Reporting on investigations into the release of the CRU zip files, theTimes Online UK tell readers:
The computer was hacked repeatedly, the source close to the investigation said: “It was hacked into in October and possibly earlier. Then they gained access again in midNovember.â€
I’m not sure if ‘repeatedly’ means twice or several times in October and then again in November. I also can’t begin to guess what, precisely, constitutes a “source close to the investigation”. Is this someone authorized to communicate progress to reporters? Or is this story a leak?
The rest of the article is speculation about the hackers motives with the time leaning toward the notion that the motive was to derail the talks at Copenhagen. It’s not implausible– but that also remains to be seen.
going by McIntyre’s train of thought for the past few months, i’d guess october or even earlier.
They got the timeline wrong.
They distinguish “hacking” (in October) and “gaining access” (in November). Curious choice of words.
As Usual Bugs you let yourself down with your prejudiced view of the affair. Why do you connect Steve McIntyre to this “hack”? (and for your own sake remember to avoid unsubstantiated claims which may come back to haunt you.)
But does it mather, even if it was a hacker or a whistleblower. Even if the attempt was made for copenhagen. The results stay the same, the emails are telling the same story.
So i follow the same line as the MSM. This is not important 😀
Was this new information leaked or hacked?
It’s interesting that James Annan — hardly a denialist — suspects that it was a leak rather than a hack, based on the evidence that Paul Hudson at the BBC had been *forwarded* some of these same emails back in October. If so, that could very well have left a fingerprint.
http://julesandjames.blogspot.com/
Furthermore, it’s extremely unlikely that a competent outsider hacking in could ever be traced given the apparent use of anonymizing proxies. A leaker, on the other hand, could have easily have made a mistake that left internal evidence while assembling the materials prior to anonymously posting them.
I might also add the the claimed RealClimate hack also in my mind also points to an insider, as implies someone with access to both servers. We know there is tremendous overlap between the CRU staff and RealClimate.
I find it hard to believe that 12 years of emails was assembled by a random hacker. I also find it odd CRU TS code was included but not the HadCRUT code since the HadCRUT data was the subject of the FOIs.
And twelve years of emails are what are “derailing Copenhagen” not the “hacker”.
Raven
the Hacker didn’t need to be random. They could still be a hacker and know what they want to target.
I have no opinion either way BTW.
Indeed Curious, the truth does not “derail” things……..ever. What it can do, however is put the train back on the correct track.
Which ever it is the leaker/hacker did the world a great service.
I hope they covered their tracks well.
Raven,
So in summary, what did the leaker/hacker reveal to you?
Alarmists have been bullies for years and have used ‘consensus science’ as a club to stifle all dissent. Non-scientific people felt they had no choice but the accept the alarmist view of science and assume that skeptics were cranks. The most odious example of this was the idea that ‘balance is bias’ and that sceptics should not be allowed to express their views in the media because the are the “fringe”.
These emails should (I hope) put an end to the notion that alarmist scientists are fair or impartial. This should open up the debate to differing opinions and allow us to find out the real state of knowledge of about climate which is likely a lot less certain than has been claimed.
“I find it hard to believe that 12 years of emails was assembled by a random hacker. I also find it odd CRU TS code was included but not the HadCRUT code since the HadCRUT data was the subject of the FOIs.”
The hacker was inside the system several times. Plenty of opportunity to get to know the place.
‘These emails should (I hope) put an end to the notion that alarmist scientists are fair or impartial. This should open up the debate to differing opinions and allow us to find out the real state of knowledge of about climate which is likely a lot less certain than has been claimed.’
opinions aren’t science.
Bugs,
Climate science is nothing but opinions.
i think the conversation on this topic is deeply flawed, because the terms used are unclear and most importantly, not excluding each other.
we also might have rational reasons for coming to conclusions, that are less supported by evidence than others. (investigations should look at other options..)
Hack:
the definition is pretty wide. taking stuff from an unprotected server would qualify, as would taking the file illegaly, while one has physical access to a computer. (though thief might actually be a better term for these cases)
there is plenty of evidence for this. we can basically rule out that the material was just handed over to a person. multiple pretty official sources named it a hack, and Gavin described a Hack of the RC server (and a link to the hacked server from CA)
Whistleblower
while whistleblowers are often inside the organisation, this actually is not required. (a hacker could be a whistleblower..)
a whistleblower reports misconduct. we would expect him to reveal relevant material to the right persons/organisations.
going public with pretty irrelevant mail is not what we expect from a whistleblower. it is pretty unclear, whether the crimes commited by the person are not worse than the misconduct he is reporting.
Insider
the person doing this was obviously aware of current climate discussions. (an insider to the climate topic) he might be (or have been) an insider to CRU (or a related institution) he still could be a hacker or a whistleblower or both.
we don t have any real evidence supporting this. but it s an assumption that might be made. (former employee sounds most likely to me).
“Climate science is nothing but opinions.”
The IPCC has written a report just for you.
Alarmists have been bullies for years and have used ‘consensus science’ as a club to stifle all dissent.
i am really happy, that the non-bullies who write 50 FOI requests in 5 days or steal and publish other peoples mail are now taking control of the process.
things will improve a lot….
“As Usual Bugs you let yourself down with your prejudiced view of the affair. Why do you connect Steve McIntyre to this “hackâ€? (and for your own sake remember to avoid unsubstantiated claims which may come back to haunt you.)”
He had some files land in his lap a few months ago.
Like ALL UK journals and especially those associaciated with the SUN this will almost certainly be pure speculation designed to keep the story warm while they wait for the investigation to deliver.
I must say that the choice of a university leader to do the internal investigation does seem to follow the expected pattern.
‘Move on nothing to see’
Bugs
The IPCC report is political opinion I’m afraid. There are some chapters which purport to carry some science but even that is somewhat distorted by opinion.
You must remember that the IPCC is an ‘Intergovernal panel’ key word being governal = opinion = politics
sod,
It was the refusal to share the data – something which UEA now agrees was a mistake – that caused all of the FOI requests.
If Jones did not like them he only had himself to blame.
Raven
This is actually a major point. The fact is that even if regulations existed that would bar dissemination of some or all the data, once it was clear that many people wanted it released, action should have been taken to clear the path to release.
If someone plots a timeline of the informal requests, initial FOIs and later barrage of FOIs, along with the stated reasons for refusals, and interlaces these with the comments in the emails, it should be pretty clear that
1) the initial requests were responded to by obstruction.
2) Early FOI responses gave inconsistent (as well as unbelievable) reasons for refusal.
3) The barrage of FOI’s was motivated to discover which data sets actually were covered by non-disclosure agreements. (It appears very few were.)
4) In context, there was a cultural desire to not share data with people Phil Jones finds unworthy, while sharing it with those he finds worthy.
CRU has a PR disaster in the making: If the broader public found out what they were doing, the broader public was not going to approve. Jokes like those on the Daily show and you tube videos were going to sprout.
The hacker/leaker spilled the beans. Turns out the broader public does not approve.This is true even though laws may not have been violated. People disapprove because they expect the standard of transparancy in public funded research to rise higher than merely “not illegal”.
“It’s interesting that James Annan — hardly a denialist — suspects that it was a leak rather than a hack, based on the evidence that Paul Hudson at the BBC had been *forwarded* some of these same emails back in October.”
Try reading that again. Annan does not suspect it is a leak–just that the emails Hudson had might have been forwarded to him by a participant in the discussion.
Kasmir (Comment#26032)
My feeling is that the whole Paul Hudson issue is being misunderstood and doesn’t really have any bearing on the leak/hack question.
My reading has always been:
1 Stephen H. Schneider’s student Narasimha D. Rao first alerted Schneider to Hudson’s piece “What happened to global warming?”
Schneider then emailed Mann asking for rebuttal material.
The email then circulated round the team, accreting comments as it went.
Somebody in the team, Rao maybe, then copied the email, or some of it to Paul Hudson so that he would know “What happened to global warming?”. I trust they had the good sense/courtesy to remove the snarky stuff about Paul Hudson, but who knows with these guys — good sense and courtesy is not their strong suit.
The last step is an assumption since there is no record of an email to Paul Hudson, but there wouldn’t be if it was sent by Rao, for example. However, I think it is a reasonable assumption since the whole point of the circulating email was to gather information to correct Paul Hudson, which would then have to be sent to him somehow, and the laziest way to do that would be to copy the email, and laziness, at least intellectual laziness, does seem to be one of their stronger suits.
In other words, the email really was forwarded to Paul Hudson as an email in a perfectly open way: it was not leaked, it was not hacked; it was just the team telling him why he was wrong, in their normal generous way.
This is why Paul Hudson was able to confirm in his blog that when the UEACRU files were leaked/hacked/whatever, at least some of it was genuine, since he had seen it before as a genuine email. If, as suggested by some, he had been sent some of the leaked/hacked/whatever material by the leaker/hacker/whoever before the UEACRU files were made public, he could not have confirmed the authenticity. The claim of authenticity depends on his email and the UEACRU files coming from independent sources – if they both came from the leaker/hacker/whoever, they would clearly be the same, but that would not mean they were genuine.
If my reading is correct, Paul Hudson and the BBC were not, as has been alleged, covering anything up or doing anything wrong by not saying anything about the email they had received before the UEACRU files were made public – it just wasn’t very interesting, just the team trying to justify themselves.
However, what Paul Hudson did do by confirming that at least some of the material was genuine was both informative and helpful, since at the time a lot of people were saying it must be a fake/hoax.
The BBC can and should be criticised for many of the things it does, but it should not be criticised for things it hasn’t done. People crying conspiracy where there isn’t one just weaken their own case and make their (our) side look bad. It seems particularly unfair that Paul Hudson has come in for criticism since he seems to have behaved well throughout. It would be a pity, but understandable, if he reacted negatively to it. We should be encouraging independent voices in the BBC, not shooting at them as soon as they put their head over the parapet.
Bugs,
I think you should ask yourself if you, and most of the well known people involved in climate science (Jones, Mann, Hanson, Gavin, etc.) hold political views which are reasonably representative of the body politic. And I don’t mean just views about the appropriate government response to global warming.
I hope you see that the vast majority appear to hold views which are quite a lot left of the political center, and that their political viewpoint does appear to color the way that they communicate with the general public, as well as how they react to people who disagree with them. I am not certain why most climate scientists should be politically left of center, since people in other fields of science seem to have a considerably broader range of political viewpoints. Perhaps people who are naturally attracted to climate science tend to be people who enter wanting to “save the world” and think that powerful and intrusive government is perfectly justified toward this goal, just as they do with “advancing social justice” (AKA high taxes and wealth transfer).
yes, it would be much better when climate scientists would come from a broad range of political backgrounds. like economists over the last 50 years….
sod refers to:
“irrelevant mail ”
.
They clearly conspired to (1) downplay the proxy divergence problem and (2) hide potential warming biases in the land surface record. Sorry, but this is relevant.
sod:
You want a tissue, maybe even a medical prescription to control all that weeping?
I’d hate to see scientists conform to their communities ethical expectations. That’d be expecting way to much.
sod (Comment#26084) December 4th, 2009 at 10:44 am
“yes, it would be much better when climate scientists would come from a broad range of political backgrounds. like economists over the last 50 years….”
I’m not certain what you mean, but I suspect your comment is meant to suggest that the recent financial crisis was the responsibility of economists that you think don’t hold the “correct” political viewpoints. It is clear that there were many significant contributors to the financial crisis, and certainly these people held a wide range of political views; I think it is odd if you are suggesting otherwise.
But please note I made no comment about anything being “better” or “worse”. In political questions, what is better or worse really depends on your political philosophy. The problem in climate science is that scientists do appear mostly hold left-of-center political viewpoints, and this has both tilted how the data is interpreted and how the results are presented to politicians and the public.
If you look at the list of participants in the ongoing press conference that Lucia posted on earlier, you see three climate scientists plus Joe Romm, from The Center for American Progress, who is purely an advocate for an extreme left political point of view. What is Joe Romm doing in a discussion of the science?
Let me spell it out for you: some of the emails involved were leaked to the BBC apparently by email forwarding, strongly implying not just an insider but a participant in the emails. The BBC reporter fails to report. One month later the same emails (plus more) are anonymously uploaded to a Russian server, and RealClimate (only) is claimed to be simultaneously hacked. Proof of nothing, but highly suggestive that one individual with access to CRU email and data and the RealClimate servers committed all three acts.
“The IPCC report is political opinion I’m afraid. There are some chapters which purport to carry some science but even that is somewhat distorted by opinion.
You must remember that the IPCC is an ‘Intergovernal panel’ key word being governal = opinion = politics”
Which part of the WG1 do you disagree with?
OT
Lucia,
Have you given any thought to offering “Hide The Decline” coffee mugs? I am putting your “lukewarming” mug on my Christmas Wish List.
Windy–
I have to do the artwork. Probably tomorrow!
I love motive hunting. See if you can guess why.
steve–
It’s amusing? You can come up with so many possible motives and then use the one you dreamed up to support your pet theory?
bugs (Comment#26044)
December 4th, 2009 at 5:58 am
“The hacker was inside the system several times. Plenty of opportunity to get to know the place.”
I can’t imagine a hacker would hang around getting “to know the place” rather than just copying directories en masse. And then, why would a hacker cherry-pick the files and only release the specific subset in FOI2009.zip?
I think it makes much more sense that the files in the the archive were assembled for a FIO request ,which was denied, resulting in an insider taking things into his or her own hands.
DarylM–
I too would think a hacker would just try to copy as fast and furiously as he could. But then… I don’t really know all that much about hacking.
Steven M “I love motive hunting. See if you can guess why.”
Because you learn something about yourself while doing it 😉
I like Andy Revkin’s phrase for what was done: “unauthorized release”. Less semantic baggage.
I’m with Lucia in thinking a hacker would be an opportunist who might grab a couple of files but wouldn’t spend weeks compiling a selective set of thousands of files.
To me it still seems far more likely most of it was put together by some staff member during consideration of potentially needing to comply with an FOI request. Surely the University’s legal advisors would have been involved in considering how to handle the FOI requests once they became controversial? Surely also they would have advised that the material needed to be archived safely in case a refusal was appealed successfully?
Neils and Lucia.
Good theories both.
Lucia hunts for a motive that fits my obviously superior sense of humor. That motive, I love to hunt for motives because its amusing, is congruent with my other observed behavior.
Neils thinks I like it because it gives me self knowledge and he’s obviously seeking to place my love of motive within my obvious love of philosophy.
Andrew Bolt speculates on the identity of the leaker. Also has a link to a list of candidates working there. I see they have quite a few visiting researchers.
http://blogs.news.com.au/heraldsun/andrewbolt/index.php/heraldsun/comments/climategate_which_one_blew_the_whistle/
steven mosher,
As an idicator of future behaviour or response?
It certainly helps in sport.
Let’s get a few things straight. A “hacker” is someone who gets access to a system from the outside. The FOI2009 file was obviously compiled by an insider. Despite talk about an October release, there are e-mails in the FOI2009.zip file that are dated November 12. The invitation to download appeared on Jeff Id’s site on the 17th. The e-mails are appearing as ****.txt files, which is not the way e-mail clients store them. They had to be selected and exported….
This file was ceated by someone at CRU… my guess is Phil Jones himself. There are a lot ofsuicdeds who create rube goldberg devices.. go figger. But there was NO hacker.
A “hacker†is someone who gets access to a system from the outside.
that might be your definition.
hacker (computer security context) is typically described as a person that “breaks into computers, usually by gaining access to administrative controls” (wiki, for a start..)
following the rest of your reasoning (txt files..), i will argue that we have proof that this person was a hacker, because he knew how to create (or at least open) a zip file 😉
bender (Comment#26088) December 4th, 2009 at 11:03 am
sod refers to:
“irrelevant mail â€
.
They clearly conspired to (1) downplay the proxy divergence problem and (2) hide potential warming biases in the land surface record. Sorry, but this is relevant.
(1) No, they had a proxy that was clearly at odds with the known temperature record, for the period after 1960. This was openly discussed in the AR4, and was openly discussed in the literature before then. Clearly, to claim the temperature had dropped after 1960 when it had risen was nonsensical.
(2) no.
Personally I dont see a strong enough pattern amongst the emails to go with the preparation for FOIA theory. I have seen some which would not appear to be relevent to FOIA. I wouldn’t totally rule out preparation for FOIA but I am not convinced. Too many of the emails are problematic for Phil Jones and other staff to be willingly compiled given their clear adverse view of FOIA. There is also plenty of evidence that it is only a subset of the emails that would have been relevent to FOIA.
My own speculation would be that someone with a level of onsite access at the campus will have exploited a security loophole.That person would be a student, staff or contractor.
They would need a reasonable level of IT awareness plus an interest in the climate issues. It may be more than one person with one person finding the exploit and another who then used it.
We are seeing some reports that there may have been more than one access over a period of time. I would expect that they may have used some form of search or selection utility to find the emails likely to be of interest and the files provided are the outcome. Even the use of searches would take time to review so the outcome is probably the result of a manual review of the output from a search.
Despite concerns expressed by many people at the time the emails were made available I am not aware so far of anyone challenging the content of any of the emails as accurate or identified any other malicious activity other than the act of obtaining them (whether hack or whistleblower) and then making them available. The attempt to upload at RC and make them available is likely to have been the opportune use of information from within the emails.
clivere, the emails are not particularly focussed, but that relevance rather depends on the spread of FOI requests they had received. If legal counsel were involved the University may have delegated the search and compilation to some support staff member, not necessarily even from Jones’ department, and the emails collected may include some he had deleted but still existed in backup archives.
I also agree the RC upload was probably opportunistic as you suggest.
Alan Wilkinson – I have just seen a Mail on Sunday 2 page article where they speculate that the “hacking” is a Russian Agency plot. This speculation is almost entirely based on the use of a Russia “Academic” server to release the files. Personally I am not convinced by that theory either.
My own view is based firstly on the unconfirmed reports/rumours that there was more than one access to the server in question over a period of several weeks. Secondly the emails are selected but not neatly packaged to comply with any specific FOIA requests. Thirdly they are not a complete record which I would have expected if they were compiled for FOIA.
The Times has a similar story about the Russians, and attributes the claim to UN/IPCC officials. No evidence except that the data got parked on a Russian server. I think it’s baloney – the Russians usually use Chinese servers for their dirty work!
The story has “damage control” written all over it.