A systems administrator with 15 years of experience in administering mail and other servers with all the most popular operating systems, now has offered his expert opinion that the CRU Archive was leaked, not stolen, as the anthropogenic global warming (AGW) alarmists continue to insist to this day.
Lance Levsen, a registered user at the blog The Roadkill Diaries, also known as Small Dead Animals, published his analysis earlier today. Anthony Watts of WattsUpWithThat reproduced it on his own blog.
The question of who leaked the CRU Archive and why is more than academic. Senator Barbara Boxer (D-CA) is on record assuming that the releaser of the archive was an outsider, that this releaser obtained this information by breaching the cybernetic security of the East Anglia Climatic Research Unit (CRU), and that if the Senate is going to investigate anything (as Senator James M. Inhofe, R-OK, has demanded), then it ought to investigate the manner in which the archive was obtained, with a view to criminal prosecution of the alleged data thief or thieves.
More recently, the Sunday Telegraph (London) has openly speculated that the Russian government, and more specifically its Federal Security Service (FSB), carried out the theft. As evidence, they cite the alleged geographical location of the domain (tomcity.ru) at which the archive was originally made available (Tomsk, Siberia, Russian Federation). They also suggest that the Russians acted from one of two motives: either mercenary (hired by a third party) or self-interest, connected either with their oil export trade or the 5 to 6 billion tons' worth of unused CO2 emission credits that are about to expire. (More here.)
Watts and his user community have never believed that the Russians, or anyone else on the outside, stole the documents in the archive. One of Watts' regular users, in the early days of the scandal, propounded his theory that someone, probably the Freedom of Information compliance officer at the University of East Anglia (UEA), prepared this remarkably up-to-date archive (even to capturing Phil Jones' wishes and desires not to release anything if he could avoid it) and then accidentally--or deliberately--left it on a public server to which essentially anyone would have access. He also heaped scorn on the statement by Gavin Schmidt, an administrator of RealClimate.org, to the effect that someone had tried to break security and upload the archive onto the RealClimate.org server. (More likely, says this user, the eventual releaser merely posted a comment at RealClimate.org, and the moderators took the comment down and alerted Phil Jones at CRU.)
Levson today released a much more detailed analysis to show, in effect, that the data could not have been stolen. Among his points:
- Any hypothetical data thieves would have needed to break into not only the East Anglia CRU mail server but into every client machine from which any of the e-mails originated or were received and read, a task that would be virtually impossible on its face.
- The archive's top-level folder is named "foia," a clear reference to the UK Freedom of Information Act. Likewise, the archive file is named FOI2009.zip. (Levson's use of the filespec "FOIA2009.zip" is in error.) This folder contains two other folders, named "mail" and "documents."
- The "mail" folder contains 1073 plain-text files. The name of each file turns out to be a UNIX time stamp, giving the number of seconds elapsed since the beginning of the UNIX Epoch, which was December 31, 1969, at 11:59:59 p.m. UTC (Universal Time, Coordinated).
- The documents folder is a highly disorganized folder containing folders of program code, Portable Display Files (PDFs, including the file named "The Rules of the Game"), and text files, in no particular order.
Levson concludes that someone, most likely the University compliance officer, executed a fairly simple command on the mail server to obtain the e-mails; the "mail" folder contains the product of that command. He then collected multiple other files (including attachments to the e-mails in question) and dumped them into another folder, named "documents." He placed both folders into another folder, named "foia," and ran the Windows ZIP program to produce the archive file. (Why he did not use the UNIX Tape ARchive, or "tar," command, is not entirely clear.)
Then one of two things happened. Watts and company assume that the officer left the file on an anonymous FTP (File Transfer Protocol) server, or on a shared directory on a public server, by mistake. The eventual releaser then downloaded the file and tried to submit it to various venues.
The other possibility is that the compliance officer (or someone else with access to that file), frustrated with the attitudes of Phil Jones, Trevor Davies, and other CRU and UEA officials, took the law into his own hands. In that case, if anyone at CRU or UEA deliberately released that file, then he was acting in accord with the UK Public Disclosure Act. That Act provides that any person who makes a public disclosure of information that either shows criminal intent or prevents or stops a crime, shall be excused from punishment and protected against retaliation.
The only piece of evidence that begs explanation is why the releaser chose an anonymous FTP server in Russia to leave the archive, and why it remained on that server for three days, perhaps until an administrator showed a sudden spike in download traffic, found a file on his server that he did not recognize, and removed it. The site http://tomcity.ru/ turns out to be an Internet service provider (ISP) based in Russia. Its home page looks like that of any other ISP. It is indeed based in Tomsk, but whether this ISP belongs to the Russian FSB is difficult to determine. What evidence the Telegraph has for connecting this ISP to the FSB, the Telegraph will not disclose.
If the FSB does own the TomCity ISP, then perhaps the FSB, after scrutinizing the CRU and noting some previous wholesale scrubbings of its public servers, set a watch on the CRU and fetched the FOI2009.zip file as soon as someone left it carelessly on the server. If not, then someone deposited the file onto the TomCity FTP server, either as a guest or after first establishing an account at TomCity. Either way, a sophisticated act of data theft, which many public and even UN officials continue to speculate about, now seems unlikely in the extreme.
Like this article? Want to be notified of more? Click Subscribe, above.
Comments