Skip to content

A SysAdmin’s Perspective

December 7, 2009

An excellent analysis of whether the CRU zipfile was “hacked” or “leaked” here, arguing for a combination of a dossier prepared by the university in relation to potential FOI responsibilities (though not necessarily FOI requests in hand) and discovery of the dossier by someone at the university who released it to the outside world – very much along the lines hypothesized by Charles the Moderator of WUWT, but substantially fleshed out.

This is a detailed analysis, unlike IPCC allegations of attacks by the Russian secret service (their version of “A miracle occurred”).

58 Comments leave one →
  1. bender permalink
    December 7, 2009 3:06 pm

    The inability to track recent comments is *severely* limiting the usefulness and impact of this blog.

    Steve:
    Drives me crazy too. The new CA is being prepared as we speak. Say nice things to MrPete, John A and Anthony.

  2. Follow the Money permalink
    December 7, 2009 3:10 pm

    “unlike IPCC allegations of attacks by the Russian secret service”

    Which will only increase when Putin or his #2 makes a demonstrative NYET at Copenhagen. Which they already suspect will happen, explaining the allegations in the first instance.

    Someone took a long time filtering out personal emails, and there is a substantial lack of uninteresting, mundane business emails also. Arranged with care.

  3. Denbo permalink
    December 7, 2009 3:21 pm

    I read this over on WUWT and was surprised he missed the epoch times as file names. It isn’t a show stopper based on the final conclusion but I don’t completely agree with it.

    He claimed the ‘simplest’ answer was “that someone at UEA found it and released it to the wild and the release of FOIA2009.zip wasn’t because of some hacker, but because of a leak from UEA by a person with scruples.”

    Er… no. While I agree it appears it was from the inside nothing in the analysis can make a claim as to their motivation.

    It could have been someone was rather ‘careless’ or that someone was ‘paid’ to do so. Or maybe, the person(s) happened to be a programmer who was tired of Phil Jones’s and others and their excessively large EGO’s.

    We all wanted ‘Deep Throat’ to be a person of good conscious too but in the end he was just po’ed that he was passed over for promotion twice to he big chair.

    My 2 cents

  4. Sean Inglis permalink
    December 7, 2009 3:24 pm

    Take comfort from the fact that anyone with any degree of technical knowledge will find it ludicrous to equate “uploaded to a server physically located in Russia” with “hacked by Russian spies”.

    This is a distinction that’s easy to make convincingly to the man in the street and when it’s pointed out, the original contention will appear justifiably risible; it will be another own-goal for anyone to try to make capital on this point.

  5. PaulH permalink
    December 7, 2009 3:43 pm

    Denbo: The author updated his analysis making note of the epoch timestamps issue you raised. The updated article with corrections here http://www.smalldeadanimals.com/FOIA_Leaked/

  6. December 7, 2009 3:59 pm

    OK, I may have found something interesting – or may not. So I decided to bring it to the attention of you experts.

    http://strata-sphere.com/blog/index.php/archives/11774

    Hopefully this is of some value to the cause.

  7. Mark Barratt permalink
    December 7, 2009 4:08 pm

    I find it intriguing, given the importance of the harry_read_me.txt file, that nobody seems to know much about the author (apparently one Ian “Harry” Harris). From his comments in that file, he appears to be a prime suspect for the leak, but I haven’t heard that the paparazzi are camping on his doorstep. Personally, I’d like to sit him down over a few beers and get him to give me his opinion on the “science” conducted at CRU over the last few years.

    Perhaps he’s been locked up in a basement somewhere?

  8. John MacQueen permalink
    December 7, 2009 4:28 pm

    As someone who has administered unix systems this explanation is what I have thought was most likely from the start.

    My first assumption was that it was likely a system administrator who leaked the file, or it was placed where someone inside had access to it and decided to release it.

    I seriously doubt they were hacked from the outside, though it is quite possible.

  9. Bernie permalink
    December 7, 2009 4:30 pm

    Steve:
    Are you going to analyze the data that was part of the CRU file download or are you going to wait until the data is officially released by UEA CRU?

  10. Bob Koss permalink
    December 7, 2009 4:33 pm

    I suspect there is a lot of distrust and paranoia to be found within the EAU.

  11. Quondam permalink
    December 7, 2009 4:37 pm

    As has been noted, the email filenames are UNIX timestamps, e.g.

