many they have world wide for other purposes.. When is big brother too big?
Kudos Anthony for having the honorable fortitude to do “what was right”
Bill
After reading many comments on many sites like this great one by Mr. Watts I have a couple of thoughts I have not seen though I have not read all comments so this could be redundant.
First and foremost I want to thanks Mr./Mrs. FOIA from here on referred to as “The Saint”.
Also – I find the two releases (CG1 and CG2) to be a bit different in a way that might have some purpose (known only to the emailers and the “The Saint” and not the public) although I have not been able to read every email from both releases so my comments stems more from sites like this one and may miss the mark.
The first releases seems considerable milder compared to CG2 based on the context released in this latest effort. The first release seemed more targeted implicating mostly the researchers themselves and the games they were playing either with the data or the suppression of skeptical research. It was still very incriminating and based on that information you would have thought the propaganda would have subsided. Maybe to some degree it did over the last couple of years. We did not get a grand agreement in Copenhagen or last year in Cancun and that in and of itself might have been a goal of The Saint, to squash global agreements and put others on notice.
But what has continued since CG1 is a relentless push to further the goals of the teams cause as well as working towards other means to their ends.
Now we have a second batch which clearly went to the next level. These emails have much more context and threads that can be followed to a logical end. It seems to me very unlikely these emails were pulled randomly. Maybe some were but there are too many that allow a complete analysis on specific points. These emails totally wiped out the idea that there was a consensus in the scientific community which has continued to be pushed I would argue harder than before CG1. I find that point alone very interesting as I do not remember CG1 showing so much internal debate.
Finally, this distribution implicates everybody from the CRU and other Universities to Governments, NGO’s, major publications and their authors and clearly shows this was purely a political ideology not science. I do not remember the first set being so sweeping in who was implicated. Yet even by implicating everyone, The Saint was careful as to keep the focus on the original subjects, Mann, Jones, Wigley, and others while scratching the surface on those other players. This tells me The Saint took time in this release.
My hypothesis –
The CG1 release was a warning to the scientist to clean up your act since you know what I (The Saint) have and how much worse this could be and a warning to governments that they might have a problem if they move on what we now know to be made up science. (I just do not understand why CG1 did not include more of the internal debate and doubts by many inside the AGW science as well as the sniping that we see in this release CG2 as well as the connections unless he had a plan predicated on outcomes?)
The CG2 release was a careful and methodical release with very specific objectives. It is very bad for the scientist and a warning to the Governments, NGO’s, publications, and other interested parties that may have much more to lose in the remaining emails. Is there any doubt that these emails will not connect even more dots implicate even more parties. I would like to know but is the public ready to know the full story?
The Saint could be just an honest broker tired of the lies and smart enough to know that in this case to much information could be dangerous not just himself but to a far larger audience.
There really, REALLY shouldn’t be a need for FOIA. All those emails and all the data behind their studies, papers, algorithms, etc, should be completely open source and available to all 7+ billion people that will be impacted by their clandestine actions–even (oh, heaven forbid!) to those that might try to find something wrong with their interpretations!
Where the attention should REALLY be placed is on the “climate scientists” (a completely disparaging term) that have perpetrated what they hoped would be the biggest scam on the world’s population. And all for filthy lucre.
Forget FOIA–concentrate on exposing “The Team” and “The Cause”!
1DandyTroll;
Pending on the country you live in, the information is in the public domain, that does not mean that just because the information on how to access systems and files is on the internet, in the public domain, that you have the right to legally access those systems or files.>>>
Nyet. The link is just a link, and until you follow it, you don’t actually know what is in it. The fact that is was in an email (now public domain) in clear text (contravention most likely of security policy at both UEA and JGR) and which Anthony has no legal obligation to enforce since he is not subject to the rules of either organization and as a consequence would not be privy to their policies, and hence has no way of knowing if the link leads to confidential information….or not.
If Anthony followed the long, and the web site page opened with a confidentiality warning, then Anthony MIGHT be bound by it…at that point. Try and “prove” that he did anything but test the link! He could even test links on the front page to see if they worked or not, its all just testing of links you see. That doesn’t mean he read a thing, just zipped through looking for something clickable. In the US, even if he did read it, he can’t be compelled to testify against himself, so unless he read it out loud to his wife…no, she can’t be compelled to testify against her husband…OK, to his dog. The prosecutor could depose his dog.
Incriminated himself? LOL, no prosecutor would even take a shot.
Now here is something that could be very innocent…. but it sure sounds odd. In wandering around UEA’s web site where they publish IT policies, documentation etc, they have a section on infrastructure. Goodie says I to myself, hopefully they have info on what their backup system is, retention policies, off site tape procedures….no such luck. But…
http://www.uea.ac.uk/is/cis/infrastructure
What the heck is a “single point of truth database” ?!?
That link requires a username and password to access. Goshg, it may be completely innocent, but… a single point of truth database? What the heck is that? And why is it the only link in the list that requires a username and password?
How curious.
hro001;
I realize that this doesn’t refute your theory, but, IMHO, it does offer an alternative way of looking at the bigger picture.>>>
All good points! For what it is worth, I wasn’t intending that my remarks should be taken as a theory. Just as I did in the main article I wrote (see link in Anthony’s intro above) my intention was not to say “here’s what I think happened” but to explain the basics of how the various systems worked and from there what the possibilities were.
As John commented further downthread, the “style” of the release seems rather different from CG1 to CG2. I also note the use of the word “we” in the test you quoted, indicating that potentially more than one person is involved. Either that or the culprit is the Queen?
my spider senses are tingling, …
davidmhoffer says:
December 6, 2011 at 6:48 pm
I’m guessing it requires a username and password because they don’t want anybody but authorized persons to see their version of “the truth”.
What the heck is a “single point of truth database” ?!?>>>
Upon doing a bit more digging. it sounds like SPOT is their name for their central authentication directory. Poor choice of naming in my opinion, but that’s sorta what a driectory is in IT, a central repository for who has access to what and when and why.
As a long term IT professional and long time lurker here is my 2 cents worth:
7ZIp is rarely used by the general public they use the built in Windows compression or WinZIP directly. Those with more IT exposure use WinRAR because it covers just about all compression technologies from TAR balls to 7ZIP. Those who use 7ZIP directly are generally fringe IT people or Open Sourcers but not all. It does indicate someone with close links to IT and at least some experience. Those in the industry know that 128 and 256 levels of encryption are breakable. Those with better sources will know that 512 is also breakable with the right resources so we are not dealing with a security specialist -or- they are locked into whatever level of encryption 7ZIP provides. The contents could also be further encrypted (I’ve done it) and thus negating the previous observations.
Either way like many above I applaud the individual for getting the information out. Much of it was retrieved from a public server so hardly a hacking exercise, rather a whistle blower who should be supported rather than vilified as some have done.
I read a letter in our local paper today parroting the 3mm sea level rises. With the amount of satellite data analysis available point out that is not happening you’d think they would have been bother to check what has happened since the IPCC came out with that figure. Too bad more AGW Believers don’t take more advantage of public domain and read some of the latest papers or for that matter anything not found in the Summary Report for Politicians (sic).
Whoever FOIA may be, they are not likely to be caught.
Reason: The government does not really want to. For if the culprit(s) is apprehended some kind of charge will need to be filed. That is likely to produce a public “trial of the century” in which the advocates will characterize them as the worst criminal since Jack the Ripper, while the skeptics will elevate them to the hero of the age. This is the last thing the UK gov wants.