26 Nov 2009

Yet More on the CRU "Hack"

All Posts No Comments

* Gavin Schmidt (climate modeler for NASA) has done a good job providing his version of events, and he tries to defuse the most “shocking” emails here.

* CEI is threatening a lawsuit if Schmidt’s employer (NASA’s Goddard Institute for Space Studies, or GISS) doesn’t comply with some FOIA requests. The one part I found a bit much was where they seem to be threatening to sue because Schmidt wasn’t fair in his comment moderation at RealClimate.org during work hours–and hence he was impeding science “on taxpayer time.” C’mon.

* I originally did not refer to this incident as a “hack” because I thought it was an inside job. For one thing, that was the first report I read. But I also thought that an outside hacker wouldn’t have known where to look to grab all this stuff. An anonymous poster at a previous Free Advice thread sums up my view well:

If this is the result of a hack we are dealing with the best hacker the world has ever known hands down. When a hacker enter a system, they have a short amount of time to rake in whatever they can find and then GTFO! This is a very comfortable package that has taken a conciderable amount of time to assemble and not something that was done in the span of a hack. Then the hacker should have worked for months, infiltrating, analyzing and collecting. A server is a HUGE filesystem. Those who believe that this is the result of a hack, will have to similarly believe that you can indeed find not 1, not 2, not 10 but 100+ needles in a haystack the size of Kansas. Either the “hacker” knew exactly what they came for and was able to navigate through the filesystems and find all the relevant individual parts which points towards an insider, or the hacker new exactly what package to get. This itself raises questions. who then packed this package and from where did the hacker know what to look for and where? The last suggestion is pure luck, but then again…who compiled the package of data? I think it was an insider job and like many others I think it may be “Harry” who either did it, or compiled the package and then told someone where to look. No evidence for this, but the sheer amount of luck required by a random hacker to come upon this package is just unacceptable.

Now I don’t really know enough about computers to say whether the above is true, but that’s where I was coming from when I initially attributed this to a whistleblower. Or are we saying that there was so much skullduggery going on at CRU, that a randomly grabbed chunk of emails contained a handful of zingers?

Comments are closed.