A Theory of the Hack

Two major new BBC programs, The Trick and the Hack That Changed The World, re-visit 2009 Climategate events on the eve of UK hosting the most recent international climate get-together. I was interviewed by The Hack and mentioned in The Trick as a villain.

In today’s article, I’m going to propose a theory of the Climategate hack that is very different from the grandiose conspiracy of Russian intel services and US fossil fuel corporations that is the prevalent fantasy of the climate “community” and chattering classes. Subsequent to my interview with the Hack That Changed, I’ve re-examined and cross-checked documents and noticed some interesting new connections. I don’t know the identity of the Climategate hacker, but do believe that deductions about his profile (e.g. motivated individual vs paid institutional hacker) can be made more intelligently by carefully examining details of what was exfiltrated and when – as I shall do here.

What We “Know”

Unbleached Document Datestamps

Although the exfiltration dates of the emails had been uniformly bleached to an uninformative datestamp, early on, “frank swifthack” noticed that exfiltration access-datetimes hadn’t been bleached for the majority of the several thousand documents that had also been exfiltrated. This observation attracted relatively little commentary at the time, but was something that I paid attention to.

A timeline of unbleached exfiltration dates is shown below. The “rug” at the base of the timeline shows dates on which any unbleached exfiltration is attested, while the log-scale shows the number of documents exfiltrated.

In late September and first week of October, several thousand tree ring datasets within a few directories were exfiltrated, with the largest number (2279) coming from the directory briffa-treering-external. Much of this data pertained to Briffa’s Yamal tree ring chronology, new information on which had become available in mid-September. Together with related information from Avam-Taimyr, another northern site, it was the topic of several well-publicized Climate Audit articles in late September and early October, especially the September 27, 2009 post entitled Yamal – A Divergence Problem. (Prior to Climategate, the resulting controversy led to a program on the issue on Finnish TV and an editorial in WSJ – Europe.)

The first exfiltration of Yamal tree ring data by Mr FOIA took place on Sep 27, 2009 at 19:58Z, only a few hours after publication of the Yamal – A Divergence Problem article at Climate Audit. The climate community and counterintelligence were so fixated on a “big” institutional hack related to Copenhagen that they paid no attention to this synchronism, but it spoke volumes to me. Mr FOIA was very up-to-date on Climate Audit issues. The idea that Putin or the president of Exxon were paying rapt attention to esoteric Climate Audit controversy on proxy reconstructions had always seemed risible to me, but the particular notion that they would commission the exfiltration of tree ring measurement data as a tool in a Dr Evil machination to derail Copenhagen was beyond risible. On the other hand, the exfiltration of tree ring data that had been withheld by CRU would be the sort of thing that would occur to a partisan in the Climate Audit-CRU disputes.

The other large exfiltration of documents (with unbleached timestamps) was the exfiltration of the mbh98-osborn.zip file on November 16, 2009, which proved to be the cut-off date of the hack. By coincidence or not. This zipfile connected to the longest standing Climate Audit controversy – our critique of the Mann et al 1998 Hockey Stick. My serious analysis of proxy reconstructions began on April 8, 2003 when I asked Mann for the FTP location of the MBH98 data. (The contemporary events on April 8, 2003 are relevant to a complete narrative, but outside the scope of his article.) Mann replied promptly, saying that he’d “forgotten” the location of the data, but his associate Scott Rutherford would locate it for me. Thus begins a long narrative that I’ve discussed on various occasions, but, for present purposes, the key point is that the mbh98-osborn.zip data exfiltrated on last day of Climategate hack was the very data that Mann had refused to provide me in 2003 (but which he had provided to Osborn with a covering note that it was his “dirty laundry” and, under no circumstances, to be provided to the “wrong” sort of person.

The (relatively small number of) documents exfiltrated between October 8 and 12 (many of which are distinctive peer reviews by Jones of articles by Jones’ close associates) pertain to Phil Jones, whereas documents prior to October 3 either pertain to Briffa or are unassignable.

The chronology indicated by unbleached document dates is consistent with 2012 closure statements by UK police, which placed the exfiltration between September 2009 and November 2009 [Operation Cabin Background Information, July 18, 2012; Operation Cabin Q&A, July 18, 2012].

The November 19, 2009 Sys Admin Report

In December 2017 (eight years after the incident), Mother Jones, through an FOI to the University of East Anglia, obtained a redacted copy of a November 19, 2009 situation report by system administrator [Mike Salmon] together with a covering email by his supervisor [Jonathan Colam-French]. […] denotes my interpretation of redactions. At the time of the report and email, Salmon and Colam-French had been informed by [Gavin Schmidt of Real Climate] that the Climategate zipfile had been loaded onto the Real Climate blog but had been quarantined by Schmidt, but were not yet in possession of the zipfile itself. Nor at the time of Colam-French’s email was there any public awareness of the hack: that would happen in about 1-2 hours.

Nonetheless, the report and covering email shed light that is otherwise unavailable. Of particular interest were excerpts from computer logs that Salmon associated with activity of Mr FOIA as shown below, together with Salmon’s commentary on the logs:

Salmon interpreted the first entries on October 5 as attempts to log into the backup server (BackupPC) with several different usernames. Salmon said that the first username attempt was backuppc, which wasn’t recognized and thus failed. The second username attempt (a 5-character username) similarly failed. Salmon commented that this user’s “PC is not on the Backup Service so they would not have found any information. The third attempt used [Salmon’s] 4-character username – possibly root – which was recognized, but failed on this occasion due to password mismatch.

Although this first sign-in from Salmon’s username appears to have been unsuccessful, Salmon and Colam-French reported that Mr FOIA’s subsequent access to BackupPC was obtained by cracking Salmon’s password (see below).

Two hours later (3:25 AM BST), Mr FOIA requested backup #390 for the account angara.cru.uea.uk (see log above.) Redactions to Salmon’s explanation of this instruction obscure its meaning, but much light is shed on events by the most plausible infills. Both in context and character counts, the subject PC is Keith Briffa’s, who is (now) known to have had a serious operation in July 2009 and to have been away sick during the hack and not to have been using his desktop computer. Salmon (and remember that this was November 19 and he had still not seen the emails) wondered whether the emails might all be earlier than July 27, 2009 and thus linked to Briffa’s backup. (This, of course, proved not to be the case.)

Also, keep in mind that Mr FOIA had already exfiltrated several thousand tree ring data files from Briffa’s computer between September 27 and October 3 – prior to the initiatives attested in the October 5 logs. Also, the IP address 139.222.104.250, used in these log-in attempts, was local to the university. The most obvious interpretation of these events is that Mr FOIA had obtained access to Briffa’s account on or before mid-September, that his access as of the very early morning of October 5 was limited to Briffa’s account and that, on October 5, Mr FOIA was attempting to expand his access via the BackupPC.

Colam-French’s email noted that the most likely way in which Mr FOIA obtained access to the BackupPC was by cracking Salmon’s administrator password, which could be compromised relatively easily through a known vulnerability in the university’s password setup, in which encrypted versions of user passwords appear to have been relatively unprotected (other than encryption). Colam-French (and Salmon) hypothesized that Mr FOIA (who by October 5 had guessed a username recognized by the backup server) then located encrypted versions of the passwords and used commonplace cracking programs to obtain Salmon’s password:

At the time, cracking of NIS passwords was a well-known vulnerability of networks, such as that operated by the University of East Anglia. It appears that the cracking program John the Ripper or some similar open source program could have cracked the password in several hours or at most a couple of days.

Mother Jones

In their December 2017 article, Mother Jones asked British cybersecurity expert Steve Lord to review the university memo. Lord reported that the methods showed “no real sophistication” and that, once Mr FOIA was in, “this is not rocket science”:

Steve Lord, a British cybersecurity expert who reviewed the university memo on the incident, told Mother Jones that the methods used to steal the climate emails, at least according to materials provided by the university, showed “no real sophistication.”

“It’s not a particularly complicated setup,” said Lord. “It’s not clear how they got in, but once they’re in, from the information we do have, this is not rocket science.” (You can read the university memo below.)

“Once They’re In”

Undiscussed in the Mother Jones article is “how they got in”. There is convincing circumstantial evidence that this wasn’t “rocket science” either.

In late July 2009, in the immediate wake of the “Mole” incident, Phil Jones began deleting documents from CRU’s FTP site, while Climate Audit readers were busy trawling through CRU’s FTP site as the documents disappeared from view. On July 31, Jones reported to university administrators that “people were crawling all over our ftp site” and that Jones was therefore “deleting more stuff from our ftp site” in order to stop people “making up more conspiracy theories”… about CRU deleting stuff from their ftp site,

The previous day, a Climate Audit reader had reported to UEA administration that their setup permitted ftp access to folders that, in a “customary directory layout”, “would contain private data”:

Instead of paying attention to this sensible advice, Salmon and Jones decided that this was “someone at CA [Climate Audit] trying to push us into commenting”.

One more contemporary circumstance: Salmon’s sys admin memo reported that new passwords were issued “in July” for “everyone” at CRU. This presumably was in response to the July 2009 spat between Climate Audit and CRU. The new passwords were eight characters:

I recall a CA reader telling me long ago that, in one such publicly accessible location, the user’s CRU password was sitting in plain view. It seemed odd at the time, but possibly made a bit more sense if new passwords had just been issued. I didn’t pay attention to the story at the time as I was preoccupied with the issues involving email content. However, a few days ago, I asked whether he recalled the incident and whose password was exposed to the public. He did and confirmed that he had absolutely seen a CRU employee’s password exposed in a public area.

Needless to say, the exposed password was to the Keith Briffa account where Mr FOIA got his foothold. At the time, Briffa was sick. (He died a few years ago, far too young.)

Conclusion

The Climategate hack did not involve malware: no X-Agent, X-Tunnel, Fancy Bear or Cosy Bear. Nor did it involve spearphishing emails or any of the paraphernalia that usually define “hacking”.

The first avatar of Mr FOIA in the CRU network was almost certainly via password access to Keith Briffa’s online account (through proxy servers). I’ve received a first-hand statement that Briffa’s password was exposed and available to the public in the period immediately prior to the “hack”. Signing on to Briffa’s account with this password via a proxy server did not require CIA or KGB level skills. Once in, according to the Mother Jones cybersecurity expert, the rest was “not rocket science”. The encrypted passwords were more or less in plain view and decryption of the sys admin password could be accomplished in a few hours or couple of days using open source software.

Nothing in the hacking technique or timeline points to Russian intel services or US fossil fuel corporations. I don’t know the identity of the Climategate hacker nor do I even have a guess. What we do know is what we knew more or less since the beginning: that Mr FOIA was a reader of Climate Audit, Watts Up, Real Climate and other climate blogs; that he was careful both in his use of proxy servers; and, that, unlike Guccifer 2, he had no interest in leaving a massive social media trail.


34 Comments

  1. pdtillman
    Posted Nov 1, 2021 at 3:28 PM | Permalink | Reply

    Thanks for this informative post, and for the prior. As you say, some interesting details on the mechanics of the ‘data exfilation’ — heh. No Russians or Exxons needed!

    “What we do know is what we knew more or less since the beginning: that Mr FOIA was a reader of Climate Audit, Watts Up, Real Climate and other climate blogs; that he was careful both in his use of proxy servers…”

    Wasn’t me! — even if I am in the group you mention. Heck, I’ve never really grasped how to work my iphone!

    Thanks again for all your efforts on this long, strange trip. Tall about a retirement ‘hobby’ that got out of hand!

    Best wishes, and may COP-26 do no serious new harm. I’m mildly optimistic, actually….
    Cheers — Pete Tillman

    • Jeff Alberts
      Posted Nov 1, 2021 at 4:53 PM | Permalink | Reply

      Pete, don’t protest TOO much. 🙂

      • pdtillman
        Posted Nov 1, 2021 at 6:38 PM | Permalink | Reply

        Trust me: a less likely hacker than I would be hard to find.

