A Third Theory
Charles of WUWT offers a new and interesting theory of the file: that the file was not “stolen”, it was “found”. See
here. Charles’ epithet: “Never assume malice where stupidity will do”.
Here’s his scenario.
The collation of files was made by the university in connection with the FOI appeal – an appeal that they were going to thoroughly document because of all the publicity during the summer. They then used the intranet server to share the file among interested parties for the FOI review on Nov 13.
And then between Nov 13 and Nov 17, someone came along and found this astonishing file sitting on the server. Sound impossible?
Read last summer’s posts on the “Mole” at CRU. Phil Jones had refused to provide station data claiming that it was covered by all sorts of confidentiality agreements (though he couldn’t find the agreements and couldn’t remember who they were with.
One day in late July, I discovered that they had left station data versions from 2003 and 1996 on their server – without webpage links but accessible all the same. They were stale versions of the requested data, but this data was supposedly hugely “confidential”. They were just sitting in cyberspace waiting for someone to download.
Charles hypothesizes that that’s what happened here. No hacker, no mole.
This theory could be disproved one way or another by the university’s FOI department. I’m sure that someone will ask them about their role, if any, in compiling the zip file.
Climate Audit - mirror site [OBSOLETE!] 
And then the nothacker tried to upload the file it to RC’s website by nothacking.
Can you reveal more about the attempt to upload the file to RealClimate? Did the cracker crack into realclimate.org too, or is there already a publicized feature on realclimate.org allowing third parties to upload data? Where did the upload come from? etc.
[Response: I was wondering when someone would ask. It was a hack into our server around 6am Tuesday. The IP address was from a computer in Turkey. – gavin]
The point is, AB, that there wasn’t necessarily an inside deep throat, and there wasn’t necessarily a cracker. It’s still clear that some anonymous individual who came into possession of the zip file made an effort to get it out into the wilds of the internet. The question before us is, how did said person come into possession of said file?
But you knew that, didn’t you?
Regarding Gavin’s response, it kind of depends on how you define “hack”, doesn’t it?
Having said all that, I’d say that the one bit of evidence that shoots this theory down is the fact that CRU canceled all passwords after the event. That wouldn’t have been a logical response to an accidental release.
Has anyone notified the police that RC has been hacked? You don’t need to be affiliated with RC to report a crime of this sort. Just trying to be a good Samaritan here…
Note the date that Paul Hudson received the “hacked ” emails …. October 12th???
http://www.bbc.co.uk/blogs/paulhudson/2009/11/climategate-cru-hacked-into-an.shtml…
For the same mistake to happen twice would be unequivocally stupid on someone’s part.
I don’t buy this theory. If the powers that be at CRU finally came kicking and screaming to the conclusion that they had no choice nor recourse whatsoever but to comply with Steve’s FIO request, there is no way (IMHO) that they would have picked these files. They would have picked only the minimum set of data files that would fulfill the request. They would not have include the many damning and incredibly embarrassing emails that are in the archive.
I vote for the theory that the archive was assembled and leaked by a insider. I sincerely hope that who ever the leaker is that he has more files waiting to further embarrass and discredit the AGW machine.
The point is, AB, that there wasn’t necessarily an inside deep throat, and there wasn’t necessarily a cracker.
UEA officials confirmed in print it was a hack. Of course, anything is possibile. But if we’re just going to entertain possibilities, let me entertain the one that says they’re right.
Even if it was a hack, the file was likely pulled together by Phil Jones’ staff. That is, this is the information that someone on the inside thought was relevant to a FOIA request. I.e. no personal, non-relevant e-mails.
Steve/Anthony,
Sorry for the O/T, please delete.
There is no link to the tipjar on this site, any chance one could be provided as the normal site is suffering at times.
IanH
It could be that default assigned user names and passwords at CRU were so predictable that any insider could could observe their own and guess a coworker’s. That is why the first thing you do is change your password when you get a new account.
Just as easily the FOI file could have become exposed by a permission problem.
As for an attempt on realclimate.org. That may have been nothing more than the use of a name and password found in an email from a RC admin allowing access to realclimate.org to a team member at CRU.
Lucia said that an attempt was made to upload the FOI file to RC. That sounds strange to me. Someones idea of a joke?
I would suggest a caveat. If the first I knew that confidential data has been placed on the Internet, I would have to assume a security breach had happened and change all password etc. The CRU may not have realised it could have been an accidental release straight away. Of course, I would also claim a hack attack if I had dropped a b*ll*ck like this!!
Observer permalink
Note the date that Paul Hudson received the “hacked ” emails …. October 12th???
http://www.bbc.co.uk/blogs/paulhudson/2009/11/climategate-cru-hacked-into-an.shtml…
Someone forwarded Paul Hudson an e-mail discussion that mentioned him and a story he did. I think he simply means he confirm a few e-mails that are present in the archive. For obvious reasons he could not have received the “hacked” archive on Oct. 12. Still interesting that one of the “insiders” who saw that e-mail discussion thought Hudson should be privy to it.
If it is an admin and not a mole that exposed the file by accident, I hope (s)he will play one of the many theories we have come up with for all its worth and avoid getting fired. We in the climate realist community would owe the admin a great deal for the mistake.
My advice would be to use the most paranoid theory available as it would be quickest to be accepted by your boss at CRU as a defense. That is if the emails are any guide.
It’s obviously a cunning ploy by “Harry” to open-source his workload and get the code and data fixed by all the willing “hackers” and self-styled auditors in Sceptic land. I estimate all the data, analysis and graphs will be in the blogosphere in about 5 days, peer reviewed by the sharpest critics, and squeaky clean. 🙂
I posted this earlier at WUWT:
The other theory that I’m starting to like more and more is that Jones directed some lower level IT guy to delete files from the server and backup tapes. We have an email where Jones is directing people to delete emails from their email accounts. He’s probably smart enough to know that there would be files on the servers and tapes as well. So he tries to get a low level IT guy to do the deed. But he picks the wrong guy, he picks a guy who has some integrity. Since he’s a low level guy, he feels trapped — he doesn’t know where to go or who to complain to and he worries (a lot) about retribution (gee, I don’t know why, they seem like such nice guys). So he leaks it
Well that’s Gavin’s story isn’t it.
PR Guy: I was going to suggest the same thing more or less. This is a compilation of files that were to be deleted
if the then pending FOI appeal were lost.
can anyone shed light on why the only things redacted from the emails is the 2nd half of all the email addresses? Why would a hacker bother to do this? Is there some FOIA requirement that the second half of email addresses be redacted?
Nope – sorry but – nope.
Given what we have worked out from the data so far – someone who has root directory access and knowledge of the FOI files, leaked this.
Whoever did this was a very well informed and sharp cookie.
And they deserve a round of *APPLAUSE*
😀
Not even necessarily that. Someone just paranoid enough to not want to risk jail time. Of course, I’m assuming that the laws in the UK are similar to the US.
This is interesting re the hack. Gavin writes,
Curiously, and unnoticed by anyone else so far, the first comment posted on this subject was not at the Air Vent, but actually at ClimateAudit (comment 49 on a thread related to stripbark trees, dated Nov 17 5.24am (Central Time I think)). The username of the commenter was linked to the FOIA.zip file at realclimate.org. Four downloads occurred from that link while the file was still there (it no longer is).
There’s more at the link.
BBC reporting their ‘weather’ correspondent Paul Hudson was sent these emails on Oct. 12 (obviously not the Nov ones though). Here is what he said….
Very busy with forecast duties right now, but I do intend to write a blog regarding the UK Climate research centre (CRU) being hacked into, and the possible implications of this very serious affair.
I will add comment on this page as soon as I can free up some time. But I will in the meantime answer the question regarding the chain of e-mails which you have been commenting about on my blog, which can be seen here, and whether they are genuine or part of an elaborate hoax.
I was forwarded the chain of e-mails on the 12th October, which are comments from some of the worlds leading climate scientists written as a direct result of my article ‘whatever happened to global warming’. The e-mails released on the internet as a result of CRU being hacked into are identical to the ones I was forwarded and read at the time and so, as far as l can see, they are authentic.
http://www.bbc.co.uk/blogs/paulhudson/2009/11/climategate-cru-hacked-into-an.shtml
That the hacker was able to upload the file to real climate without the owners knowledge or consent shows that he is a hacker, and a reasonably good one.
That he did not bother to seek consent, even though consent would readily have been given, shows the hacker mentality. If you cannot stop me, you have consented. If you really opposed me doing stuff, you should have tried harder. If you did not nail it down, it belongs to me, and if I can pry it up, it was not nailed down.
That the upload came from turkey shows the typical paranoid hacker mentality. It is unlikely the hacker is Turkish (wrong language, and warmism not an issue there). More likely he took over a Turkish computer. Routing stuff through Turkey is a good way to cover one’s tracks, for Turkey has recently re-aligned with jihadism, allying with Iran and Syria against the west, thus attempts by the west (crusaders) to obtain the logs of that Turkish computer have no chance. Routing through a hostile power is standard hacker behavior, and shows the standard paranoid hacker mentality. If the enemy can detect me, they will come and get me, and the state is the enemy.
First, why didn’t he just say that in his initial OP instead of waiting for someone to “ask”?
Second, why is he devulging where it came from if it is an active invesitgation? He wouldn’t, would he?
Last, as to the data being already compiled. I am not sure how easy it would be to change, but all of the files were compiled on 1/1/2009. Someone had already gotten them together on the first of the year, either lending support to the FOI request theory; or they were just compiled as a regular house cleaning and put somewhere, IMHO.
From RC, showing that the information was accidentally put on a public server:
I agree with Steve that the document was just sitting there and someone just found it. From the quote from UEA, it seems they have all but admitted that. Now, someone could have put it there deliberately. We will have to wait for the investigation to find out the whole story.
I think he meant Nov 12, don’t you?
Interesting theory that is apparently doing the rounds in the IT department of another academic institution. That someone got a bad review and sought to embarrass the organisation and/or his/her boss by releasing the assembled file collection. I don’t buy it, personally, but found it amusing nonetheless.
Oh and re ali baba above. Why does Gavin describe this with absolute certainty as “the first comment posted on this subject was” and not – as I think anyone else would – merely as “the earliest we’ve yet discovered”…?
I suggest the FOI officers picked the files and maintained them in an FOIA directory. The files were likely collected without knowledge of the principals involved. Given the short time for compliance with the FOIA (20 days I think), the prudent action would be for the FOI officers to collect the files in anticipation of a final decision on release.
“Lucia said that an attempt was made to upload the FOI file to RC”
Isn’t it more likely that Gavin is simply lying about an attempt to hack RC? Don’t you think the whistleblower simply tried to post the same message at RC that he did at Air Vent and WUWT? Why hack into RC when one simply needs to submit a comment with a link to the file?
It’s just another lie from the Team.
Gavin: “The username of the commenter was linked to the FOIA.zip file at realclimate.org.”
Further indication that there was no attempt to hack RC. It was simply a commenter using the same nick on RC that he used at ClimateAudit.
Gavin needs to keep his lies straight.
Heaven forbid Gavin volunteer any information…
Hanlon’s Razor, ftw. Tho Napoleon said something very similar long before.
I see Gavin is trying to work himself and cronies into believing that somehow someway this is Steve’s fault “really”, so that they can continue to justify in their own hive mind why he is the nekulturny heathen they’ve been treating him like (and thus are righteously justified to continue treating him like).
The subject of the emails leaked is interesting in that they are packed with damning material (the opposite to what the warmists are saying). This suggests to me that it was a collection of stuff that was collected to be deleted (as per the directions from Jones). This points to someone on the Team collating them originally. However, who leaked them is the interesting question.
Also it is interesting that apart from the initial comments from the Team, there has been deafening silence from them all? Have they had legal advice not to say anything? It has been several days now and the whole world is commenting on this.
Ridicule is increasing and there are T shirts and caps available now with “hide the decline” spoofing them (http://www.cafepress.com.au/hidethedecline). Even a Homer Simpson comment YouTube on http://blogs.news.com.au/heraldsun/andrewbolt/
This is not going away.
OK, bear with me-
I sent an undeliverable email to the CRU mail server.
Results from mail server ping:
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
duke.carpinski@uea.ac.uk
SMTP error from remote mail server after RCPT TO::
host ueamailgate02.uea.ac.uk [139.222.131.185]:
550 5.7.1 … Unrouteable address
A whois search on the above DNS reveals this:
http://www.who.is/dns/uea.ac.uk/
Name Server IP Location
dns0.uea.ac.uk 139.222.130.1
Norwich, I9, GB
dns1.uea.ac.uk 139.222.1.5
Norwich, I9, GB
dns2.uea.ac.uk 139.222.130.2
Norwich, I9, GB
ns3.ja.net
ueadcnr-ldn01.uea.ac.uk 139.222.17.4
Norwich, I9, GB
There are five name servers listed, all of them linked to http://www.ueastudent.com which was registered in Aug. ’05 through Tucows, Inc., A third party email service and Web Hoster.
On the the http://www.ueastudent.com home page, midway down the left column is LAN login link.
Here’s what I think:
The emails in the(FOIA2009) MAIL folder were pulled from the third party server operated by Tucows. The contents of the (FOIA2009) DOCUMENTS folder came from the UEA LAN server. Two seperate acts. The whistle blower them zipped ’em into a file named FOIA2009.
So I’m thinking that there was more work involved than just finding FOIA2009.ZIP on a directory and leaking it. Regardless, whomever leaked it had password access to the system.
Always one to back a three legged horse, I would consider the 1000 to 1 horse “”Always Leaky”.
Not a mole, nor a hacker, just a deniable leakage of information. If you have embarrasing information that cannot be destroyed and is going to have to be revealed, just leave it where someone is going to be looking for it, and claim it has been stolen.
Why,? Well it is a trust thing. Could you stand up and explain to the bully boys that you were going to have to release this information? That once the FOI was escalated, most, if not all of this would have to be released. So why not kill two birds with one stone. Reject the FOI request and leak the information. Job done. Move On.
Yes I know it sounds crazy. And perhaps not something that could be authorised at CRU director level but this is a UEA matter as well, it is a big boys problem, and they might just seek an answer that they can live with. CRU can tighten up on security and promise their peers they won’t let it happen again. It was an error at a junior level and not a TRUST issue. We are all still friends, honest, we did not let you down.
The alternative being, to call the bully boys up and explain that you are going to release the emails, etc. which will make them look like asses and worse. But hey, we are still friends aren’t we?
My horse was last seen a distance behind the field, but what’s that? I think the horse just stopped for a leak.
Alex
This is an interesting request from Gavin:
If there is an investigation, Gavin would be compromising it at the least, and at the extreme interfering with it by asking and posting this information. I personally do not believe that he was hacked. He is just trying to get the IP address from either JeffID or Steve. Sorry, I’m not buying it.
Doesn’t sound that crazy to me. I have been thinking along the same lines but with an added wrinkle: If you start with Phil Jones an go up the ladder of power at UEA, into the ranks of the “big boys” you will soon come to someone who values the reputation of the University of East Anglia more than the career of Professor Jones. Criticism of his stance of not releasing data and code was starting to come from mainstream scientists like Von Scorch, not just skeptics/auditors.
If the UEA administration knew what was going on at CRU, and it’s their job to know, they would see some bad PR for UEA in the near future and Prof. Jones as a liability. A convenient “leak” of information kills two birds with one stone: The FOI is rendered moot without UEA compromising its autonomy. The other bird? Phil Jones.
It certainly looks targeted towards your inquiries – and he makes an excellent point about the time it would take a hacker to acquire this specific data.
If this is what they would be required to release then it would certainly be something they would want to fight. Plenty of ammo there.
What I think the skeptics should be focusing on right now is that once again their statements are being proven right. Skeptics predicted cooling. Skeptics have been claiming biased science and manipulated data by the alarmists. Skeptics have been saying they are shut out of the review process and publicly scorned for their views.
I’ve been involved in research projects and mingling with competitors promoting their differing theories and methods – but I never pondered hitting them! I may have been intrigued or amused by their ideas but this anger being expressed is what alarms me.
” Chris Knight,
It’s obviously a cunning ploy by “Harry” to open-source his workload and get the code and data fixed by all the willing “hackers” and self-styled auditors in Sceptic land. I estimate all the data, analysis and graphs will be in the blogosphere in about 5 days, peer reviewed by the sharpest critics, and squeaky clean. ”
Thanx Chris! Now I gotta clean my keyboard….
LMFAROTFP!
Since everyone is having a go, the zip is a sack of sensitive stuff pulled together & hidden offsite temporarily on realclimate, to be shuffled on to wherever later when things cooled down. Someone got the url that shouldn’t have.
Has anyone tried a search string that will pull all the existing email threads that would be relevant to the FOI request. For example,
Briffa +Yamal +data +FOI +temperature
Obviously such a string might have pulled other threads as well but it might provide a hint as to the origins of this file.
Thank you Mr McIntyre for all the work you have put in over the years and for continuing the battle despite all the odium that has been heaped on you by the warmista ideologists.
I read your blog nearly every day even though a lot of it is way above my understanding but nevertheless, over the last couple of years I have learn’t a great deal about climate, climate research, climate politics and the climate researchers involved from Climate Audit.
This is my first try at posting on your site and down at a level even I can understand.
FOI theory;
This theory has already surfaced in Australia but sorry! I don’t buy it Charles.
If it was a prepared file to cover the anticipated FOI request and then left lying around as superfluous after the FOI mob were conned into rejecting the request, why is Jone’s mail which is more or less crowing over how the FOI request was rejected, included in a FOI file that should have been well wrapped up before the FOI request was rejected.
And FOIA file. Note the “A”. Is there a “B” and maybe even a “C” file still to come as suggested by the original releaser.
The “Hacker” was obviously quite familiar with the UK FOI process as well. It was not in any way a random hack.
He also appears to be very familiar with all of CRU’s internal coding practices and e-mail programs.
For ten years of e-mails from a group that relies extensively on e-mail to move their numerical data around for which e-mail is ideally suited, that 1000 odd number of mails expanded to perhaps some 3 or 4 thousand with all the replies is just a drop in the bucket over ten years.
That’s only 400 or so mails a year from the entire “in ” group and in the numerically and statistically based climate business and personnel spread over a couple of continents that does not compute.
My guess is that there are a lot more e-mails out there as promised by the hacker.
Jones figures prominently in most or nearly all of those mails and may be the target of the whole hack.
Mann may be a secondary target but as his reputation is already somewhat on the knife edge he will go down with Jones if that is the object of the hack.
The e-mails on their own are almost enough to destroy Jones and even CRU but he will get a lot of sympathy as a target so another strategy was added to reinforce the perceptions arising from the e-mails.
Reams of Code are also included in the hacked files.
Why go to this trouble?
The reaction of a number of financial industry coders on their blog thread, Market Ticker Forums, coders on whose code billions of dollars may be at stake, were to say the least, appalled, caustic, sarcastic and just plain totally disgusted at the standard of the so called coding by the CRU crew as exhibited in the “hacked” file.
