What we know about the CRU attacker, part 3.1: 16 Nov
[cite as: F. Bi. 2009. What we know about the CRU attacker, part 3.1: 16 Nov. Intl. J. Inact., 2:103]
More on the .zip file of cracked CRU material:
$ ./vomit-zip FOI2009.zip | sort -k 6 | tail -5 local-mtime 2007-02-19,11:20:22 gm-mtime 2007-02-19,16:20:22 gm-atime 2009-10-15,09:19:08 [ tz -0500 ] uid 1002 gid 1002 name FOIA/documents/marooned.jpg local-mtime 2000-12-19,09:38:54 gm-mtime 2000-12-19,14:38:54 gm-atime 2009-10-24,18:00:00 [ tz -0500 ] uid 1002 gid 1002 name FOIA/documents/mannuncert.txt local-mtime 2004-02-09,07:44:58 gm-mtime 2004-02-09,12:44:58 gm-atime 2009-11-15,17:55:23 [ tz -0500 ] uid 1002 gid 1002 name FOIA/documents/Extreme2100.pdf local-mtime 2008-01-10,09:55:40 gm-mtime 2008-01-10,14:55:39 gm-atime 2009-11-15,20:43:56 [ tz -0500 ] uid 1002 gid 1002 name FOIA/documents/trend_profiles_dogs_dinner.png local-mtime 2009-11-11,09:23:36 gm-mtime 2009-11-11,14:23:35 gm-atime 2009-11-16,07:27:52 [ tz -0500 ] uid 1002 gid 1002 name FOIA/documents/EURO4M_DoW_v2.doc
In plain English: the timestamps in the .zip file indicate that the most recent access (probably a read) to any of the files contained in the archive was on 16 Nov, at 07:27:52 UTC, to EURO4M_DoW_v2.doc. The contents of the file itself were last modified on 11 Nov at 14:23:35 UTC.
What we know about the CRU attacker, part trois: the .zip file
[cite as: F. Bi. 2009. What we know about the CRU attacker, part trois: the .zip file. Intl. J. Inact., 2:102]
I just downloaded the FOI2009.zip file containing the cracked CRU content (I used the megaupload copy), and while I don’t intend to open up the actual content inside, I did study the structure and metadata of the .zip file, and I found some interesting things:
Of the 4,662 files in the archive, 3,172 seem to have been last modified under a timezone of -0500 (somewhere in the Americas), 1,487 under a timezone of -0400, and 3 under a timezone of around -0000 (ah — now that’s closer to Britain).
The .zip file itself contains two smaller .zip files:
mbh98-osborn.zip, in which 2,171 of its files yielded a timezone of -0400, and 4 files had a timezone of -0500;russia.zip, which contains no timezone information.
All archive members with timezone information gave a user ID (uid) and group ID (gid) of 1,002, which is very close to a nice round number.
Addendum: I’ve uploaded the program I wrote to analyze the .zip file.
Update 2009-11-29: There was a bug in the program which may potentially cause incorrect output for certain .zip files. It’s been fixed.
Climategate, where unauthorized eavesdropping is a heroic deed
[cite as: F. Bi. 2009. Climategate, where unauthorized eavesdropping is a heroic deed. Intl. J. Inact., 2:101]
Remember the Watergate scandal, in which the then US President Richard Nixon was forced to resign after being implicated in wiretapping attempts on the political opposition? Now the global warming inactivists are calling the recent cyber-attack against CRU by the name “Climategate”. Apparently they now think that unauthorized eavesdropping is a very heroic and noble deed.
In any case, the ‘independent, non-partisan’ climate inactivist groups such as the International Climate ‘Science’ Coalition and the Heartland Institute have lost no time trying to report ‘independently’ and ‘non-partisan-ly’ on the “Climategate” affair. Joseph Bast of Heartland writes:
Last week, someone (probably a whistle-blower at the Climate Research Unit at the University of East Anglia, England) released emails and other documents written by Phil Jones, Michael Mann, and other leading scientists who edit and control the content of the reports of the Intergovernmental Panel on Climate Change (IPCC). [...]
It is possible that the emails and other documents [leaked from CRU] aren’t as damning as they appear to be on first look. [...] Looking at how past disclosures of fraud in the global warming debate have been dismissed or ignored by the mainstream media leads me to suspect they will try to sweep this, too, under the rug.
No, Joseph. They’re not damning even on first look. That’s why Bast needs to tell you what to think about the e-mails before you ‘read them for yourself’.
What we know about the CRU attacker, part deux
[cite as: F. Bi. 2009. What we know about the CRU attacker, part deux. Intl. J. Inact., 2:100]
Update on the attacker who stole and uploaded private e-mails from the Climatic Research Unit (CRU) of UEA: Gavin at RealClimate has answered my query about the attacker’s initial attempt to upload the e-mails to the RealClimate site:
Can you reveal more about the attempt to upload the file to RealClimate? Did the cracker crack into realclimate.org too, or is there already a publicized feature on realclimate.org allowing third parties to upload data? Where did the upload come from? etc.
[Response: I was wondering when someone would ask. It was a hack into our server around 6am Tuesday. The IP address was from a computer in Turkey. - gavin]
So we know that
- the RealClimate upload attempt came from a machine in Turkey (!!!!!); and
- the attacker had access to the e-mails and files of an entire department.
At this point it should be clear that the attacker is most likely not just a “whistleblower” from the inside who logged in and out the usual way — and even if he’s an insider who doesn’t happen to be a cracker, he’ll have to be a pretty security-savvy insider with rather broad computing powers and privileges, such as a system administrator. And insider or not, he definitely tried to crack into another web site — the RealClimate site.
So what else can we find out about the CRU attacker? Where do we go from here? Good question…
What we know about the CRU attacker
[cite as: F. Bi. 2009. What we know about the CRU attacker. Intl. J. Inact., 2:99]
Kevin Grandia issues a challenge:
Who stole all this private data from [the Climatic Research Unit of] the University [of East Anglia] in the first place?
[...] Terry Hurlbut at the Examiner has a time line of the stolen data going public which is a good start. I am sure one of our intrepid readers will get to the bottom of this. Tell you what. I’ll race you.
Well, right now what we know is that the attacker
- is familiar with climate conspiracy theories;
- knows about how to upload a huge file to an
incoming/folder on a Russian server,tomcity.ru; and - initially tried to get the information uploaded to
realclimate.org.
Clearly not your usual “i r 31337 h4×0r u haz b33n pwn3d!!!!!!”, but other than that, there’s not a lot to go on in this case (at least for us). Perhaps the only useful lead is the initial attempt to upload to RealClimate; I’ve asked the RC folks if they can furnish any further details on it.
Update 2009-11-22: I forgot to mention one other thing we know:
- TrueSceptic reports over at Greenfyre’s blog that the e-mails in the
.ziparchive all have a modification time of 1 Jan 2009 00:00. Why the attacker felt compelled to doctor the file modification times is anyone’s guess.
“Integrity”, “affiliates”, “allies”, and being “silenced”
[cite as: F. Bi. 2009. "Integrity", "affiliates", "allies", and being "silenced". Intl. J. Inact., 2:97--98]
Primo
While global warming inactivists continue to yammer on about the supposed global warming ‘conspiracy’ ‘revealed’ by the cracked CRU e-mails, Tom Harris has apparently been asking for money for his brainchild climate inactivist group, the International Climate ‘Science’ Coalition. On the ICSC server there are three content pages which look like some sort of draft request for funding, though I’m not sure if the request is directed at the public, at organizations, or both. [cached: 1, 2, 3] (As of writing, none of these pages have appeared on Google.)
Most of the content comprises things we already know — particularly about their astroturf tactics, but there’s some interesting stuff: (more…)
And the Russian server hosting e-mails cracked from the Climatic Research Unit was…?
[cite as: F. Bi. 2009. And the Russian server hosting e-mails cracked from the Climatic Research Unit was...? Intl. J. Inact., 2:96]
Quirin Schiermeier reports:
[...] The University of East Anglia’s Climate Research Unit (CRU) in Norwich confirmed today that e-mails and documents dating from 1991 to 2009 were illegally copied and subsequently published on an anonymous Russian server.
A link to the Russian server first appeared on 19 November on a relatively obscure climate-sceptic blog. The server was shut down just hours later, but the stolen material had already been distributed elsewhere on the Internet.
So I thought to myself, “which Russian server was it, and which obscure blog was it exactly?” After chasing down web links for a while, I landed up on Andrew Bolt’s blog entry [cached] which gave a link to a Russian-sounding web page: http://ftp.tomcity.ru/incoming/free/FOI2009.zip. (The link is broken however, and changing the protocol from http:// to ftp:// gives a “Connection refused” error.) Then again, I’m not sure Bolt’s blog counts as an “obscure” blog, so perhaps Schiermeier was referring to some other web site(s).
Meanwhile, the climate inactivists’ conspiracy-laden interpretations of the e-mails clearly pale in comparison to the things that inactivists have said in public. Greenfyre has more.
Update 2009-11-22: Kevin Grandia issues a challenge to “get to the bottom of this”. And, some things we know initially about the attacker.
Update 2009-11-23: There was an initial attempt to upload the .zip file to realclimate.org, and it was a crack attempt coming from a machine in Turkey.
Update 2009-11-27: Timestamps on the individual files in FOI2009.zip indicate they were archived on a machine under a timezone of -0500 or -0400.
Update 2009-11-28: The most recent access to the individual files was on 16 Nov.
You are in a twisting little maze of think-tanks, all different: a new interesting finding
[cite as: F. Bi. 2009. You are in a twisting little maze of think-tanks, all different: a new interesting finding. Intl. J. Inact., 2:95]
Here’s a huge update to the diagram of global warming inactivist web sites. Besides incorporating the recent information on the web sites surrounding the America’s Power Army, the Prague Network, and the Heritage Foundation’s overcriminalized.com, it also includes, well, something interesting.
It shows — perhaps for the first time in the world? — a PR web site which hyperlinks to both the right-wing ‘think-tank’ network and the coal-funded ‘Clean Coal’ ‘movement’. (Look for “MJ Brunner Inc.”.) Have lots of fun.
Heritage Foundation has a notion of … freedom
[cite as: F. Bi. 2009. Heritage Foundation has a notion of ... freedom. Intl. J. Inact., 2:94]
Brian D mentions a web site overcriminalized.com which was owned by another of those free-market ‘think-tanks’ — the Heritage ‘Foundation’. It protested against what it claims is the overuse of criminal law (in preference over civil law) in the prosecution of things like acts of negligence, and gives the following case study:
Every tragic story that garners public attention seems to be addressed by adding to an increasingly long list of criminal laws. To illustrate the problem, Judge Bing cited the “Careless Driving” law. After a young woman was tragically killed in a car accident where the other driver was at fault but was not intoxicated or otherwise driving dangerously, her father started a campaign to enact a criminal law against “careless driving.”
Yeah, someone died… big deal! Just another sob story that rational-minded people should simply ignore! So what will a real tragedy that requires criminal legislation look like? Let’s see: [cached]
The truth is, there is no difference between shoplifting a DVD from a store and illegally downloading a copyrighted movie from KaZaa. Stealing intellectual property is just as wrong as the theft of “real” property.
Hmm. I think I’m starting to understand why global warming is a non-problem and why we should do nothing about it. (more…)
Heartland Institute has a notion of software freedom
cite as: F. Bi. 2009. Heartland Institute has a notion of software freedom. Intl. J. Inact., 2:92–93
I have to admit, I’m somewhat uncomfortable with writing about global warming inactivism, because climate is such a diffuse phenomenon which I can’t simply directly tinker with in a lab. Thankfully, our old climate inactivist friend, the Heartland Institute, started talking nonsense about computer software, something I have somewhat more experience with. After publishing an essay by one James Lakely on their web site about the oh-so-scary Marxist plot behind the Free Software movement, they’ve put up another essay by Lakely which says this: [cached]
Apple has approved the creation of more than 65,000 applications (apps) for its wildly popular iPhone.51 Yet this year, it denied one — Google Voice — for the very good reason it would supplant the iPhone’s core software design and functionality. That decision by Apple prompted the FCC in the summer of 2009 to launch a net neutrality-related inquiry, creating the impression that anything less than approval of all applications may be presumed to be a violation of the FCC’s broadband principles. That is alarming, and absurd. [...]
If a manufacturer or carrier does not have the latitude to reasonably restrict applications to ensure they abide with contracted terms of use and a viable business model/offering, then a provider effectively would have no property rights under the U.S. Constitution. That wireless provider also would have no meaningful design, operating, or business role to differentiate its product or service from competitors. [...]
As more and more smart phones, netbooks, notebooks, and laptops are enabled to exploit wireless broadband, where would the line logically be drawn where the FCC’s wireless innovation regulation would stop? [...]
Well, as you may remember, the other day I wrote a program which crawls through web sites and IP addresses. In the current proto-Marxist regime, I can just load up the program and run it:
$ ./labyrinthvs.pl go http://climatescienceamerica.org/
labyrinthvs: created directory /home/.../.labyrinthvs
labyrinthvs: created db
labyrinthvs: rolled back any uncommitted db changes
labyrinthvs: created any uncreated tables and indices
labyrinthvs: created web ua LABYRINTHVS libwww-perl/5.805
labyrinthvs: added pending url http://climatescienceamerica.org/ (priority 4a957c61.00000000)
labyrinthvs: processing url http://climatescienceamerica.org/
labyrinthvs: ... resolved climatescienceamerica.org to 68.178.254.234…
Now, if I live in a capitalist world with clear product differentiation and perfect respect for property rights, I’ll probably first need to submit my application to the PC manufacturer for approval, perhaps like an acolyte of yore:
Acolyte (me): O Great Computer Manufacturer Most Wise, Most Capitalist, and Most Free, would you approve my application, that I may use it to perform computations in your honour?
Then the Great Computer Manufacturer will carefully scan my program code for any signs of Marxism, or anti-Apple sentiment, or criticisms of Thomas Jefferson — and if all’s clear, they’ll finally tell me that my software has been approved for running, in accordance with the property rights protections as codified in the Constitution of the United States.
In other news, the Bonner and Associates fiasco continues.
![[RSS Feed]](http://frankbi.files.wordpress.com/2008/10/rss.png){kind=small}
![[Add to Technorati Favorites]](http://static.technorati.com/pix/fave/btn-fave2.png){kind=small}
4 comments