Sunday, December 6, 2009

Russian server implicated in Climategate email leak?

Two British newspapers are reporting that the original internet posting of emails and documents stolen from the University of East Anglia Climate Reasearch Institute was initiated from a small server in the Siberian city of Tomsk.  From the Daily Mail (UK):

Suspicions were growing last night that Russian security services were behind the leaking of the notorious British ‘Climategate’ emails which threaten to undermine tomorrow’s Copenhagen global warming summit.

An investigation by The Mail on Sunday has discovered that the explosive hacked emails from the University of East Anglia were leaked via a small web server in the formerly closed city of Tomsk in Siberia.

The leaks scandal has left the scientific community in disarray after claims that key climate change data was manipulated in the run-up to the climate change summit of world leaders.
The Times (UK) offers three possible sources:

The Russian connection to the controversy over the leaked Climategate e-mails raises suspicions of a state-sanctioned attempt to discredit the Copenhagen summit involving secret service espionage. But it could as easily have been the work of freelance hackers hired by climate-change sceptics.

Hackers for hire are a common phenomenon in Russia, where programming skills are high and many smart computer experts are eager to make money. A shadowy organisation called the Russian Business Network is notorious as a provider of internet services for global cyber-crime.

Unscrupulous businesses hire hackers to attack the websites of rival companies, and criminal gangs make use of their skills in credit card fraud and identity theft. There are websites and discussion forums where Russian hackers swap information and advice about their activities.

A third possibility is that disgruntled or mischievous students involved in the climate-change debate may have accessed the servers; it has been suggested that the files hacked from the University of East Anglia were uploaded from a server in the Russian city of Tomsk. The formerly closed Siberian city was a hotbed of scientific expertise in the Soviet Union and is now one of Russia’s leading centres for studying climate change.
Russia has been associated with several cyber attacks in recent years:

Tomsk students were involved in an attack on a website sympathetic to Chechen militants in 2002 that drew praise from the Federal Security Service (FSB), the successor to the Soviet-era KGB. The FSB office in Tomsk declared the students’ action an “expression of their position as citizens, one worthy of respect”.

The Kremlin was blamed when government websites in Estonia and Georgia were crippled by so-called distributed-denial-of-service (DDOS) attacks carried out by computer hackers when those two countries were in conflict with Russia. The cyber-saboteurs used automated “botnets” to flood networks with simultaneous attempts to access sites. An MP with Vladimir Putin’s United Russia party boasted later that one of his researchers had carried out the attack on Estonia.

Security experts in Russia say that the FSB routinely makes use of such “hacker-patriots” when it wants to break into computer systems or damage websites belonging to groups critical of the state. This allows it to have deniability about the involvement of its own computer experts at the FSB’s Centre for Information Security.

And just last year, computer hackers suspected of working from Russia successfully penetrated Pentagon computer systems within U.S. Central Command in one of the most severe cyber attacks on US military networks.

This story hasn't gained much traction yet, perhaps because it broke during the weekend, or maybe it's simply not true.  Stay tuned.


  1. Well, if it was the Russians, Chinese, Cubans, French, any Muslim country or Iranians who hacked into our computers, Barbara Boxer will town down her rhetoric. She and Obama will ask the UN to investigate...

    Now, if it's Honduras, Obama and Boxer will declare war and we will invade the next day...

  2. This comment has been removed by a blog administrator.

  3. This comment has been removed by a blog administrator.

  4. This comment has been removed by a blog administrator.