        If you read Steve’s post a bit carefully, he thinks it was an inside job at UEA. Someone made uneasy by the a**holery of Phil Jones, Mike Mann & Co. What a crew!

        And I was sorry to learn of the death of Keith Briffa, https://en.wikipedia.org/wiki/Keith_Briffa
        — who seemed a cut above that sorry lot.

        Climategate! What a long, strange road it’s been. To coin a phrase…. 🎸 ⚡️ 🔥

        • Stephen McIntyre
          Posted Nov 1, 2021 at 9:59 PM | Permalink

          if I thought that “it was an inside job at UEA”, I would have said so. I never thought that.

        • See - owe to Rich
          Posted Nov 2, 2021 at 11:49 AM | Permalink

          At the time, I thought it was an insider at UEA. However, if the hypothesis is correct that Mr. FOIA first hacked into Briffa’s account, that makes it less likely, because an insider would have his/her own account to start with, and be able to get on with the job of hacking the more important admin account for BackupPC, without using Briffa’s. Unless use of Briffa’s was to muddy the audit trail…

          Anyway, nice work Steve, again.

          Rich.

  2. dearieme
    Posted Nov 1, 2021 at 4:16 PM | Permalink | Reply

    I know nothing about hacking and so on. Tell me, does the fact that you’ve been able to deduce all this imply that CR/UEAU has known it all along?

    • DaveS
      Posted Nov 3, 2021 at 7:48 AM | Permalink | Reply

      The local police spent a lot of money investigating the alleged hack. If they didn’t figure this out as a potential explanation of events, even as one of a number of possible scenarios, then it doesn’t say much about their level of expertise. But perhaps they were so fixated with the notion that it woz the Russians (or Big Oil) wot done it that they didn’t consider or look for more straightforward explanations.

  3. nvw
    Posted Nov 1, 2021 at 4:27 PM | Permalink | Reply

    “never attribute to malice that which is adequately explained by stupidity”

  4. Posted Nov 1, 2021 at 7:04 PM | Permalink | Reply

    I think the arguments presented are credible – there was a simple hack most likely based on a simple entry. But from my point of view, I don’t care if the world’s worst villains were responsible for the hack, nor am I concerned with the degree of sophistication used to get into these secret files. What does matter is that as of 2009, it is clear that the climate science tribe was strongly biased in favor of alarmism, and built their arguments around dubious data and worse manipulation of the data, complete with cherry picking some and hiding others, while at the same time using their influence to squelch alternative views and punish those not in the tribe. It became clear that the whole science of proxies for past climate was rife with fake news. Any proxy requires a standardization period when the model can be compared to data. Then, extrapolation to previous eras requires justification by showing that other variables were comparable during the extrapolated period to those during the standardization period. I have read dozens of published papers that utilize proxies. Very few if any show the comparison during the standardization period and/or the basis for justifying extrapolation. I came to the reluctant conclusion that almost all the proxy data is highly suspect. SM penetrated far more deeply than I did into the proxies used by MBH and demonstrated the fallacies in both the proxies themselves as well as the methods of processing data. It seems unimaginable that after all the demonstrations by SM over a decade and more, they are still putting forth their un-science and Mann still is a highly respected leader in the climate field. The climate gate releases demonstrated not so much the details (they were revealed by SM) as much as the mindset of these rascals. Altogether, the events of 2009 cast a very long shadow on the periodic UN reports that came out subsequently. Can you believe anything that the climate establishment publicizes?

    • Posted Nov 2, 2021 at 5:32 PM | Permalink | Reply

      Donal Rapp- What a tremendously intelligent & sensible comment.

  5. MikeN
    Posted Nov 1, 2021 at 9:09 PM | Permalink | Reply

    I think the files ended up on RealClimate via a password that was sent in plaintext. I remember an e-mail like this in the CRU files.

    At the time, some people initially thought Steve Mosher was Mr. FOIA based on his comments at various sites, before it was revealed that Mosher had seen the files before WattsUpWithThat ran the story. Mosher suggested Salmon as a culprit, though he was kind of joking. I made some obscure references to Briffa being the culprit(‘Toyman’). I didn’t think it would be too hard for an investigative unit with resources to identify the hacker, but unlike others I never posted ideas to help them along.

