Hackers steal information from Climate Research Unit

Filed Under: Data loss

Planet earth
The UK-based Hadley Climate Research Unit (CRU), at the University of East Anglia in Norwich, is reported to have sufferered a security breach which has resulted in many confidential emails and files being uploaded to the internet.

A 61MB zip file containing information stolen from one of the world's leading climate research centres, was posted onto an anonymous FTP server in Russia, accompanied by a note saying:

We feel that climate science is, in the current situation, too important to be kept under wraps.

We hereby release a random selection of correspondence, code, and documents

In total it is believed that the unknown hacker accessed 1079 emails (some of which are marked as "Highly Confidential") and over 3800 documents. A spokesman for the Climate Research Unit confirmed the hack to the BBC.

Climate change bloggers are feverishly discussing the contents of the emails, some of which - they claim - detail how members of the CRU discussed hiding the truth about climate change.

However much the Hadley Climate Research Unit may have wished their communications to have remained private, the truth is now that the genie is out of the bottle. Interested parties around the world have grabbed the archive of documents - so even if the Russian FTP site is shut down, others will be able to share the data to other interested parties.

Indeed, it appears that the data is already been distributed via peer-to-peer file-sharing networks.

Leaked Hadley CRU documents

Clearly climate change is a topic which raises strong passions - but I can't remember an instance of either side resorting to cybercrime and hacking to gather information on the other before.

Whether you are sympathetic to Hadley CRU's views on global warming or not, it shouldn't be forgotten that they are victims of a criminal hack. Personal information, including the email addresses of scientists working at the organisation, is now in the public domain.

There is a real danger that some ne'er-do-well could use that information to spam or send targeted attacks against individuals who would have understandably expected their communications to have been held securely.

Details of how the hack occurred aren't yet apparent, but this security breach may serve as a timely reminder to other organisations to ensure that they have put the necessary security in place to reduce the risk of something similar happening to them.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.