Commenters on the earlier thread have presented another explanation of the “RC Hack”. The same idea occurred to several people and has been presented at several blogs (tAV for example). I’ll cite Steve Mosher’s below both because he knows computers and is very familiar with the facts:
If you look at all the emails you will that some bozo transmitted a logon and password ( steve, tosser) in one of the mails.
So, it’s entirely possible that at sometime Gavin or somebody else sent a admin logon and password for RC to somebody at CRU, say briffa. So that the person at CRU could upload a file. Then, the insider at CRU found this mail
and had everything he needed. A file to upload and a RC password to allow him to do it. And he completed the
irony by linking to the file by a post at CA.
just a theory.
An example of such an email with signon and password is in the ClimateGate Letters here.
I’ve sent similar emails to various people which entitle them to post at Climate Audit – Roman Mureika, Jean S, UC, Hu McCulloch, to name a few. Also Judy Curry who’s posted at CA but has probably lost her password. And a few who haven’t taken advantage of the offer e.g. Michael Tobis.
Admin status and editor status are separately defined. To upload a pdf file, Author status is enough. I’ve placed a variety of pdf’s in climateaudit directories and uploading the zip file seems analgous to (say) roman uploading a file to a CA directory. The next question to ask Gavin is whether they ever emailed a password to a CRU author. If they did, then that would seem to close the circle with the simplest explanation.
Reviewing Gavin’s statement on the matter under this theory:
At around 6.20am (EST) Nov 17th, somebody hacked into the RC server from an IP address associated with a computer somewhere in Turkey, disabled access from the legitimate users, and uploaded a file FOIA.zip to our server. They then created a draft post that would have been posted announcing the data to the world that was identical in content of the comment posted on The Air Vent later that day.
I don’t see any reason to contest the statement that the zip file was uploaded. I don’t understand why uploading the zip file would disable access to “legitimate users” or what purpose would have been gained by doing this. Further details on this would be interesting.
The idea of unveiling the files through a manifesto at RealClimate is definitely an interesting and odd aspect to the events.