Guest essay by Eric Worrall
h/t Willie Soon – Mother Jones thinks the Climategate email leak and the Democrat Podesta Email hack were all part of a grand Russian conspiracy to subvert the West.
7 Years Before Russia Hacked the Election, Someone Did the Same Thing to Climate Scientists
“Why does this story sound so darned familiar?”
REBECCA LEBER AND AJ VICENSJANUARY/FEBRUARY 2018 ISSUE
One Saturday morning in June, two days after the president had announced his intention to withdraw the United States from the landmark Paris climate agreement, Michael Mann was tweeting about Donald Trump.
Mann, a Penn State professor who is one of the world’s most prominent climate scientists, was thinking about the daily barrage of revelations surrounding Russia’s efforts to help Trump win the previous year’s election. The hacked Democratic documents posted on WikiLeaks. The media craze over private emails that had been ripped out of context. Smear campaigns circulating on social media.
“#Russia #Wikileaks #HackedEmails #Sabotaged #ClimateAgreements,” tweeted Mann. “Why does this story sound so darned familiar?”
Seven years earlier, Trump was riffing on a very different set of hacked emails. The real estate mogul had called into Fox News after a blizzard to declare that climate change was a hoax. Trump claimed that “one of the leaders of global warming” had recently admitted in a private email that years of scientific research were nothing but “a con.”
In hindsight, the Climategate hack, clearly timed to disrupt the Copenhagen negotiations, looks like a precursor to the hack that helped shape the outcome of the 2016 election. That’s how John Podesta, the Clinton campaign chairman whose stolen emails were posted on WikiLeaks in the final weeks of the campaign, sees it. The parallels go beyond the hacks themselves. “I think it was the intentionality of influencing the public debate,” he says.
At the time, some observers openly wondered whether Russia might have orchestrated the Climategate hack. Investigators and other experts haven’t found much to support that hypothesis—the true culprit remains a mystery. Mann himself has pointed to the incident’s “curious connections” to Russia and WikiLeaks, but he, too, notes there’s no specific evidence that Moscow was to blame. Still, Mann sees other ways in which the episode was similar to what Hillary Clinton experienced in 2016. Both hacks, he notes, were “intended to impact the global political scene in a significant manner.”
Podesta, a leading advocate of climate action during the Obama years, describes Climategate as an early example of hackers conspiring “to take the fruits of illegal behavior, weaponize them, then use them in a political context.” And though the emails contained no evidence of scientific misconduct, Podesta notes, climate change deniers successfully used them to “change public perception and increase skepticism about the need for action at a pivotal moment.”
Sound familiar? Russian intelligence agents followed a strikingly similar blueprint in 2016 after they hacked the Democratic National Committee, the Democratic Congressional Campaign Committee, and Podesta’s personal Gmail account.
“If you were a Russian operative [and] pitching influence ops for the DNC, and somebody’s like, ‘Eh, I don’t know about that,’ literally you just turn around and go, ‘Look at how well it worked [with Climategate],’” says Jake Williams, a cybersecurity expert and former analyst at the National Security Agency. “I wouldn’t necessarily say one influenced the other, but certainly it’s good proof that that’s a technique that works.”
To access Podesta’s emails, the hackers used a targeted phishing attack that led his office to inadvertently turn over his login credentials. The DNC was hacked by two groups associated with Russian intelligence—one starting in 2015 and another in 2016—also via targeted phishing attacks. Tens of thousands of emails were eventually made public, along with Democratic fundraising reports and other planning materials. Batches of the stolen documents were given to individual news outlets, while other chunks were published directly to the blog of Guccifer 2.0—an online persona thought to be a front for Russian intelligence.
The Podesta hack and the Climategate leak were very different events.
The Podesta hack was ridiculously unsophisticated. Anyone with minimal software development training or a few illicit third party scripts could set up a similar hack. In my opinion as a software expert there is no reason to think the Posdesta hack was specifically aimed at Podesta. The hackers probably had no idea what they had stolen until they analysed their haul. These kinds of hacks are normally aimed at 10s of thousands of potential victims, in the hope someone will be stupid enough to click the fake web link. There was no secrecy about how the Podesta emails were stolen.
… SecureWorks concluded Fancy Bear had sent Podesta an email on March 19, 2016 that had the appearance of a Google security alert, but actually contained a misleading link—a strategy known as spear-phishing. (This tactic has also been used by hackers to break into the accounts of other notable persons, such as Colin Powell). The link—which used Bitly, a URL shortening service—brought Podesta to a fake log-in page where he entered his Gmail credentials. The email was initially sent to the IT department as it was suspected of being a fake but was described as “legitimate” in an e-mail sent by a department employee, who later said he meant to write “illegitimate.” …
Read more: https://en.wikipedia.org/wiki/Podesta_emails
Climategate in my opinion was an inside job by a whistleblower. The “sophisticated technique” used by the offender to conceal their location was likely a proxy server or series of proxy servers – computers which relayed the original file transfer request through a series of different computers, to conceal the back trail. The computer which was accessed which “could not be accessed easily” was probably an orphan computer sitting on a forgotten part of the network, likely with no password protection. FOIA was worried about being identified, so FOIA was likely someone known to at least some of the people whose emails he or she leaked.
… The incident began when a server used by the Climatic Research Unit was breached in “a sophisticated and carefully orchestrated attack”, and 160 MB of data were obtained including more than 1,000 emails and 3,000 other documents. The University of East Anglia stated that the server from which the data were taken was not one that could be accessed easily, and that the data could not have been released inadvertently. Norfolk Police later added that the offenders used methods that are common in unlawful internet activity, designed to obstruct later enquiries. The breach was first discovered on 17 November 2009 after the server of the RealClimate website was also hacked and a copy of the stolen data was uploaded there. RealClimate’s Gavin Schmidt said that he had information that the files had been obtained through “a hack into [CRU’s] backup mail server.” At about the same time, a short comment appeared on Stephen McIntyre’s Climate Audit website saying that “A miracle has happened.” …
It is not impossible that some spy agency orchestrated both incidents, but neither incident demonstrated an unusual level of technical sophistication. A superficial read of the descriptions of both incidents make the incidents seem the work of criminal masterminds – but exagerating the prowess of the opposition is what people do when someone makes them look like incompetents.
The use of Russian servers is not evidence of Russian involvement. There is a good reason hackers and whistleblowers often choose to publish sensitive material on Russian servers; Russian servers are generally beyond the legal jurisdiction of Western governments and Western law enforcement agencies. The owner of a US file share server could have been intimidated into censoring the content of their server, of removing the material as soon as it was discovered, and could have been forced to surrender details of whoever saved the file on their server.
There is evidence Russia is concerned about Western obsession with Russian political interference. Putin recently accused Russia conspiracists of “Political Schizophrenia”. I’m not suggesting that Russia should be given a free pass – but scapegoating Russia for every domestic political setback without substantive evidence of actual Russian involvement could have dangerous consequences.