    1258053464.txt
    From: “Thorne, Peter (Climate Research)”
    To: “Phil Jones”
    Date: Thu, 12 Nov 2009 14:17:44 -0000
    1258053464 -> 12/11/2009 19:17:44

    1255530325.txt
    From: Michael Mann
    To: Kevin Trenberth
    Date: Wed, 14 Oct 2009 10:25:25 -0400
    1255530325 -> 14/10/2009 14:25:25

    0826209667.txt
    From: “Tatiana M. Dedkova”
    To: K.Briffa@uea.ac.uk
    Date: Thu, 7 Mar 96 09:41:07 +0500
    0826209667 -> 7/03/1996 14:41:07

    They agree to the second with the Date field set by the sender but the inconsistent hour values may have some bearing on whether all names were generated by the same software at the same time.

  12. December 7, 2009 4:39 pm

    Looking at the dates provides some extra info. The FOIA.zip file contains emails dated up to the afternoon of Nov. 12, 2009. The next day, CRU rejected Steve McIntyre’s freedom of information request (which they reference as FOI_99-44). On Nov.12, the FOIA.zip file appeared on a .ru server.

    More importantly, Paul Hudson at the BBC claims he got the “same” files on Oct. 12, 2009. Obviously it could not have been the SAME version of FOIA.zip, which contains files dated into November. But he got something very similar.

    Therefore–whoever provided FOIA.zip in November probably also had access to the essentially the same information in October. I suppose it COULD have been a hacker–but it sure looks like somebody who had access to the files on an ongoing basis, and who made the decision to “go rogue” after FOI_09-44 was denied.

    Steve:
    please do not use the Paul Hudson thing in your reasoning. It’s almost certainly not the same thing.

  13. SineCos permalink
    December 7, 2009 5:10 pm

    Quondam – the hours are different due to time zone differences. Mann is 4 timezones from Greenwich in mid-October due to Daylight Savings Time.

  14. Duke C. permalink
    December 7, 2009 6:27 pm

    As far as Unix timestamps go-

    It should be pointed out that Unix Epoch Time is an expression of Greenwich Mean Time. It doesn’t recognize time zones. The local time settings on the machine where the mail client application resides uses the timestamp to determine what to print in the email date/time header.

    All 1,073 .txt file names have the same 4 or 5 hour offset (depending on daylight/standard time adjustments) relative to the date/time contained in the email, regardless the time zone of the sender/recipient.

    We’ve discussed this anamoly here previously. It’s Interesting, but not germaine to Levsen’s very good analysis.

  15. pat permalink
    December 7, 2009 6:51 pm

    steve,
    true, paul hudson’s chain of emails is not the same thing – cos emails from later than 12 oct are in the uea cache, BUT bbc is vulnerable to pressure because of public funding and they need to release ALL the stuff hudson received, so the public can decide whether or not bbc sat on info critical to what we now call climategate. best wishes

  16. harold permalink
    December 7, 2009 7:00 pm

    I agree with Mark Barratt, this Harry guy has to deal a mess he has not created. Why would he (on his first day on the job!) use strong language to comment on his own incompetence and the mess he finds? And why does he try to solve these problems on his own?

  17. Peter S permalink
    December 7, 2009 7:11 pm

    I think the route into the CRU server – and directly to Jones’s emails is found in the file: 1248862973 – dated July 29 2009.

    Here Mann writes to Jones:
    “Santer et al paper still didn’t come through in your followup message. Can you post in on ftp where it can be downloaded?”

    Jones replies to Mann:
    “See below for instructions [...]
    file is at http://ftp.cru.uea.ac.uk
    login anonymously with emails as pw
    then go to people/philjones
    and you should find santeretal2001.pdf”
    (my emphasis)

    This email is CCed to
    Kevin Trenberth
    Jim Salinger
    j.renwick
    b.mullan
    Gavin Schmidt
    James Annan
    Grant Foster

    Foster’s address being a ‘tamino’ Hotmail account. Now ‘Tamino’ isn’t the most appealing character on the block for “loathesome” AGW sceptics – and much of what made him so depended upon his hiding behind a pseudonym that many people would have liked to officially ‘out’ him from. Apparently, Hotmail email accounts are fairly easy to crack – with instructions on how to do so openly available via a quick search on the internet. Anyone succeeding in such a crack would have found Jones’ ftp instructions in ‘Tamino’s’ in box.

    If Jones did indeed have a folder named “emails” on http://ftp.cru.uea.ac.uk (as his password suggests), and if that folder was intended to be a password-protected repository for the “loads of emails” Jones claimed to have deleted “2 months ago” (on December 3rd 2008) in response to FOI requests (1228330629), then anyone cracking into Tamino’s Hotmail email account would have come up trumps.

  18. December 7, 2009 7:22 pm

    Ok, us sceptics keep getting accused of being conspiracy theorists, so here’s one ( Tabloids and visitors from realclimate please note – this is NOT a serious suggestion, although it is as credible as some of the stuff we keep getting thrown at us)

    This file was obviously prepared in response to an FOI request, which they finally couldn’t refuse. But, rather than honouring the request and accepting inevitable fallout over the contents (especially from poor Harry’s work) they made a strategic decision to create a “leak” where they could detract from the contents by shouting about the “illegal hack” – hell, if it backfired they could always blame the Russians or something! They then, obviously, timed the leak so that it would run for a bit then be overshadowed by Copenhagen.

    Can I have a scripting job on the next Bruce Willis film now?*

    * or as a spokesman for the IPCC :P

  19. bender permalink
    December 7, 2009 7:28 pm

    Praise be! Recent comments! :)

  20. MrPete permalink*
    December 7, 2009 7:28 pm

    :-D

  21. TJA permalink
    December 7, 2009 7:35 pm

    At least the Russian secret service would plausibly have the resources to collate the information in the file. So they are getting better at their cover stories. It is so obviously a leak it is funny that we even discuss any other possibility. Who ever did it has a pretty good idea of the difference between a climate arse and a climate elbow.

  22. Sean Inglis permalink
    December 7, 2009 7:42 pm

    Over and above the questions marks over the basis of AGW, I’m not a huge conspiracy theory fan.

    But given Steve’s “Augean Stable” comment previously, whether a deliberate and subtle tactic or not, releasing such a huge volume of information could act like electronic chaff.

    The thing that struck me was that Steve Mc. precipitated this sequence of events by relentlessly plugging away at the data, rather than being subject to the distractions of witless name-calling and deconstructing motive.

    You can’t snap at every minnow in the shoal.

  23. Third Party permalink
    December 7, 2009 7:42 pm

    It would be interesting to organize the people and organizations along the lines of:

    http://www.muckety.com/Albert-A-Gore-Jr/21.muckety

  24. Nick Moon permalink
    December 7, 2009 7:46 pm

    Interesting but I think he’s wrong in his analysis.

    The most recent email, is To: Phil Jones. And at the bottom it says the attachment has been converted and is stored in c:\eudora\attach\….

    This means that as recently as 12th November Phil Jones was still using eudora as his mail client. And the leaked emails are copies from what had been downloaded to his desktop PC. These emails are emails after they have been downloaded and processed by an email client – in this case Eudora. All the headers have been thrown away except the ones that get displayed. And attachments have been converted from base64 encoding. Also, I think, Eudora has some facility for spotting URLs in a message and turning them into references, and these are marked in the txt files.

    Now I think eudora stores emails in large mailbox files. But these have basically the same format as mailboxes on a unix server. And as they are just great big text files, there is no real problem writing some small script to work through the mailbox file and spit out separate .txt files for each message.

    A lot of the emails are either To: From or CC: to Phil Jones. and presumably come from the mailboxes on his desktop PC. However, some are not. So this would imply that the emails have been culled from more than one person’s mailboxes on more than one desktop PC.

    One obvious scenario, is that someone was sent to go round each PC and look for data that related to a FOI request. However, it is also quite possible that copies of every person’s desktop PC end up back on a university server. It might be that there is a backup service, so that stuff on laptops or desktop PCs gets uploaded to a server and then backed up to tape. Or, it’s possible that the university runs a thin client setup. In which case, the data doesn’t really reside in the workstations but agan on some central server.

    What I think is clear, is that a great deal of very intelligent selection has taken place. There are no office gossip emails, no spam, and presumably sometimes these guys send each other emails which are just about science and not about news management. There seems to be a lot of signal and very little noise. which thinking about it, implies the work was not done by a climate scientist.

    Whoever did the selection must really know the ins-and-outs of the climate debate. If this were really done by a hacker, I’d say thay would have to be fluent in english, and they must have followed the debate on a place like Climate Audit – for several years. And if they ripped off entire mailboxes and then sorted through them for the nuggets – they must have been at it for months or there must be a fairly large team of them.

    On the other hand, if an insider was tasked with putting this information together I’m slightly unsure as to why some things were chosen. The emails seem about right. I can understand that all of these emails are ones that might be relevant. You might want to put these through the electronic equivalent of the shredder. But the mix of documents is slightly strange. There are various funding applications/grant applications. There is the delightful Harry readme. The nastiest (speaking as a british taxpayer) is the government financed document explaining to government agencies how they should go about changing people’s perceptions of climate change. Basically how to manage a propaganda campaign. But I fail to see how these would be part of an FOI request. The communicating_cc.pdf is labelled as Crown Copyright don’t see that a university would have any requirement to release it.

    Personally, I think the hacker argument is unlikely. I think this is a combination of leak possibly after some internal process to gather stuff for a possible FOI request. And I’m quite happy that whoever did it should remain anonymous. They’ve performed a public service but I doubt if they would benefit from being outed. It would probably blight their chances of ever getting another job.

  25. Peter S permalink
    December 7, 2009 7:47 pm

    Can my previous comment pass moderation? Or do I have to repost it without active links???

  26. Sean Inglis permalink
    December 7, 2009 7:55 pm

    @Third Party

    There’s a graphical analysis of email exchanges arranged as a network of nodes connected by lines of various thickness depending on volume and frequency.

    Not exactly the same as the link you provided (and I can’t put my finger on it at the moment) but similar. I’ll grep my history fir the link.

  27. Peter S permalink
    December 7, 2009 8:00 pm

    I think the route into the CRU server – and directly to Jones’s emails is found in the file: 1248862973 – dated July 29 2009.

    Here Mann writes to Jones:
    “Santer et al paper still didn’t come through in your followup message. Can you post in on ftp where it can be downloaded?”

    Jones replies to Mann:
    “See below for instructions [...]
    file is at ftp . cru . uea . xx . xx
    login anonymously with emails as pw
    then go to people/philjones
    and you should find santeretal2001.pdf”
    (my emphasis)

    This email is CCed to
    Kevin Trenberth
    Jim Salinger
    j.renwick
    b.mullan
    Gavin Schmidt
    James Annan
    Grant Foster

    Foster’s address being a ‘tamino’ Hotmail account. Now ‘Tamino’ isn’t the most appealing character on the block for “loathesome” AGW sceptics – and much of what made him so depended upon his hiding behind a pseudonym that many people would have liked to officially ‘out’ him from. Apparently, Hotmail email accounts are fairly easy to crack – with instructions on how to do so openly available via a quick search on the internet. Anyone succeeding in such a crack would have found Jones’ ftp instructions in ‘Tamino’s’ in box.

    If Jones did indeed have a folder named “emails” on ftp . cru . uea . xx . xx (as his password suggests), and if that folder was intended to be a password-protected repository for the “loads of emails” Jones claimed to have deleted “2 months ago” (on December 3rd 2008) in response to FOI requests (1228330629), then anyone cracking into Tamino’s Hotmail email account would have come up trumps.

  28. December 7, 2009 8:04 pm

    I like my explanation for the mysterious CRU e-mail mystery….. It’s the fault of the Large Hadron Collider.

    OK. OK. I know you’re saying “What?” but bear with me.

    Many predicted that if CERN tried to restart the Large Hadron Collider, either the world was either going to be swallowed up by micro black holes (hasn’t happened so far), or because of the quantum nature of the higgs-boson particle, that it can travel through time, it doesn’t want to be discovered. It is often called the “God Particle” after all. Thus the very act of trying to discover the particle would stop the LHC from ever firing – note how the actions of one bird caused a severe delay the reboot process. That was one-heck-of-a-strategically-placed bread crumb! But there is a third possibility. Maybe the effects of the higgs boson do travel through time, but they don’t prevent its discovery…. but, however, they do strange things to the world in a quantum way. Obviously, the LHC has succeeded sometime in the near future of creating the “God Particle”, and since the effects of such are quantum and not anchored in time, well, the effects are being felt now! And one of the effect is… drum roll please…. to cause the CRU e-mails and code to go all quantum on us and shift from a secured server at the University of East Anglia to one in Vlad’s house that is quite open to the web! It’s so easy to see…. And it’s quantum to boot!

    Who can argue with that!

  29. Duke C. permalink
    December 7, 2009 8:08 pm

    Nick Moon wrote:
    “A lot of the emails are either To: From or CC: to Phil Jones. and presumably come from the mailboxes on his desktop PC. However, some are not. So this would imply that the emails have been culled from more than one person’s mailboxes on more than one desktop PC.”

    Every email has one thing in common. *(@) uea.ac.uk appears in the From:, To: or Cc: field(s).

    This would support Levsen’s theory that they all resided on the same mail server. It would be an easy task to copy them if one had root directory access to that server.

  30. Jane Coles permalink
    December 7, 2009 8:11 pm

    Three puzzles:

    1. How much email does a senior academic send and receive per day? Let’s guess that they send 10 and receive 40 on Monday to Friday (as a former academic, I reckon that’s a very low estimate). That’s 250/week/academic. This email corpus concerns about 10 core academics over a 10 year period. That’s a total of around 1.3M email messages — let’s say 1.0M to allow for duplicates. The leaker provided us just over a thousand. Most, perhaps all, are highly pertinent to understanding what has been going on at CRU. That’s one hell of an editorial task.

    2. We can infer from the absence of forgery claims from the participants that none of the emails had material added to them. But what about redactions? Academic email is often copied to research students, secretaries, admin assistants, and system support staff if a message contains something that is relevant to them (e.g., so a secretary can set up a meeting). Were the names of such innocent bystanders redacted from the emails? An ethical leaker would probably have worried about blasting their email addresses all over the known universe. If he or she was a junior member of the unit then many of these bystanders would have been the leaker’s friends and coffee room companions.
    Did the leaker redact other content — e.g., personal matters such as an enquiry after a child’s health — that might have been appended to some messages?

    3. FOIA requests are very specific. Faced with a set of FOIA requests, why would one dump all the relevant material into a single bundle? The rational thing to do would be to create a set of directories, one for each FOIA request, and sort the relevant material into the relevant directory. There’s no trace of such a structure in FOIA.zip.

  31. Digger permalink
    December 7, 2009 8:15 pm

    With regard to public access to data, which would obviate the need for hackers or leakers, there is an interesting post on UK government policy at

    http://blogs.telegraph.co.uk/technology/iandouglas/100004326/government-information-gropes-towards-freedom/

    In particular, around halfway down the article, this:

    “Opening Met Office Public Weather Service data to include: releasing significant underlying data for weather forecasts for free download and reuse by April 2010, and working to further expand the release of weather data, while recognising all public safety considerations; releasing a free iPhone application to access weather data by April 2010; releasing a widget that enables other websites to deploy Met Office supplied weather information by April 2010; and making available more information on Met Office scientists, their work and scientific papers, free of charge”

  32. brnn8r permalink
    December 7, 2009 8:17 pm

    A problem I have with his analysis is his claim:

    “The hacker would have to crack an Administrative file server to get to the emails and crack numerous workstations, desktops, and servers to get the documents”

    This is not entirely true if you’re using an LDAP or directory based authentication infrastructure.

    It’s possible UEA are using OpenLdap or the like.

  33. December 7, 2009 8:29 pm

    Social engineering is easier with prepackaged requests for sure, a luxury that did not seem to have enjoyed those who allegedly tried to break into the University of Victoria recently: http://www.nationalpost.com/story.html?id=2300282

  34. December 7, 2009 9:00 pm

    I like SonicFrog’s theory.

    I rather like this cartoon from our oh so caring and green NZ Herald too…

    http://www.nzherald.co.nz/news-cartoons/news/headlines.cfm?c_id=500814

  35. hamletxi permalink
    December 7, 2009 9:17 pm

    I think the most important thing now is to make sure these emails aren’t pushed under the table. Too many politicians and IPCC officials have publicly dismissed them. Everything must be re-evaluated. The proxies have to be fully tested against satellite measurements. It doesn’t seem as if this has ever been done. You have every “scientist” simply choosing an ad-hoc value for the error in the proxies. Phil Jones goes around telling people that global avg. temp will go up .2C per decade. How can he use a level of accuracy close to or less than the margin for proxies measurement error? The name recognition, prestige and the weight given to his opinion has gone right to his head.
    Lets not forget dear old Micheal Mann now saying the tree ring proxies are unreliable. Of course then why was it ok that Phil Jones showed everyone in 2007 the tree ring temp graph. Mann is fine with using middle ages proxies only when it doesn’t show the middle ages warming.
    What does everyone have to say about te proxies accuracy and whether the proxies have been compared o satellite data over the last 30-40 years?

  36. Denny permalink
    December 7, 2009 9:21 pm

    “bender permalink
    The inability to track recent comments is *severely* limiting the usefulness and impact of this blog.

    Steve: Drives me crazy too. The new CA is being prepared as we speak. Say nice things to MrPete, John A and Anthony.”

    Steve, are you in need of another upgrade?? Let us know if need be…I agree, I liked the “old” site better….Keep it goin!!!

  37. Fai Mao permalink
    December 7, 2009 10:02 pm

    I am a librarian, not a climate scientist or computer programer. Thus, my reading of these documents is with an archivist eye rather than that of a scientist.

    It appears to me that whoever put these together was working from a set of parameters. Almost like generating a subject list in a library catalog. However, I don’t really have a clue as to the vocabulary or indexing system. If we knew that then datamining the documents would easier because we’d know exactly what the author/editor/provider wanted us to find rather than having to work through the paers. It is obvious that they are carefully selected, by someone who knew the EAU-CRU computer system and file structure. There is almost no way a hacker did this. Maybe a mole but not a hacker. Whoever did this knew how to access the system. I’d like to have their indexing notes.

    They do not appear redacted. If they were then the materials would not read as smoothly as it does unless there was extensive editing. If there was editing then I think the principles involved would have used that editing as a defense.

  38. Third Party permalink
    December 7, 2009 10:10 pm

    http://camirror.wordpress.com/2009/12/07/a-sysadmins-perspective/#comment-3952

    Thanks for the notification that there was a node analysis out there.

    Here’s the one I found: http://seadragon.com/view/h0i

    Quite a few more points of contact than I’d have guessed.

  39. Third Party permalink
    December 7, 2009 10:28 pm

    From: http://computationallegalstudies.com/2009/11/27/visualizing-the-east-anglia-climate-research-unit-leaked-email-network/

    “Hubs and Authorities:

    In addition to the visual, we provide hub and authority scores for the nodes in the network. We provide names for these nodes but do not provide their email address.

    Authority

    1. Phil Jones: 1.0
    2. Keith Briffa: 0.86
    3. Tim Osborn: 0.80
    4. Jonathan Overpeck: 0.57
    5. Tom Wigley: 0.54
    6. Gavin Schmidt: 0.54
    7. Raymond Bradley: 0.52
    8. Kevin Trenberth: 0.49
    9. Benjamin Santer: 0.49
    10. Michael Mann: 0.46

    Hubs returns nearly identical ranks with slightly perturbed orders with the notable exception that the UK Met Office IPCC Working Group has the highest hub score.

    Thus, so far as these emails are a reasonable “proxy” for the true structure of this communication network, these are some of the most important individuals in the network.”

  40. debreuil permalink
    December 7, 2009 10:52 pm

    I’m not familiar with all the FOI requests they had, but I wonder if it would be possible to narrow it down to which one it was based on the content? If there were an ‘all emails relating to x, y, and z’ type list it should be possible to get close to a match with just pattern matching.

    Also if all the FOI requests required say mail that spoke about say Steve McIntyre, and Steve has email he sent and received from one of them that isn’t in the list of emails, one might get closer to knowing if this was content not to include, rather than content required to include. Given what some of it says, that might be less surprising (although that would be even worse than FOI evasion imo — speculation of course).

  41. turkeylurkey permalink
    December 8, 2009 12:34 am

    Hey Jeff,
    how did you get that onto youtube?
    I would like to try to do the same thing with the Wegman segment on CNN.
    The link seems to just be some kind of java thing.
    TIA
    TL

  42. debreuil permalink
    December 8, 2009 1:27 am

    Wow, I think Peter S may be on to something (S for Sherlock I assume : )… That really does seem to be plausible. Imagine someone hacked someone’s email account a while back, and was just snooping. That email also does seem to suggest there were files missing, and the files was in a zip file, and placed on a server. The ‘emails’ pw is a double clue – it suggests emails (with some files as well as that is what is being sought), and it is a password which is potentially how the break in happened.

    That could explain the weird Paul Hudson chain of emails too. That sounded more like he was sent a single thread of one email chain, and it did sound like it was from someone ‘outside’. I suspect he was sent the FOIA\mail\1255558867.txt series (ok, that seems sure).

    Paul says:
    “I was forwarded the chain of e-mails on the 12th October, which are comments from some of the worlds leading climate scientists written as a direct result of my article ‘whatever happened to global warming’. The e-mails released on the internet as a result of CRU being hacked into are identical to the ones I was forwarded and read at the time and so, as far as l can see, they are authentic.”

    So potentially this hacker guy was evesdropping, found this and thought it was a clear smoking gun — looking again at Tom Wigley’s mail in there, you can see why:

    > > Mike,
    > >
    > > The Figure you sent is very deceptive. As an example, historical
    > > runs with PCM look as though they match observations — but the
    > > match is a fluke. PCM has no indirect aerosol forcing and a low
    > > climate sensitivity — compensating errors. In my (perhaps too
    > > harsh)
    > > view, there have been a number of dishonest presentations of model
    > > results by individual authors and by IPCC. This is why I still use
    > > results from MAGICC to compare with observed temperatures. At least
    > > here I can assess how sensitive matches are to sensitivity and
    > > forcing assumptions/uncertainties.
    > >
    > > Tom.

    That goes to thePaul Hudson at the bbc, and nothing.

    Why not make it public then? Maybe the hacker feels that if that is forwarded elsewhere, everyone involved knows they are compromised, and changes passwords etc, so the guy waits. Then he gets the stuff Peter S mentions (foia2009.zip I assume) and uploads it to servers and blogs.

    If (yes big if ; ) that is so, then the only four emails that are common to both chains are:

    Mann
    Jones
    Kevin Trenberth
    Gavin Schmidt

    You would think that would have to mean Jones, as he is the only one at UEA, however all the email we see is from the zip file. One way to test this would be to see the email chain that Paul Hudson received. If that is from the ‘perspective’ of one of those four, then that is probably who was compromised.

    If he means identical as in server stamps, then it would indicate Phil Jones. Given he’s taken the fall, maybe that is the case.

    Sorry if this is too much wild speculation of a post, I understand the comment policy here tries to keep it on topic and on facts, I understand if this is over the line, feel free to snip…

  43. December 8, 2009 1:46 am

    It’s no proof but it indeed sounds convincing. The file (and/or directories) could have been prepared or set too free access rights and a grad student or whoever had an account on the same machine could have posted it. A minimum amount of miracles is needed.

  44. December 8, 2009 1:52 am

    Not everyone is allowed to read that SysAdmin’s Perspective. When trying to enter the address indicated in Steve’s post, http://www.smalldeadanimals.com/FOIA_Leaked/, I read:

    217.66.146.92
    Opera/9.63 (Windows NT 5.1; U; ru) Presto/2.1.1

    FORBIDDEN

    If you’ve reached this page, it’s probably due to one of the following conditions:

    a) Your isp is blocked because it originates from a country that welcomes spammers. (.ru, .br).

    b) Your isp is blocked due to abusive behavior by someone else, and you’ve been caught in the net. Sorry about that – email me at kate [at] katewerk [dot] com and I’ll see what I can do for you.

    c) You’re poking around where you’re not supposed to. Stop it.

    d) Your isp is blocked due to your abusive behavior. If you think that’s unfair, then email me privately to discuss it.

    e) You’re trying to circumvent the block using an anonymizing proxy. See d). Nice try, luser.

    Well, I am indeed from Russia.

  45. jallen permalink
    December 8, 2009 6:09 am

    Different take: The emails were not aggregated for an FOIA response, the were being deleted / purged in order to provide and incomplete response. Consider:

    They are the residual emails of a batch which had already been *sanitized* from the CRU systems, in order to illegally prepare an incomplete response for a future FOIA request. The emails in question were *not* going to be provided under a FOIA request.

    These are deleted emails from a sanitized batch which were foolishly or purposely archived and/or discovered by an insider or whistleblower (perhaps the sanitizer himself). The insider then had pangs of conscience or an axe to grind and released them surreptitiously.

    Also: The leaker may enjoy protection under the UK’s Public Interest Disclosure Act of 1998, which was enacted to protect whistleblowers

  46. Kee permalink
    December 8, 2009 9:28 am

    Long time lurker, first time poster.

    Regarding the ‘emails’ as password part in that one email is just normal way to log on to a public ftp server…
    “login anonymously with emails as pw” as the instruction stated means that you should use ‘anonymous” as username, and any email address as password, eg. foobar@matrix.com (there is no validation other than possibly checking for @ sign).

    //K

  47. Sean permalink
    December 8, 2009 10:19 am

    Is there any consistent searchable word in all the emails? I work at a large bank and whenever we get any sort of legal inquiry on a particular topic, an email goes around asking all of us to forward any possibly responsive emails/documents to compliance.

    I use X1 to search all my emails for anything that may be responsive then someone comes to my desk and collects the presumably-relevant emails. I suppose they filter out housekeeping emails that may mention the search word but not be responsive.

    Could the CRU emails have been collected in this manner? Is there any reader here who worked at UEA when they were served with a supoena or FOI request so you could compare collection methodology?

  48. December 8, 2009 10:35 am

    This is a detailed analysis, unlike IPCC allegations of attacks by the Russian secret service (their version of “A miracle occurred”).

    Nice!

    Are you actually British? Your sense of humor is delightfully dry. I caught part of the CNN interview last night, and now can put a voice (and facial expressions) to your posts. What fun!

    Steve: Toronto. 6 generations Canadian Scots.

  49. icman permalink
    December 8, 2009 11:53 am

    As Steve requested.

    To John A, Mr. Pete, and Anthony.

    “Nice Things”

  50. Harry Eagar permalink
    December 8, 2009 2:13 pm

    Joe, I like it!

    And just because you made it up out of nothing doesn’t mean you cannot use it. You, too, can have a lucrative future in climate science, with good pay, relaxing trips to warm places, and free e-mail accounts!

  51. Bob Koss permalink
    December 8, 2009 2:15 pm

    Anastassia Makarieva,

    Here is a link that should work. WUWT

  52. December 8, 2009 2:20 pm

    Bob Koss — many thanks.

  53. JohnP permalink
    December 8, 2009 3:32 pm

    It is sad that you accept at face value that “analysis”.

    It is not a technical analysis, just a description full of technical jargon so that most visitors will take at face value.
    The “analysis” does not manage to show that the e-mails were leaked.

    There is a big credibility issue with this website and the author.

  54. Calvin Ball permalink
    December 8, 2009 4:37 pm

    Maybe I missed it, but is there a reason to believe that all the data files were kept on local drives and not on a central server? It seems to me that it’s well within possibility that data was kept on a central server somewhere, in which an external hack would be feasible. What did I miss?

  55. Dave Dardinger permalink
    December 8, 2009 5:40 pm

    John P

    “The “analysis” does not manage to show that the e-mails were leaked.

    “There is a big credibility issue with this website and the author.”

    You need to watch your writing. What do you mean by “show”? Prove? Of course nobody can prove something without access to the actual computers. But he/she does show a good set of reasons to suspect strongly that the e-mails were leaked rather than hacked.

    And what are you referring to by “this website”? Small Dead Animals or Climate Audit? And what is the credibility issue?

    To me your screed just seems to be a drive-by.

  56. December 8, 2009 5:42 pm

    JohnP,

    I think it is a pretty good argument for why the files were collected internally. As far as how that internally collected zip was released is up in the air though, I agree if that is what you mean.

    If there is any technical part in there you doubt or would like to hear in plainer terms I’d be happy to go over those parts with you… (not implying you aren’t right or aren’t comfortable with the tech (are you?), I may have missed something you caught, or there may be alternate explanations for some things I don’t see..

  57. MrPete permalink*
    December 8, 2009 6:43 pm

    Please visit http://climateaudit.org/2009/12/07/a-sysadmins-perspective/ :)

  58. February 7, 2012 2:17 am

    I could deliver never ununderstood why causal agent has dealt so qualifierly with this event. Now afford up to me full circle. Truly interesting your thesis. Although my English is non so skillful, your article I can realise. Hold over up the Light.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: