The Bible and Society

How God’s Word is True

Climategate a leak, not a hack

Posted by Mats on 26/12/2009

Climategate – Outside hacker, internal mole or whistle-blower ?

New information reveals that the now-famous break-in of the computers at the University of East Anglia— which revealed that in a few instances leading climatologists seemingly massaged data to show more global warming and discussed excluding contradictory research— in fact, may not have been the act of an intruder. A detailed analysis of the East Anglia’s files by Canadian network engineer discloses that the emails and documents were likely leaked by an internal source, spotlighting a perennial but often neglected threat — old-fashioned espionage or whistle-blowing.

The current controversy, over the validity of scientific global warming modeling and the legitimacy of Anthropogenic Global Warming (AGW), has been amplified by the recent release of hundreds of e-mails and other documents allegedly purloined from the Climate Research Unit at the University of East Anglia, in England. The common accusation has been that the e-mails and documents were accessed by a “hacker” from outside the organization.

Countless hours of broadcasting time have filled the airwaves with talk, not only of the contents of the e-mails, but also with questions about how the intruder was able to gain access to the university’s supposedly secure computer system. All this chatter, however may well be misdirected. Canadian network engineer Lance Levsen, the UNIX systems administrator for the PW Group, a major Canadian publishing firm, has generated a detailed forensic analysis of the released e-mails and files.

The Saskatoon, Saskatchewan-based Levsen re-created the e-mail distribution system at UAE over the last ten years, capturing system changes by the university’s e-mail administrators during that time. Using information contained within the files that constitute the e-mails, as well as the filenames themselves, his modeling concludes and identifies the source for the leaked documents as an internal source within the University of East Anglia. The alleged “hacker”, Levson conludes, must have been someone with administrative, or “root” privileges, to UEA’s secure computer systems.

Levsen writes that the email files were stored on a single server, as indicated by their respective filenames. The sequential, but not consecutive, numbering is actually not random, as first appears, and has been reported. The filenames are actually UNIX epoch timestamps, which create a filename based on the number of seconds since midnight, 1 January, 1970. What this means is that the files were originally saved on an archiving UNIX e-mail server, at East Anglia.

Additionally, since the protocol in use for these e-mails was “POP3” (Post Office Protocol v.3), these emails were later assembled onto another, second computer for archiving and storage. One of the features of POP3 is that the emails themselves are downloaded to the client machine, and then expunged from the original server. This means that the e-mails and documents were archived on the second server, and this second server, where the e-mails would have received the filenames they bear now.

The file structure of the original file that was released via the Internet also gives clues to the origin of the leak. The copy obtained by the Homeland Security News Wire shows a directory structure which is consistent with the archiving of important documents.This system of archiving the e-mails and documents on the second server, is, according to Levsen, fully consistent with the normal data storage compliance practices that would be conducted by a Freedom of Information (FOI) compliance officer, at a public corporation (like the University of East Anglia) in the United Kingdom.

This being the case, Levsen concludes:

“For the hacker to have collected all of this information s/he would have required extraordinary capabilities. The hacker would have to crack an Administrative file server to get to the emails and crack numerous workstations, desktops, and servers to get the documents. The hacker would have to map the complete UEA network to find out who was at what station and what services that station offered. S/he would have had to develop or implement exploits for each machine and operating system without knowing beforehand whether there was anything good on the machine worth collecting.”

In short, Levsen’s conclusion is that the e-mail and data leaks were not the result of an intrusion, they were an internal leak. Climategate was not precipitated by a hacker, but by a whistle-blower.

All this illustrates what is probably the most difficult and overlooked part of a network security – that is the people within the organization, and their trustworthiness.

An old Jewish proverb relates that “Locks keep out only the honest”, often supplemented by a more recent wit who related “There is not a lock made that can’t be picked…”There is always someone who has the key, but exactly who is that person, and have copies been made ? Computer security is often only as good as the personnel and human procedures designed to protect its integrity. The evolving East Anglia saga highlights this recurring challenge.

Mark S. Zablocki is managing editor of Homeland Security News Wire


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: