Unrelated, but your book finally leaked through my door this morning. Thanks! I look forward to reading it.

Best regards

Don't forget the code - the program files. It looks like a leak to me - a whistleblower.

At one time I thought that the climate scientists believed their own theories and had convinced themselves that they knew what was going on and that their own models and theories were valid. Some kind of group think and confirmation bias coupled with an urban-eco world-view. ( aka Guardian-lentil worldview )

The emails revealed that they knew the whole thing was a crock and openly discussed this among themselves. They just wanted to milk it while they could.

An insider could see all this and after wrestling with his/her conscience decided to blow the gaff. This was a brave and principled move. Taking some personal risk in terms of actually building the file archive, copying it around, but before this the feeling of betrayal of colleagues and possibly friends. Hats off to the leaker.

I agree with Jack Hughes.

Whether the e-mails were hacked or leaked is not the real issue. What is infinitely more damning is the contemporaneous notes in the computer codes.

Let's play a new game called "Inspector Clouseau" -- or if you prefer "Clueless."

First question is if it were (please note subjunctive mood) a hacker, who would it be? Obvious suspects: "The Russians", "The Chinese", "The Whoevers".

Okay, let's assume that it is these "hackers". Unfortunately, they are far too busy stealing (1) military information, (2) industrial information or (3) your bank account to have time to dabble in Climatology records. What is their reason for collecting such information? What do they make off of it? Far better to get your credit card number, CCV and a nice new digital 1.5 meter flat screen tele. These people work hard and are not fools enough to spend their time on "saving the world".

Okay, so let's just assume that it is a very bright young person who is concerned about the false data regarding global warming. Now such a person would have to have better skills than Wadard, but I suspect that Atomic Hairdryer or I could do it. But why? Hell, just sit back and watch the house of cards tumble and besides I, at least, have no interest in becoming some bad man's girl friend. I much rather stay home and pet me cats and dogs. (I assume the same for Atomic Hairdryer).

And if I wanted to use these skills, which I have no intention of doing, I would be after your bank accounts instead. I mean, if I were (please note subjunctive mood) to do this, I would be stealing Phil Jones credit card and not his damaged data.

It does not take a Inspector Clouseau to figure out that it was an inside job. I would look at Harry of the Harry_read_me files first. If not him, someone close to him. That file, in and of itself, is the smoking gun. Why was it included? The emails a hacker could have found. But that file?

No, like most murder investigations, I would look first and hardest at those closest to the victim.

Harry did it -- with a computer -- in the lab -- after dark and a couple stiff drinks. (If you play CLUE).

How would you like to have been put into the position of the FOI officer? To have been coaxed or cajoled into not complying with an FOI request on the say so of one of the subjects of the request.

Do they even have any transaction logs for the servers in question? Who was accessing what systems and when? Maybe the stuff in the FOI file was stored in public folders or on devices with minimal security within the organization, in which case they don't have a prayer. Someone with administrative rights could have been using an obvious password, and if that were the case, the investigation will be dead in the water.

It doesn't take long to review electronic logs, assuming that there were any to review. The longer that this investigation drags on, the less likely it is that they are going to identify the leaker, imho. I beginning to think that they don't have a prayer or a clue or both.

Oddly ,I think this "Hypothetical explanation" by a member of the hockey team's cheer squad is the most realistic I have read.

http://www.courant.com/news/opinion/editorials/hc-thorson-warming-e-mails.artdec17,0,5106364.column

QUOTE//
Alternatively, it's just another gray day on an English campus. An ordinary lab director skips breakfast, drives to work and begins dealing with the daily e-mail deluge. In various messages, he advises colleagues to substitute a series of poor-quality tree ring data with better data. Later, in a regrettable lapse of judgment, he asks these recipients to delete the correspondence, fearing that it will be misconstrued and misunderstood by politicians.

Suspecting a case of data fudging, an in-house colleague tips off the university administration, which creates an ad hoc internal investigating committee. After careful scrutiny, the committee verifies that the data management techniques were acceptable, that the terms "trick" and "hide the decline," were figures of speech taken out of context and that the substituted data series had no real effect on the climate consensus. They exonerate the lab director of academic misconduct, but reprimand him for his sloppy handling of FOI requests and his disparaging remarks about other scientists. The following day, he walks across the parking lot preparing to send a few e-mails. The media never hears a word. The ship of science rights itself.
// END QUOTE

Seems possible to me that one or 2 of the internal investigators where a little peeved at what was in effect brushing a very serious issue under the carpet, to save the UEA from some serious side effects. It would have also been seen as a lot of time wasted by them, if you think for a moment how long that file must have taken to prepare.

The file FOIA1.ZIP possibly being the result of an internal investigation by UEA themselves can be backed up by anyone with knowlege of the information contained in email headers and Unix file naming conventions. It should also be possibe to determine who one of the 2 people who leaked the file is. I am sure the police investigators have an investigator with the necessary skills.

I guess there is a bit more to the e-mails than just what is mentioned in the quote above.

And if the FOIA-file was the result of an internal investigation at UEA, why would they not have made this public?
There would be no harm for UEA to reveal an internal investigation into the workings of their climate research unit, if they were confident in the outcome being correct and able to stand up to scrutiny.

Pet my cats & dogs? Well, at the moment I'm stroking my nice new book. The Illusion landed through my letter box with a nice silky coat and that fresh book smell. I would like to get a collie at some point in the near future though.

I don't entirely discount a hack. When the Science Museum ran it's online poll, someone, and I can't remember whether that was via CA or Wattsup wrote a script to vote for scepticism. They were roundly criticised for that behaviour as being very unethical. Others wrote scripts to track voting patterns and noticed some of the same behaviour from the warm side of the debate. Both sides of the debate have people that are highly educated and skilled.

We know data has leaked before, for example the previous mole hunt that turned out to have been documents left on an insecure anonymous FTP server. We know this embarrased CRU and they closed that down. We also know though that people probing or trawling CRU for data was a concern to them. But we also know from the Harry file that CRU did not seem to take it's data very seriously. It had no data mananger and seemingly no data management system that would allow documents to be checked in/out, version controlled and access logged.

So security seems to have been pretty lax. But then it's an academic institution that collaborates on research, so 'needs' to make data available. From my own experience, designing security in that kind of environment is very challenging because the customers are experts, all with their own special needs and established work practices that often conflict with implementing good security policies and systems. If they don't have a security culture or mindset, they typically waste thousands on state of the art security systems, then pressure from their users makes them open so many holes they may as well not have bothered.

So back to the story. According to the wiki article on this, there seem to be 3 'hacks' linked to create some grand conspiracy. CRU, RC and Dr Weaver in British Columbia who complains people tried to break into his offices. I'm ignoring Weaver given it's unfortunate that criminals regularly break into universities looking to steal IT equipment. Their open nature makes that easier, and again it's why universities should have good data management and archival systems. Cost of a laptop or server may be inconsequential to the cost of losing years of data that may have been on it and not backed up. Sometimes this may be industrial espionage dressed up to look like common theft, most times it's just common theft.

So two connected hacks. One to get the data, one to publish it. I consider those to be the same event. The content of the data may have some clues. It was advertised as a random selection, but doesn't look that random. I've been following the debate for a few years, but this contained things I wasn't aware of and I don't know the significance of. So to my mind, the hacker would have needed both the skills to get into the network and the skills to select the data. A casual hacker would probably have just grabbed everything, mirrored it and left people to pick through it. Conversely, an insider may have done the same thing to deflect attention away from themselves. The more specific the data leaked, the easier it often is to identify the source by what they had access to or knowledge of.

So for me, if it was a hack, it was a sophisticated one to have been able to select the data that was eventually released. There seems only to have been a short amount of time between the last email and the release to filter the data and prepare the release package. Alternative is someone got lucky and found the FOIA file or folder pre-packaged. Quick touch of the data to change dates and a quick cleanup, giftwrapped goldmine.

But then why bother to release it via RC? If it was a present for the sceptics, why try placing it on a site many don't bother reading because of the style and content? Why not go straight to the sceptic sites and place it there first if it was intended as a gift to the sceptics? Maybe this was an ego thing to try and embarass RC.

As the UEA says, the data was from a server that could not be reached easily, or released inadvertently. Presumably they're referring to an outsider though, rather than an insider. An insider would have the skills and knowledge required to assemble the data for effect. They probably would also have been familiar with using proxies to disguise browsing. The emails show they took some interest in what was being said on the blogs, and it's fairly common practice to use proxies to visit 'hostile' sites and disguise those visits or articles of interest.

To me, it points more towards an insider. They have the knowledge, they have the opportunity, they may have the motiviation. My suspicions are someone had a crisis of conscience and leaked the files. This could be someone on the FOI side given they would have some legal responsibility in that role, but then I doubt they'd chose to release the data by attempting to hack RC. That would after all have been criminal. If it was someone who already had admin access to RC with a crisis of conscience, it makes more sense.

As Mosher points out, hacking isn't always just software and hardware, but also wetware and social engineering. CRU and it's followers call it a hack because that's easier to believe than the possibility that one of their own has lost their faith.

We know Jones has taken a leave of absence, but has anyone looked to see if other likely suspects have been due to attend conferences etc, but withdrawn?