Comment: Did Russian Intelligence Hack Climate-Change Emails?
December 7, 2009 16 Comments
Tomsk, Siberia
By JOSEPH FITSANAKIS* | intelNews.org |
For over a fortnight, the world’s news services have focused on the so-called ‘Climategate’, the hundreds of University of East Anglia’s Climatic Research Unit emails that were hacked from the university’s server and leaked onto the Internet. The stolen emails, some of which date back to 1996, have reignited conspiracy theories about the role of human activity in climate change. But there is surprisingly little discussion about who hacked into the university’s server and stole the personal emails.
British newspaper The Daily Mail says it has information that points to a server in the Siberian city of Tomsk as the originating mainline point of the hack attack. The paper alleges that the cyber attack has been traced to Tomcity, a high-speed Internet server in downtown Tomsk, belonging to Siberian Internet service provider Tomline.
What is interesting about The Daily Mail’s allegations is that Tomsk, located near Siberian metropolis Novosibirsk, was until recently a closed city, or what the Russian government calls a “closed administrative-territorial formation”. It is a complex of scientific research centers, including the Tomsk State University and a host of uranium and plutonium plants, which remained closed to foreigners until the early 1990s. Some of it, such as Seversk (also known as Pyaty Pochtovy until Stalin’s death, and Tomsk-7) with a population of 109,106, remain closed to outsiders even today. As a result, large parts of Tomsk’s Internet infrastructure are administered by the Russian military and, as The Daily Mail correctly notes, the entire Tomsk Oblast (administrative division) is “closely monitored by the FSB”, the successor agency to the Soviet KGB.
The investigation into the hack attack is ongoing, and some cyberespionage experts suggest there is no “hard evidence” that the hacking was carried out from within Tomsk. But there is no denying that, in the words of a Russian hacking expert, the cyber attack was “a sophisticated and well-run operation that had a political motive, given the timing in relation to [the United Nations Climate Change Conference in] Copenhagen”, Denmark.
It is worth noting that the world’s intelligence agencies have recently begun to display substantial interest in climate change and the energy politics associated with it. In October, the CIA announced the establishment of its Center on Climate Change and National Security, despite fierce opposition by Republican lawmakers.
* Dr. Joseph Fitsanakis has been writing and teaching on the politics of intelligence for over ten years. His areas of academic expertise include the institutional analysis of the intelligence community; the interception of communications; and the history of intelligence with particular reference to international espionage during the Cold War. He is co-founder and Senior Editor of intelNews.org. His latest writings for intelNews.org are available here.
About intelNews
intelNews.org 
I first heard about Climategate on Russian Evening News. I then searched Google News and there were barely any stories on it. The Russian Mainstream Media picked up the story far faster than the rest of the world.
I second this. Generally speaking US mainstream media are extremely slow in picking up international news stories that are picked up very fast by Russia, Chinese, Indian, and other media.
Actually, there has been quite a lot of discussion on the various climate blogs about how the emails came to be publicly released. The one thing that most commenters seemed to agree on is that the emails were clearly heavily edited to include only the most relevant (and damaging) climate-related material. Also, it doesn’t seem really clear if the person(s) who collected and edited the emails also leaked them, or whether a lucky hacker found the collected emails, or what have you.
The idea being promoted in English-language news that a malicious hacker somehow broke into many different accounts and systems and just happened to put together the most revealing material out of hundreds of thousands of records doesn’t make sense.
I would have to agree with the previous comment and with the above article, that the hacking was a pro job, and not some bored 16-year old kid who just happened to stumble onto the emails.
The FSB responds in a new Daily Mail article:
“A Russian intelligence source claimed the FSB had new information which could cast light on who was behind the elaborate operation.
‘We are not prepared to release details, but we might if the false claims about the FSB’s involvement do not stop,’ he said. ‘The emails were uploaded to the Tomsk server but we are sure this was done from outside Russia.’
The Kremlin’s top climate change official, Alexander Bedritsky, denied the Russian government was involved in breaking into the CRU’s computer system.
‘You can post information on a computer from any other country. It is nonsense to blame Russia,’ he said.
http://www.dailymail.co.uk/news/article-1235395/SPECIAL-INVESTIGATION-Climate-change-emails-row-deepens–Russians-admit-DID-send-them.html#ixzz0ZaMKk7RV
There is a lot of speculation that a whistleblower at UEA may be named.
You mean a whistleblower at UAE, the United Arab Emirates?
University of East Anglia.
The Russian IP address was not used to connect to the UEA computer system, but rather was logged by RealClimate.org as originating the “hack” on their server which was used to upload the data to them, *after* that person had already acquired the FOIA.zip file somehow.
Furthermore, IP addresses in Turkey and Saudi Arabia were also used by this person, and nobody is accusing those countries of involvement. Indeed, it is quite implausible that the FSB would have used a Russian IP address for something of this magnitude.
A somewhat more reasonable explanation is that the person involved (who was clearly quite clued up on computing, since he hacked into the RealClimate server) was using the Tor network, which assigns the user random proxy IP addresses from around the world.
This would explain the use of a number of different IP addresses, and in fact might also explain why an IP address with a possible connection to the Russian government was used: governments around the world deploy Tor “exit nodes” in order to monitor the more interesting and unusual activities that take place over this network, because data exiting the Tor network is (necessarily) unencrypted and therefore accessible to anyone running an exit node.
P.S. This would also perhaps explain why the Russians are holding back on publicly explaining what they know about it:
a) They don’t know who did it, because all they have is the data from the Tor exit node, from which it is not possible to determine the real point of origin.
b) They probably don’t want to admit that they have access to data from Tor exit nodes operating in their country (even though everyone knows this already).
It might be worth mentioning, lastly, that the above article (and the one in the Daily Mail) seems to assume the UEA was “hacked”, when in fact there are cogent reasons (as discussed elsewhere) why the apparently pre-packaged data may have come from a disgruntled insider who was aware of the FOIA request or who had other reasons (perhaps moral ones) to want to blow the whistle.
Thanks for that info, Ian!
A little follow-up: looking at current maps of the Tor network, there are relatively few Tor nodes in Russia, Turkey and Saudi Arabia, so on the basis of probability it looks more like the person involved wasn’t using Tor, but was more likely selecting internet proxy servers via some other means. This doesn’t really affect the issue of who did it — I still think there’s nothing to implicate Russia — but might mean that the owners of those proxy servers have a good idea of whodunnit, as Russia has claimed. I note that accusations against Russia have diminished following their comments, so maybe that is the case.
wow hot news ever i see
I wrote two articles about this. The Russians’ now claim the Chinese did it. I think it was the Russians.
http://legendofpineridge.blogspot.com/2009/12/tomsk-hackers-and-russias-fsb-part-ii.html
Erm, yeah, let’s start believing the FSB :-P
More credibly, “Big Journalism” points to an inside source, who gave a copy of some of the emails to Steven Mosher *before* it was released onto teh interwebs:
http://bigjournalism.com/pcourrielche/2010/01/10/peer-to-peer-review-part-ii-how-climategate-marks-the-maturing-of-a-new-science-movement/
http://bigjournalism.com/pcourrielche/2010/01/12/peer-to-peer-review-part-iii-how-climategate-marks-the-maturing-of-a-new-science-movement/
Of course this is all second-hand…
Well, it looks like the actual timeline is not as it was portrayed in those stories, so Mosher is off the hook. Interestingly, samizdata.net speculates that maybe it wasn’t a hack *or* a deliberate leak:
http://www.samizdata.net/blog/archives/2010/02/was_climategate.html
Less conspiracy, more cock-up…
nice thread, thanks . i like ur weblog.