  6. antonk2
    Posted Nov 2, 2021 at 1:13 AM | Permalink | Reply

    Hacks are normally only used to obtain very private, personal information; the base material for Mann’s alarming “global” temperature hockey stick graph should not be 100% public accessible as the COPs now force the whole world population to de-carbonize based on “scientific” scare graphs.

    • antonk2
      Posted Nov 2, 2021 at 1:15 AM | Permalink | Reply

      admin: -not

    • David Murray
      Posted Nov 7, 2021 at 9:49 AM | Permalink | Reply

      I am a lone defender of all you wonderful sceptics but face outright lies from the alarmists. I have just been told that Mann has released all his codes and data. Is this true?.

      • Stephen McIntyre
        Posted Nov 9, 2021 at 12:06 AM | Permalink | Reply

        only partly. He grudgingly released a considerable amount of data after a Materials Complaint to Nature, but key data remains concealed e.g. the actual reconstructions for individual steps. Mann has also concealed verification r2 stats for various steps (the emulations show these to be bad). He released a portion of his code in 2005, but refused to release key portions e.g. determination of how many tree ring principal components were retained.

  7. Posted Nov 2, 2021 at 3:45 AM | Permalink | Reply

    Reblogged this on WeatherAction News and commented:
    A fascinating read of what went on in 2009 ahead of Copenhagen…and it wasn’t “Russian intel services or US fossil fuel corporations”

  8. A
    Posted Nov 2, 2021 at 10:51 AM | Permalink | Reply

    I’ve always thought it was obvious who did the leak and is in plain view for everyone to see.

    • Stephen McIntyre
      Posted Nov 2, 2021 at 1:22 PM | Permalink | Reply

      maybe you think it’s “obvious” but it isn’t “obvious” to me that it was a leak or who did it. So what’s your theory?

      • dfhunter
        Posted Nov 2, 2021 at 8:05 PM | Permalink | Reply

        not to answer for A but I think the guy/gal is dead now.so best to leave it as one pissed off scientist/researcher who could take no more BS.

        • Stephen McIntyre
          Posted Nov 2, 2021 at 11:36 PM | Permalink

          unless someone has actual non-public knowledge of factors involved, there’s not much point trying to attach a name. We simply don’t know. Also people have a tendency to presume the Mr FOIA (or previously Steele’s PSS) is someone in the spotlight or a known figure in the controversy, when it is FAR more likely that it’s someone not already in the spotlight.

      • Follow the Money
        Posted Nov 3, 2021 at 3:19 PM | Permalink | Reply

        Stephen, it’s also not obvious to me if these peeps aren’t conflating “Mr. FOIA” with the prior CRU temp data unauthorized release you got earlier in 2009. Your mention of “mole” above may need some context-refreshing.

    • Posted Nov 2, 2021 at 1:29 PM | Permalink | Reply

      Who did it?

      Wait… If you tell us then the police will know, who were probably counting on one of us to crack it or even perhaps coax a return to the scene of the crime by the perp, (driven, of course, by the criminal’s irresistible ego). Darn it!

      Does anyone know if there is a time limit on ability to prosecute the hack? Does the entire world’s courts have jurisdiction, or just the location of the hacker or the owner of the property that was hacked? What if there were owners from many countries?

      • TerryS
        Posted Nov 3, 2021 at 3:18 PM | Permalink | Reply

        In UK there is a six month time limit for breaking the law regarding, say, handling FOI requests.
        The same is true of any crime that is tried in a magistrates court.
        There is nothing like statute of limitations in the UK so if you commit a crime that isn’t tried in a magistrates you can be arrested, tried and convicted decades later.

        Note: I learnt this in late 2009/early 2010 when some emails came to light revealing nefarious goings on with FOI responses. Laws may have changed since then.

  9. John G. Bell
    Posted Nov 3, 2021 at 4:28 PM | Permalink | Reply

    Luboš Motl seemed to be figuring some things out. Don’t know why I thought that. Certainly don’t have any non-public knowledge to base it on. But I remember being afraid he was going to put enough together that others might connect the dots. Obviously whoever did this doesn’t want to be in the public eye. But it would be fun to know. Do think some odd stroke of luck was involved.

    If I recall correctly you thought it was someone on the East Coast of the US?

  10. antonk2
    Posted Nov 5, 2021 at 2:08 AM | Permalink | Reply

    On BBC’s “The Hack That Changed the World: Ep 5 – The Sceptics” you can hear Steve Mosher apologizing to Phil Jones etc. He even became timid to investigate other strange but world changing data like those on “Covid” deaths. The BBC interviewer never found it weird that vital climate change data require a hack (through an open door) to come out in public, but then he was a security specialist, not a scientist.
    https://www.bbc.co.uk/sounds/play/p0b1rh9l

    Luckily our host didn’t sway in the storms of dis-info and keeps showing that a spades are spades.

    • beng135
      Posted Nov 8, 2021 at 10:57 AM | Permalink | Reply

      Thanks, that sound-bite is interesting. One interviewee brings up his “fact” that Russian “hackers” won Trump the election?!? WTF?

  11. Posted Nov 5, 2021 at 6:48 AM | Permalink | Reply

    Relating to antonk2’s comment, the BBC in its headline radio news this morning claimed that ‘former climate sceptic’ Steven Mosher had told the BBC that he wanted to apologise for his role in climategate. I thought that Mosher was, and remains, a lukewarmer.

    Gordon Corera’s conclusion is that Steve Mc’s theory that it was done by a CA reader is the most likely answer.

    • beng135
      Posted Nov 8, 2021 at 11:13 AM | Permalink | Reply

      Sounded like Moser is (embarrassingly IMO) doing alot of crawfishing there.

  12. antonk2
    Posted Nov 5, 2021 at 8:15 AM | Permalink | Reply

    A telling synchronicity: ‘quite recently’ the UEA servers involved in this 2009 sage were wiped; also both the police and a cyber security firm involved had no records to try out new cyber forensic techniques. What a friendly BBC cyber inquiry 12 years after can invoke regarding “A hack that Changed The World”.
    https://www.bbc.co.uk/sounds/play/p0b1r8ch 10.15 minutes onwards.

  13. Posted Nov 5, 2021 at 2:02 PM | Permalink | Reply

    While we whittle away at the MBH hockey stick, let’s not lose perspective. There is anecdotal evidence that at least the Northern Hemisphere was colder in the period 1700 to 1900 than it is today. Even if we throw out MBH and all the associated proxy-based estimates, it seems likely that the Earth warmed at an unusually fast rate after 1900. Even though the MBH hockey stick is not credible, there has been a strong upward trend over the past ~ 140 years. That trend has not been a simple upward ramp proportional the CO2 concentration, but rather, has been influenced by other factors as well as CO2, particularly the El Nino/La Nina balance over the years.
    When I consider alarmists, I suggest that there might be two major motivations for their behavior. On the one hand, there are those who really believe that the end of the world as we know it is at hand, and they engage in illegal, immoral, unethical behavior because they feel it is necessary to “save the world”. There are those who see climate alarmism as a means of securing untold riches in grants and contracts to study and measure this supposed calamity. I suspect that most of proxy crowd are hybrids of the two?
    The problem is that nobody knows how to correlate future scenarios of emissions with global warming, let alone the highs and lows here and there, the winds, the rainfall or droughts, the hurricanes or tornados, or the effect on farming, and more broadly, the quality of life. So, if these stalwarts are truly trying to save the world, what are they trying to save it from?
    Of all the many thousands who work in the now luxuriant field of climate change, the overwhelming majority work on this instrument or that, or study this data source or that, and very, very few are engaged in trying to process the entire global data with models to predict the future in any scenario. As little as the average climate scientist knows about the future, the politicians (who are convinced that any unusual weather is due to CO2) know even less. And it is clear from all the evidence that the global climate models exaggerate the problem as can be seen by the failure to work in the 20th and 21st centuries.
    Furthermore, these same scientists and politicians are convinced that the world can use renewables to replace all the fuels that are presently used by, that the world nations would be willing to make the economic sacrifices involved, that we can do that in a decade or two, and that this will provide the world with uninterrupted power at demand levels while ending future global warming. This seems to be a religious belief; it certainly isn’t scientific.
    So, in summary, it is warmer today. The pattern over the past few hundred years is likely to be a hockey stick if we could ever get good data for it. Where it is headed, nobody knows.