Other coders who have looked at the files are expressing surprise at the deliberate coding for biases that are built into the code and notated in the code by the CRU coders.
Jones is head of the climate outfit CRU that creates this coding and the results that come from this appalling quality code is promulgated as the highest standards of global temperature data analysis.
Lousy, biased and just plain appalling standards of coding under the Jones stewardship of CRU and one of the two major players in the global surface station data analysis and in the analysis of climate temperature proxies will be laid sooner or later, as head of the CRU, at Jones feet.
That aspect has a good chance of getting the professional climate researchers upset particularly when they realise that the basic assumptions and data that their work is based on may have been corrupted by bad initial data coding originating in the CRU and also from CRU origin data in the IPCC. data base.
Their research work may turn out to be near useless!
Another nail in Jone’s stewardship of the CRU.
Timing is amazingly coincidental; Just long enough before Copenhagen to allow it all to sink into the public perceptions that CRU was a disaster and just in time to place Jones, head of CRU and Mann and a few others in the spotlight as being responsible for this whole debacle and all this just before Jones, Mann, Briffa and etc would have been hailed by the big boys of the Global Warming ideology and the environmental remoras of Copenhagen as the most significant climatologists of the century.
Coincidental or has somebody cold bloodingly calculated this hack release timing?
No personal details as that would have backfired badly in a personal revenge attack. In a random hack there would have been a large number of personal details in those e-mails and in a personal, emotionally driven attack those personal details would have been highlighted.
Did not happen!
To me, more and more it is looking like a long term professional revenge attack where the hacker is emotionally well controlled and is going about this in a very systematic manner along the lines; “revenge is best served cold”.
The alternative is a principled CRU insider who is going to a lot of very carefully controlled trouble to get this right.
The data and coding in the file / files yet to come may have been collected, combed and sorted over quite a period and may also have been cached on a secure outside server for release when required.
Not so hard if the hacker is working out of house on occasions and if an IT professional inside CRU he may well have had access to all the pass words.
A hack attack would be a good cover . A multiple hack attack would provide ideal cover as the “hacker” rushed to the rescue and stopped the hack in it’s tracks. Not hard when you know the timing and form of the attack.
And did those Russians ever see the color of their money and for what and how much!
Russians still want to be amongst the biggest players on the global scene and in climate research also, so eliminating CRU which holds different views on the future global climate temperature trends to the Russians by providing a platform for a disgruntled employee with a secure sever network and a little help along the way would likely materially assist their own ambitions and without any risk to them at all.
All guess work but the implications of this, particularly the code release, when the professionals get their teeth into it, may be very profound.
Well Steve,
Just thinking. You got an rejection to your FOI request and CRU argued that reason you were denied was as follows:
CRU had confidentiality agreements in place and they might harm international relations and their ability to get data.
But now you know that Jones et al met with the FOI office and explained to them that CA was an evil place full of nasty people. Hmm. Sounds like the basis for some further legal action
Apologies to Gavin for this wildly incorrect assertion on my part.
From a forensics point of view, the timestamps on the files within the original zipfile are interesting. The bulk of the data, and many of the documents have what appear to be the orignal file metadata (mostly from the 90’s). However, all the mail, and several of the documents have a date of december 31, 2008.
Our personal experience teaching corporate executives and students (through.
After you have documented everything belonging to the cheerleading squad you
can hand the items out to the appropriate girls.
For great counterattacks your players have to have both technical tactical skills.
Operating within the snow may possibly seem cool and hardcore, slip
on one spot of ice and your season is carried out.
This makes it easier to check your records and find a payment that you may
have overlooked. Performing the same tasks that can easily be handled by
an online business at cheap rates doesn’t seem to make business sense either.
Therefore, they can ensure timely completion of your accounting and bookkeeping tasks, even overnight when needed.
Although it may seem counter intuitive, choosing to outsource
can actually be more cost effective to a small business than having the work done in house.