Monday, December 07, 2009


The newspapers are playing the "Russian hackers" story big this morning, with The Daily Scarygraph a new entrant to an already crowded field, parading the headline: "Climategate: was Russian secret service behind email hacking plot?"

Note, as with most other papers, the question-mark at the end of the headline, signifying, as it did with the Mail on Sunday that the story is unsupported speculation.

That is even how the Scarygraph opens its non-story, nevertheless attempting to give the fabrication the impression of substance by telling us that: "There was growing speculation on Sunday that hackers working for the Russian secret service were responsible for the theft of controversial emails in the 'Climategate' scandal."

The only thing "growing" about the speculation is the number of newspapers willing to publish it, which makes it no more powerful, nor any more true than when the Sunday media brought it up yesterday.

How the non-story has been treated is, however, a fascinating case study of how the MSM – so keen to assure us of its serious credentials - can build a story out of absolutely nothing, using misleading language, innuendo, conjecture and juxtaposition, plus all the other tricks of the trade which make the media so loathsome.

Some of if, of course, looks so innocuous, such as the Scarygraph opening its narrative by telling us that: "Thousands of emails, from the University of East Anglia's Climatic Research Unit (CRU) were first published on a small server in the city of Tomsk in Siberia."

It is the word "published" which is so misleading, but this we have to find from the blogs and forums – not the MSM. More accurately, the folder containing the files – with the URL "" - was deposited on the "incoming" data storage section of a server, a section which is accessible to any internet user in the world with access to the world-wide web. It requires neither the knowledge nor the permission of the server-owner for material to be thus deposited.

The key word, therefore, is not "published" but "deposited", and there it would have remained unheeded until – as happened – the location was broadcast ... for other people then to download, and then publish the contents.

From the very start, then, the crucial issue is that this is a publicly-accessible server which can be reached from anywhere in the world. Furthermore, Russian servers are particularly attractive to people who wish to lodge material on the internet anonymously, as the Russian authorities are distinctly unhelpful when it comes to revealing the addresses of computers used to upload material onto servers in their territory.

Thus, the fact that the material was placed on a Russian server gives no clue whatsoever as to the identity of the person (or persons) who uploaded the material, or of their location. The newspapers, therefore, have to invent a connection and a "motive" in order to forge a link. The Scarygraph does this, as do many of the others, by telling us:
Russia, a major oil exporter, may be trying to undermine calls to reduce carbon emissions ahead of the Copenhagen summit on global warming. The CRU emails included remarks which some claim show scientists had manipulated the figures to make them fit the theory that humans are causing global warming.
We then get much other – completely extraneous detail about Russian hacking, and the involvement of Russian state services - all serving to build up a history of such activity in the country, all lending spurious authenticity to the speculation. But nothing so offered adds a shred of evidence to that speculation. It is totally irrelevant.

At least The Times is slightly more circumspect – but only very slightly. It states that the "Russian connection" to the controversy ... raises suspicions of a state-sanctioned attempt to discredit the Copenhagen summit involving secret service espionage. "But," it adds, "it could as easily have been the work of freelance hackers hired by climate-change sceptics."

This is, of course, speculation on speculation, as there is no public domain evidence (yet) that a hacker was involved in obtaining the material. Here, therefore, the papers rely on the "talking head" technique, relying on speculation from a third party. This is Jean-Pascal van Ypersele, vice chairman of the IPCC.

He very obligingly tells the media that, "It's very common for hackers in Russia to be paid for their services," adding, "If you look at that mass of e-mails a lot of work was done, not only to download the data, but it's a carefully made selection of e-mails and documents that's not random at all. This is 13 years of data and it’s not a job of amateurs."

This, of course, elides two different issues. For sure, the material is very selective. But it would have needed someone to know what they were doing to pick such a careful and relevant selection of material. And so carefully to select the material over such a time-span would have taken weeks of work (not necessarily by one person). That almost rules out a hacker - a hacker could hadly get the period of extensive, uninterrupted access needed to access and pull together all the files.

Given the name of the folder (FOI2009), the speculation is that the files had been gathered by the University of East Anglia itself, in response to a Freedom of Information exercise, which had not been released.

How they then came to be uplifted and ended on a Russian server, is not yet known publicly - and may never be known. Whoever sent them, though, had higher than average computer skills, as key identifying material (known as meta-tags) had been removed, and date stamps had been altered or removed.

As to the Russian server, the Mail on Sunday falsifies the picture by telling us it "understands" that "the hundreds of hacked emails were released to the world via a tiny internet server in a red brick building in a snow-clad street in Tomsk." That the server is "tiny" is an invention. But we do know that it is owned by Tomcity, which just happens to be a major internet service provider in the city. Furthermore, its parent company, Tomline, is a major telecommunications company.

Another fabrication then follows from The Mail on Sunday, when it tells us that server "is believed to be used mainly by Tomsk State University, one of the leading academic institutions in Russia, and other scientific institutes." The company is a public internet provider. The paper has not spoken to the company – that, it admits. By its own admission, it is inventing this snippet, which is irrelevant anyway.

Much other lurid detail follows, all totally irrelevant and providing no evidence to support the speculation. But this assertion from the paper is priceless: "It is not known if they have fallen under suspicion as part of the police investigation," it says. It is not known if David Cameron has fallen under suspicion either. And the point is?

Almost parodying its own "investigation" though, the paper towards the end of its fiction informs us that a Russian hacking specialist had told it: "There is no hard evidence that the hacking was done from Tomsk, though it might have been. There has been speculation the hackers were Russian." He adds, for good measure, his own speculation: "It appears to have been a sophisticated and well-run operation, that had a political motive given the timing in relation to Copenhagen "

As to fact, what do we know? Well, the website Air Vent was contacted at 9:57 pm on 17 November on its comments site, with information of the location of the folder, and some details of the files together with a message. The entry had been posted from a proxy server in Saudi Arabia, which means it could have come from anywhere in the world.

Before that, at around 6.20am (EST) on 17 November, an unknown person hacked into the RealClimate website server from an IP address associated with a computer somewhere in Turkey. We are told they disabled access from the legitimate users - which is hardly a sign of an expert hacker, if it happened - and uploaded a file on to the server. They then created a draft post that would have been posted announcing the data to the world that was identical in content of the comment posted on the Air Vent later that day.

The "Turkish" server was another proxy, so the originator could again have been anywhere in the world.

The same message, and .zip file, was also posted several hours before the one at the Air Vent, at Steve McIntyre's blog, Climate Audit. According to McIntyre, "The IP address of the commenter at CA was Russian" It was another proxy server.

Whoever did this – whether one person or several - could be anyone in any government, or it could simply be sophisticated techies, who also, if Real Climate is to be believed, knew how to "disable access" on that blog - people who might, for example, have gained administrative access through obtaining a password (easy enough to do) or by by-passing the security protocols.

Nothing we know answers the question of who actually collected and released the files, or where they (or he or she) were when they did. The Russian "connection" is speculation, as is almost everything else offered by the newspapers on this subject – a torrent of idle, ill-informed gossip which typifies our modern-day media.