    • Posted Nov 6, 2021 at 12:24 AM | Permalink | Reply

      Donald, you bring up an important point that often gets forgotten. MBH98,99 are only of the northern hemisphere. The point is that Mann’s hockey stick could be a double hump camel in NH and for all we know. Or the SH could be a stick with no blade, cutting the MBH blade in half for the global chart. Steve’s recent posts on the PAGES proxies underscored that even if they know less than they claim about the NH paleoclimate they know next to nothing about the SH. It’s a little ironic that the CS establishment’s most frequent critique of the the LIA and MWP is that they were NH events. Though we have Antarctic ice cores but do they represent the entire SH?

  14. Duke C.
    Posted Nov 6, 2021 at 6:11 PM | Permalink | Reply

    Steve- you may not recall that Mr. FOIA left a bitcoin wallet address at the bottom of the CG3 cover letter. I ran the BTC addy through a blockchain tracer. It shows 9 “donations” to his BTC wallet contemporaneous to the CG3 release totaling 4.76 bitcoin, at the time worth several hundred dollars. There have been 0 withdrawals from this address, now totaling ~$293,000. 4.76 bitcoin has been sitting in this wallet for 8 years. That’s a hefty chunk of change to leave laying around.

    Screengrab-

  15. Coeur de Lion
    Posted Nov 8, 2021 at 10:47 AM | Permalink | Reply

    My bible on this is Andrew Montford’s The Hockey Stick Illusion. And one should take on board his points that beyond all the data malfeasance scientists shouldn’t behave like that! Silly children. Denying enquiries. ‘Gatekeeping and intimidation’. Do read Ross McKitrick’s sober deconstruction of the whitewashes – Penn U worried about losing Mann’s flow of grants, Lord Oxburgh’’s described as ‘incompetent beyond parody’ by a journalist, and so forth. It must have been an insider.

  16. Paul H
    Posted Nov 24, 2021 at 8:48 AM | Permalink | Reply

    Interesting article, Steve. I tend to agree that this was not a hack orchestrated by the Russians or some other conspriracy. Taking the statements released by Mr. FOIA at face value, and using what you have shown above, I think both point to an altogether different kind of profile. My view is that this was carried out by a concerned, concientious individual who had probably never broken the law or hacked before and who stumbled upon an opportunity and decided to act. There is enough hand-wringing internal debate in the statements by Mr. FOIA to see he tried to weigh up the perceived greater good versus personal risk. That seems an overly elaborate cover story for a would-be Russian hacker.

    If you believe what is written in the statements, you can go further with this. There are clues about Mr. FOIA’s politics, and they do not fit with the traditional left-right/Republican-Democrat divide in the climate debate seen in the anglosphere. Mr. FOIA seems much further to the left than most traditional anglophone sceptics (notwithstanding this blog’s host). Taken at face value, Mr. FOIA is primarily motivated by concern for the impact of climate policy on the world’s poorest and hungriest. In many European countries there are much greater levels of climate scepticism in the left side of politics – this is something we do not see a lot of in the visible climate debate in English.

    From all of this, my profile of Mr. FOIA is a white, middle-aged male, trained in IT but not a hacker, with social-democratic values, who was born in a country where social democratic values are prevalent, and where english is a second spoken language. That narrows it down to a handful of northern European countries and only a few hundred thousand candidates 🙂

    There are some more linguistic clues buried in the english, but that is enough speculation for one day.

2 Trackbacks

  1. By A Theory of the Hack | ajmarciniak on Nov 2, 2021 at 3:57 AM

    […] Climate Audit […]

  2. […] A Theory of the Hack […]

Post a Comment

Required fields are marked *

*
*

%d bloggers like this: