Climatic Research Unit (Photo courtesy CRU)
The anonymous tipster, whom many people initially assumed had "hacked" into the computers at the Climatic Research Unit (CRU) of the University of East Anglia (repeatedly called the "Hadley CRU," by mistake), might in fact be a CRU insider who released the files for his own reasons.
The user, known only as "FOIA" (which now appears to be a reference to the British equivalent of the US Freedom of Information Act), left only one comment on The Air Vent to announce his release of his 61-MB ZIP archive. He has never been heard from since, nor has anyone stepped forward claiming to be that person since the story became widely known.
Persons knowledgeable in information security hold that this is not the behavior of a hacker. A hacker normally boasts of his act, even if he were hired or otherwise suborned to commit his act by someone else. These two reports provide illustrations of such behavior.
Other commenters have observed that the very form and organization of the archive, which expands to 168 MB of text files, word-processing documents, PDF files, raw data, and even program code, indicate that someone already having access to the system logged in through his usual channels, made the archive, and then logged out. The user's choice of words indicate someone having a motive to disclose to the world certain activities and mindsets that the user found distasteful, at least.
This Examiner has been able to reconstruct a timeline of the story, from the initial attempt by the user to publish his material to another site, to the events of yesterday morning. However, before presenting this timeline, this Examiner is obliged to issue a correction: the phrase "Hadley CRU" is not the true name of the Climatic Research Unit of the University of East Anglia. The first person to use that phrase was Anthony Watts, of Watts Up With That. As RealClimate.org and others have noted, Watts is the first person to use the phrase "Hadley Centre" to describe the CRU. This is incorrect; the CRU does not use the word "Hadley" in its name, and the "Hadley Centre" is an entirely separate institution, having no connection with Phil Jones or his team beyond, perhaps, being in sympathy with Jones' stated theories and goals. That Watts was initially confused becomes evident when the photograph of the Hadley Centre headquarters, published on the Centre's own web site, is compared with the photograph that Watts initially ran with his own comment. Watts has since replaced that photograph with one of the actual CRU building.
The timeline begins on November 17, when the user named "FOIA" left this comment at The Air Vent site:
We feel that climate science is, in the current situation, too important to be kept under wraps.
We hereby release a random selection of correspondence, code, and documents. Hopefully it will give some insight into the science and the people behind it.
This is a limited time offer, download now:
He then continued with a link to a Russian anonymous FTP account. (That account no longer works, but this Examiner was able to obtain the archive from it when a correspondent alerted him to it.)
This is consistent with Phil Jones' statement to Ian Wishart of Investigate magazine, dated November 20. Jones said that he had known about a security breach of his organizations computers "three or four days ago," having heard about the matter first from the administrators of RealClimate.org. Concerning RealClimate's immediate reaction, Jones said:
Real Climate were given information, but took it down off their site and told me they would send it across to me. They didn’t do that. I only found out it had been released five minutes ago.
RealClimate's own statement says this:
We were made aware of the existence of this archive last Tuesday morning when the hackers attempted to upload it to RealClimate, and we notified CRU of their possible security breach later that day.
This indicates that the tipster first tried to submit his material to RealClimate.org, and when the administrators refused to accept it, he then established his Russian anonymous FTP account and submitted the link in his comment to The Air Vent.
The Air Vent's administrator, Jeff Id, was out-of-contact when the comment was posted. No one said another word about it until, two days later, the user named Steven Mosher alerted The Blackboard. Initially he left only a link to the original post, not a specific comment link. But apparently Lucia, the Blackboard administrator, followed the link and examined the files for herself. She was, however, reluctant to publish the link, but another user, Jean S, published it for her. In the process, she said this:
Seems to me that someone has hacked UAH computers. All e-mails seem to contain at least an addrees ending uea.ac.uk. Also all the files seem to be UAH-related. At least some of the material has to be real, there are just so many small details that were just impossible to fake (for instance under briffa-treering-external/timonen there are some file names only a Finn would use).
She might be referring to file names like "kilpisj" and "hossapal", and extensions like "tuc". The file names fail to translate when subjected to Google's Translate routines.
At the same time, Steven Mosher published an alert to Climate Audit. Then within hours, Anthony Watts at Watts Up With That published his own brief commentary. Shortly after that, this Examiner made his initial report, which is, as far as this Examiner has been able to determine, the first report by a professional or semi-professional journalist of this whole affair. Ian Wishart, editor and publisher of Investigate, also took note of the story at the same time and published his own initial blog entry, in which he announced that he had sent an e-mail to Phil Jones requesting an interview.
In all that time, the original poster of the Russian FTP link never made another comment in any forum. As discussed above, this is not typical of a hacker. A hacker would be boasting about his act, and loudly. Instead, his file sat in that anonymous FTP account for more than forty-eight hours, and the poster never made any further attempt to publicize his find. Hence the conclusion, by this Examiner and a host of other commenters, including IP security professionals, that this unknown user was one who had had access to CRU computers, in accordance with his duties at the CRU.
Mr. Stephen McIntyre at Climate Audit has made no secret of his repeated attempts to demand, under Britain's Freedom of Information Act, that Phil Jones and his team yield up the data that are the basis of their claims for anthropogenic global warming (AGW) and its effects. Preliminary analysis of the archived e-mails also indicates that Jones knew of McIntyre's efforts and was taking steps to stall and thwart them, in violation of the law. Perhaps, then, someone at CRU decided to take the law into his own hands.
A request-for-comment to Mr. McIntyre from this Examiner is now pending. Climate Audit is back on-line, though it appears to be slow to load.
The archive remains available at MegaUpload and FileDropper, and at Pirate Bay's torrent.
Like this article? Want to be notified of more? Click Subscribe, above.