Tuesday, December 20, 2011

Evil Bunny, Evil Thoughts

Much buzz about the warrants, demands for information and seizures of computers and similar at Tallblokes, Jeff Id and the dread Steve's. Eli has been thinking evil thoughts, not that any of these folk (well, ok) actually were involved in the theft (lets be honest) of emails from the CRU, but that there was more that met the eye. J. Ferguson at Lolita's Rondez Vous and Mus Farm put it in words
Somehow I keep thinking that the warrants and the raid at Tallbloke’s are to create the impression that they are the method by which some piece of information which is about to be acted on was obtained.

This rather than revealing the extent and quality of their web surveillance.

Which everyone ignored, but No Such Agency throws a wide net out there from Fort Meade in nearby scenic Laurel, MD. Further you would not think that they would risk exposure on something minor in the run of national security to go after the CRU hackers. They are looking for bigger fish, or as likely, some of the big fish are involved in the CRU hack, and Tallbloke is unlucky enough to have a key piece of the puzzle sitting on his hard drive. How do the spooks know it is there. Silly Rabett.

63 comments:

  1. If the NSA cared who hacked the emails, they would presumably know. I don't suppose they do care (surely it's below their radar), and maybe they don't know. I find it inconceivable that the Puzzle Palace would see fit to assist any law-enforcement agency in sorting out the CRU hack.

    I have always found it entertaining when crypto-anarchists fantasize either that the three-letter agencies might be interested in their petty secrets, or that their algorithms would protect them from such interest. That's neither a rational threat model nor a sane capability assessment.

    If the CIA wants to know what Alice says to Bob, they can put a mike in the room, a snooper chip on the motherboard, a tap on the wire, a tempest scope across the street, $10K in a plain envelope under Bob's door, or Alice on a plane to Gitmo.

    ReplyDelete
  2. No Nick, the point is that this is a wedge for them to something bigger.

    ReplyDelete
  3. "How do the spooks know it is there."

    It's not that difficult to discover and track the handful of blogs that make up the bulk of the denialspherical ecosystem. You could just go down the list of invitees to that conference in Portugual from a year or so ago. I suspect DoJ is capable of doing that without any help from "spooks". It's not that hard, then, to look for posts from "FOIA" and ask for the computers etc of the blog hosts where "FOIA" spreads his blessings.

    ReplyDelete
  4. The leaking of documents just before the President of the United States and Secretary of State attended a major international conference? Jeez, they surely do not come much larger than that, as hackings go. I think the security services would feel they need to know who is pulling the strings there.

    At the very least, they would need to know who has the capability to pull off a stunt like that. Many US universities do work for the Feds, and their e-mails are just as vulnerable as UEA's.

    So Eli may have a point .. all the thrashing about in the undergrowth may be cover for what is already known. But that means something will break in the coming months.... let's hope.

    Toby

    ReplyDelete
  5. Some hints that the Ruskies wot done it. That might excite spooks who otherwise have too little to do...

    ReplyDelete
  6. Toby:

    "At the very least, they would need to know who has the capability to pull off a stunt like that."

    A large number of script kiddies, unfortunately. Sony's playstation mothership got hacked by a friggin' SQL insertion attack, and they're not alone (one of the simplest attacks on a database-backed web application, which can be prevented by very simple programming practices). A lot of large networks have random systems attached which aren't kept up-to-date and are vulnerable to being rooted by rootkits available on the internet.

    Etc etc etc.

    I don't assume that much skill was necessarily involved, just perseverance.

    ReplyDelete
  7. I don't like to get into conspiracy theories very much. The only reason I could think of that is if it were for international political reasons. If they do know who is responsible and now gathering evidence the old fashioned way we should hear more soon.

    ReplyDelete
  8. Scrooge:

    "I don't like to get into conspiracy theories very much. The only reason I could think of that is if it were for international political reasons."

    Oh, the entire denialsphere is motivated by political reasoning, that's been clear for a decade or more.

    You don't need to postulate a conspiracy for this to be true ...

    ReplyDelete
  9. dhogaza,

    The fact that the hacking was carried out successfully in the lead-up to a major international conference suggests it took more than a few high-school kids chancing their arm for a year or so.

    I just hope the new momentum in this investigation is maintained.

    Toby

    ReplyDelete
  10. There are plenty of people out there with the cash to pay a hacker to get what they want. It's not that hard if you know what to do. The CRU computing infrastructure would hardly have had any security beyond the most basic.

    Anon(1)

    ReplyDelete
  11. In the UK the Police will make use of the services of the Communications Electronics Security Group (http://www.cesg.gov.uk/about_us/index.shtml) for IT forensics. CESG are a branch of GCHQ, which is the UK equivalent of, and partner to, NSA. CESG are also behind the UK CREST IT security professional certification.

    Alice

    ReplyDelete
  12. Toby:

    "The fact that the hacking was carried out successfully in the lead-up to a major international conference suggests it took more than a few high-school kids chancing their arm for a year or so."

    I didn't say a few high-school kids did it, I said that there are plenty of script kiddies out there who *could* do it. In other words, it's not that hard to do. Understand the difference?

    My guess is that professionals were involved, but people seem to greatly overestimate how difficult it is to break into your average university or corporate (or drone-flying or uranium enrichment plant) network.

    ReplyDelete
  13. Dr. Jay Cadbury, phd.

    @dhogaza

    hahahaha, are you 57?

    http://www.pof.com/viewprofile.aspx?profile_id=24245280

    If this is you then wow did I predict exactly what type of person you were.

    I think you've got more than a few extra pounds my friend. Also, complaining about everyone finding out global warming is hoax will not make your wife come back.

    ReplyDelete

  14. @dhogaza

    hahahaha, are you 57?

    Well, that's a lot less pathetic than someone who doesn't understand the difference between gross and net and who can't figure out how to solve a straightforward compound interest problem, but still runs around claiming that he has a PhD.

    But then again, I guess that's the kind of customer that Phoenix U's PhD program serves...

    --caerbannog the anonybunny

    ReplyDelete
  15. Dr. Jay Cadbury, phd.

    I knew if I started big post hole digging I could Caerbannog to come out! I've also noticed that Caerbannog is best friends with Dhogaza, Ray Ladbury and Tamino.

    Caerbannog, I used to know how to do compound interest equations and so on and so forth but I don't get paid to know it anymore. In fact, if I never learned it all, it wouldn't have made any difference in my life.

    My phd is in the area of environmental fraud. My sense of honesty and fairness is unmatched. The good doctor is so fair that there is no number for his fairness.

    ReplyDelete
  16. Dr. Jay Cadbury, phd.

    out of curiosity, I'm interested in the bunnies thoughts on the keystone oil pipeline. Specifically, would you prefer if the Canadiens sell the oil to the Chinese? Or is the pipleline being built bad enough?

    ReplyDelete
  17. Dr. Jay Cadbury, phd.

    The good doctor knows who FOIA is and delights in knowing that you will never find him. O HO HO HO HO! Merry Christmas!

    ReplyDelete
  18. Yeah, right. Of course you know, Jay.

    ReplyDelete
  19. In some respects, the least interesting part of the hack is who did it. The really fascinating part is who made the selection of emails for release? Those person or persons unknown were either intimately familiar with the themes of discourse established by McIntyre et al, or fed with enough information - keywords for searches, and so on - to enable that selection. Therein, methinks, lies the tale...

    ReplyDelete
  20. Dr. Jay Cadbury, phd.

    @J Bowers

    Bowers where are you living these days? I am in the United States, on the east coast.

    ReplyDelete
  21. Jay, you don't know who FOIA is.

    ReplyDelete
  22. Note to Eli - since our pest insists he knows who FOIA is, you might consider sending his IP and other relevant information to the DoJ as they seem to be showing some interest in discovering the identity of FOIA ...

    ReplyDelete
  23. Poetic justice.

    ~@:>

    ReplyDelete
  24. "Eli has been thinking evil thoughts, not that any of these folk (well, ok) actually were involved in the theft (lets be honest) of emails from the CRU,"

    What theft of emails from the CRU?

    ReplyDelete
  25. Let's see, the public stole the emails belonging to the public from the public and gave them to the public while at the same time the public that the emails were stolen from retained the emails. LOL.

    ReplyDelete
  26. dhogaza has a great plan.

    Little bunny Foofoo would approve.

    ReplyDelete
  27. Anonymous never heard of Crown Copyright.

    ReplyDelete
  28. Note to Eli - since our pest insists he knows who FOIA is, you might consider sending his IP and other relevant information to the DoJ as they seem to be showing some interest in discovering the identity of FOIA

    Oh, Eli doesn't need to send it. They already h... Oops! Have I let the cat out of the bag?

    Cymraeg llygoden

    ReplyDelete
  29. I'm with Gareth on this. It's one thing to envisage any kind of 'script kiddie' of whatever age being able to hack the server and get huge stacks of emails. It's another entirely predictable thought that there are a lot of people who'd be happy to release documents in time to derail yet another climate conference.

    But how does whoever-it-is set the search terms to find the few items among the gigantic set of documents most likely to meet the requirements of the second objective. Now *someone*, maybe several someones, has to provide that info.

    And someone has to select the juiciest items.

    And someone has to e.d.i.t. them.

    MinniesMum

    ReplyDelete
  30. The CIA’s Center for Climate Change and National Security “provides support to American policymakers as they negotiate, implement, and verify international agreements on environmental issues.”
    http://legendofpineridge.blogspot.com/2011/01/larry-kobayashi-director-of-cias-center.html

    ReplyDelete
  31. When Climategate happened, I thought maybe some Russian entity had something to do with it. I didn't know anything about climate change, but I didn't like stealing emails. Here is my first post about Climategate. I am sure now that some of my initial impressions will seem naive and mistaken, but there is some information there about Russian hackers from people who know more.
    http://legendofpineridge.blogspot.com/2009/11/russias-hacker-patriots-embarrass.html

    If it turns out some Russian entity was involved, I said it before the UN and the British press voiced their suspicions. Still, I am sure no big expert on hacking or climate change.

    I have a lot on my blog about Russia. Some people in the West have business relationships with Russian fossil-fuel or metal companies; and the Russians sometimes insist that their western business partners to support them politically in order to be given the privilege (license) to doing business with them. Putin, for example, used to be the guy who decided who got the permission to export rare metals from Russia. In Russia, the guys who give permission (licences) are very rich.

    Now that I know more, I am totally on the side of the scientists when it comes to global warming. The scientists were a little snarky when they discussed people who were constantly harassing them. Big deal. It was supposed to be private.

    I do know a fair bit about Russian disinformation campaigns, and the campaign against the climate scientists uses all those dishonest techniques. I used to be a Republican until I realized that my party was TRICKING me with the same sort of disinformation tactics they used in the USSR and Russia.

    ReplyDelete
  32. Time to exercise our forecasting abilities, conies one and all...

    Assuming the the Guy-With-the-Ear-Pressed-to-the-Glass-Pressed-to-the-Wall doesn't tap the hackers on the shoulders this time 'round, what date do you expect will be most likely for the third release, and why?


    Bernard J. Hyphen-Anonymous XVII, Esq., (with lashings of whipped cream)

    ReplyDelete
  33. Gareth said... "In some respects, the least interesting part of the hack is who did it. The really fascinating part is who made the selection of emails for release? Those person or persons unknown were either intimately familiar with the themes of discourse established by McIntyre et al, or fed with enough information - keywords for searches, and so on - to enable that selection. Therein, methinks, lies the tale..."

    meh. a few minutes browsing around CA is enough to see what their pet obsessions are. from there to a list of search terms is but a trivial matter.

    MinniesMum said... "But how does whoever-it-is set the search terms to find the few items among the gigantic set of documents most likely to meet the requirements of [derailing a climate conference]. Now *someone*, maybe several someones, has to provide that info.

    And someone has to select the juiciest items.

    And someone has to e.d.i.t. them."

    grep?

    out of >1000 emails in the first batch, not even half a dozen could be turned into quote-fodder, despite the denialists' best efforts. obviously not a lot of manual effort had gone into the selection process. (my impression was that) all of the actual quote-mining was done on the denialist blogs after the fact.

    ReplyDelete
  34. I'm with ligne.

    On when the next release will be, Sloppysecondsgate was a complete dud with the MSM almost unanimously responding with, "Ooh look, but oh what a coincidence they were released just before Durban.... yawn." I think it'll be just before AR5 WG1's release, or if there's a new set of science or paper that really leaves no option but to mitigate urgently which the likes of World Climate Report and Heartland can't cherrypick and distort without even the WSJ calling them out on it. What I doubt we'll ever see is the password unlocking the full set of 220,000 emails, simply because we already get glimpses of how much the scientists are certain of their findings with the usual scientific caveats, how genuinely and candidly concerned they are about what's happening to the climate, and how Pat Michaels is considered by his peers to be third rate and a scientific non-entity, etc. Why would they want more of that to be visibile? Anyone taking the already released cherrypicked sets as being in context and not designed to disinform through lying by omission is a complete and utter maroon, or stands to profit.

    ReplyDelete
  35. Eli,

    There is no evidence that there was anything on TB computers.
    The police knew that the information was on WORDPRESS machines.
    So they went after that first on Dec 9th.

    You might surmise that FOIA sent a mail to TB. you would be wrong.
    FOIA has never operated that way.

    He left a comment and a link on WORDPRESS servers.

    The police have commented, when asked, "we had to be seen doing something" Nice.

    I'll suggest that FOIA should drop a comment here at your blog.
    not a link, just a comment.

    Then we will see how you like a visit from the police because a comment was dropped on your blog.

    ReplyDelete
  36. A blog commenter said that the police said "we had to be seen doing something"

    We don't actually know what the police said.

    Louise

    ReplyDelete
  37. Here's my hypothesis on why Tallbloke had his laptops and router taken away: FOIA may have hacked him to check him out before his blog became a recipient of the link, and it's worth seeing if FOIA left a trail of any kind, even if it's only a remote possibility.

    ReplyDelete
  38. tallbloke has been at the forefront of the climategate cabal for a while now. his blog was specifically picked by FOIA to disseminate the second batch. it's not exactly a leap of the imagination to think he might have had out-of-bound contact with FOIA.

    ReplyDelete
  39. " it's not exactly a leap of the imagination to think he might have had out-of-bound contact with FOIA."

    Especially since the release of the set of encrypted 200,000 e-mails came with an announcement that the passphrase would be shared with a select few.

    That's evidence of a likelihood of direct contact with at least some of the climategate cabal (like that phrasing, ligne!) and, IMO, again, possibly what convinced a judge that a search warrant should be issued.

    ReplyDelete
  40. Some people are saying the hacker must have been knowledgable about the subject to pick the emails they did. I disagree. There are big errors in the in the Hacker's interpretation of the emails that on the face of it would suggest the hacker is barely familiar with the topics let alone the details.

    ReplyDelete
  41. Seems to me I saw somewhere (I do wander at times) Tallbloke himself announcing that he had some of the emails. Am I all about in my head? Maybe so, and I imagined it. The Russian thing had been floating around for a while too, even without Snapple. We'll see, maybe
    (Susan Anderson)

    ReplyDelete
  42. I assumed the Russians who did it as its way easier to dump files anonymously and quite untraceably on the country ones in, and I think there's plenty interest on denial (though in the net it looks like mostly an american phenomenon (the Europeans seem to like to be quiet of CC)) also in there for the production of fossils. I've been entertaining myself by imagining what sortof background discussions were done for the Baltic Gas Pipeline due to go online shortly, but I think I don't write anything about it, it might do good for German coal use.

    ReplyDelete
  43. fwiw, my hunch is that the hacker was just someone who spent too much time reading CA and friends, who (possibly spurred on by the FoI crapflood) decided to take matters into their own hands.

    not entirely sure about the russian connection. compromised servers can be found just about everyhere, it's about as difficult to use a server across the world as it is to use one in the next room, and computers in turkey and saudi arabia were apparently also involved in the attack.

    then again, eastern europe has got quite an impressive reputation for cheap, high-quality hackers to rent.

    ReplyDelete
  44. At the time of the BEST pre-release by Muller, Anthony made the snarky, cryptic comment: “No worries, down maybe, but not out. I still have the upper hand, they just don’t know what I know at this point. – Anthony”

    This was back in mid-October and assumed by most to be related to sour grapes over BEST. In retrospect however...

    ReplyDelete
  45. frank, Eli mentioned this to some folk, but since the entire file is sitting out there encoded, and we have several Mbytes of decoded stuff, it should be relatively easy to break the encoding.

    ReplyDelete
  46. "we have several Mbytes of decoded stuff, it should be relatively easy to break the encoding."

    No, modern encryption algorithms aren't really susceptible to such kinds of attacks, sorry.

    ReplyDelete
  47. If everything is sequential we have another clue

    ReplyDelete
  48. "If everything is sequential we have another clue"

    Sorry, hooks like this just don't work with modern encryption algorithms.

    Now, if enforcement efforts to grab computers of possible cohorts lead to the passphrase ... great.

    But the odds of brute-forcing it are really low.

    ReplyDelete
  49. has there been any indication as to how the other emails were encrypted?

    ReplyDelete
  50. Frank: thanks for the details. i'd heard about it being a 7z archive, but i hadn't realised it was its built-in encryption being used.

    (though i should have mentioned that i'm reasonably knowledgeable about crypto, so i was already familiar with AES, known-plaintext attacks and the like :-) )

    ReplyDelete
  51. ligne:

    Oh OK... well, it was the .7z built-in encryption being used. :) Anyway, you can always download the whole FOIA2011.zip enchilada to take a look -- the original files.sinwt.ru copy is gone, but there are copies elsewhere (e.g.).

    -- frank

    ReplyDelete
  52. And for those who haven't come across this yet: Deep Climate had some curious observations a while back regarding the elusive files.sinwt.ru server, where FOIA2011.zip was initially uploaded.

    -- frank

    ReplyDelete
  53. frank:

    "But there's simply no easy way to do ‹ciphertext, plaintext› → key, which is what Eli was talking about. This requires a known-plaintext cryptanalytic attack, and no such attack against the AES-256 cryptosystem is known in the public literature."

    Right, there's one key-recovery attack on AES that's about four times faster than brute force, meaning that only 2^254 operations are required, in theory, to do key recovery (which would allow full decryption). Given that the accepted age of the universe is on the order of 2^90 nanoseconds, don't hold your breath waiting for success!

    ReplyDelete
  54. i doubt that looking into Hetzner will get you very far. they're just a big hosting company, who will sell server space to pretty much anyone with the cash. and it's not at all unusual for a domain for one country to be hosted on a server in another.

    ReplyDelete
  55. ligne:

    Ah well... no harm trying.

    Meanwhile: phantom lawsuit is phantom. Or not.

    -- frank

    ReplyDelete
  56. Eli must say this is amusing.

    The fact that there was a search pretty much puts a nail in heads of anyone claiming that the theft of the CRU emails was not a crime.

    Too bad about the encoding tho (of course, the cops have a copy of the original file so if they were interested in the key for other reasons that might be a different thing, or is this one way??)

    ReplyDelete
  57. Frank, the scienceblogs reference is to Greg Laden, who interpreted the search of Tallbloke's computer equipment as evidence that he was a suspect in the CRU theft in the first place. Which isn't true. As I, James Annan, and several other reasonable people pointed out to him. It hit WUWT and he got flooded with the usual trolls, but in this case they were actually right.

    Laden backed down, and in return for Tallbloke's solicitor agreeing not to sue, offered Tallbloke the opportunity to guest-post to Laden's blog.

    Greg Laden was way out of line. It's obvious the police think that searching Tallbloke's computers might lead them to "FOIA", but they've been clear that he himself is not a suspect in the theft, and to publicly accuse him of not only being a suspect, but guilty (though Laden edited a couple of times when his wrongness was pointed out to him) was really unacceptable.

    Though, as I pointed out to Greg, Tallbloke is a slime ball, just not accused of hacking CRU ...

    ReplyDelete
  58. Frank: "Right, there's one key-recovery attack on AES that's about four times faster than brute force, meaning that only 2^254 operations are required, in theory, to do key recovery (which would allow full decryption). Given that the accepted age of the universe is on the order of 2^90 nanoseconds, don't hold your breath waiting for success!"

    This little bunny heard on the radio (so it must be true) that an Australian research group have developed a wire one atom high and four atoms wide, that exhibits 'good' resistivity. Evidently they have overcome a problem with similar experiments, whereby the resistivity of the wire went through the roof at atomic scales.

    Anyway, the point is that this was discussed in the context of Quantum Computing and the claim was made that a QC device would be capable of solving, in a few seconds, problems that existing computers would take the rest of the life of the universe to solve. My immediate thought was 'bang goes our current crop of secure encryption algorithms'.

    But then, it was only one little bunny listening to a radio programme in Australia and, anyway, AFAIK QC is not coming to a store near you any time soon. By the time we get the raw power to hack the encrypted emails, we will be up to our knees in rising tides ...

    Back into my box now.

    ReplyDelete
  59. Eli's been there and done that. Color him skeptical

    ReplyDelete

Dear Anonymous,

UPDATE: The spambots got clever so the verification is back. Apologies

Some of the regulars here are having trouble telling the anonymice apart. Please add some distinguishing name to your comment such as Mickey, Minnie, Mighty, or Fred.

You can stretch the comment box for more space

The management.