How did emails stolen from climate scientists snowball into a global news story in less than 48 hours?
“A lot is happening behind the scenes. It is not being ignored. Much is being coordinated among major players and the media. Thank you very much. You will notice the beginnings of activity on other sites now. Here soon to follow. ~ ctm [Charles Rotter, moderator on WattsUpWithThat.com]”
‘Climategate’, or ‘Swifthack’ was a media story about a set of hacked emails that was pushed by a group of avid climate skeptics, including bloggers Steven Mosher, Steve McIntyre , Ross McKitrick , Patrick Condon, Lucia Liljegren, Charles Rotter and Anthony Watts. Collectively, they took a mountain of stolen material, condensed it into a well-packaged pitch, and sparked a scandalous story that reached virtually every major news outlet in the world.
Brief Overview of Events:
In November 2009, an unidentified hacker stole a large amount of data from the Climatic Research Unit at the University of East Anglia . The data contained thousands of private emails, internal documents and climate data sets dating back to 1996. The hacker created a 61 mb file from this data and gave it to a small group of climate skeptics and ‘lukewarmers ’, who pored over it to pick out potentially controversial snippets. The bloggers sifted through the data to find quotes in private emails which could be used to condemn the scientists and question their research.
They collectively developed a narrative asserting that climate scientists lied to the public, manipulated data and suppressed dissenting views. They implied that the contents of the emails cast doubt on the whole of climate science. The timing of the release of this story was perfect, coming less than a month before the highly-anticipated Copenhagen climate talks. Such a scandal had the potential to dampen public support for global efforts to mitigate global warming.
Background: November 2009
Steve McIntyre has used Freedom of Information (FOIA or FoI) requests to gain access to CRU data since 2007. McIntyre maintains climateaudit.com  and, with co-author Ross McKitrick , has published two articles in minor journals that point to flaws in the original hockey-stick graph . McIntyre has spent his carreer working for and running  Canadian oil and mineral companies.
McIntyre filed or coordinated the filing  of dozens of FOIA  requests  to climate scientists at East Anglia beginning in 2007, with the pace escalating significantly in the months leading up to the leak. According to a 2009 interview with Phil Jones in the TimesOnline , “in July alone the [CRU] unit received 60 FoI requests from across the world.”
“We were clearly being targeted,” says Phil Jones  of East Anglia University. “Only 22% of the FoI enquiries were identifiably from within the UK, 39% were from abroad and 39% were untraceable.” What irked him was that the foreign applicants would all have had sources closer to hand in their own countries.
[Update:] Steve Mosher, writing in the comments below clarifies:
The first FOIA was in 2007. This was an FOIA done by Willis Eschenback. Willis filed the FOIA on his own initiative and said nothing about it to McIntyre for 5 months. Upon finding out that WIllis had done an FOIA, Mcintyre did one. Mcintyres was granted, 50 of Willis was granted.
In 2009 there were as you note a flurry of FOIA. Essentially CRU misrepresented the existence and wording in CONFIDENTIALITY agreements. The fact of their misrepresentation was documented in an letter sent by the FOIA appeal office to Mcintyre Nov 13th, 2009.
The “60” or so FOIA were all combined into a single request and that request was answered by CRU posting 4 agreements on the web. Jones spent less than the 18 regulated hours on the request. My request which was in the same pile of requests was denied because CRU determined that responding to my request would take more than 18 hours. I requested their FOIA guidelines.
Scientists did not fill those requests, stating that much of the information was already publicly available , fulfilling some of the requests would be a huge time burden and, in some cases, would potentially violate the terms of agreement between CRU and the original sources of the data. [Update: Mosher clarifies that there were 4-5 requests for specific data, which were denied because some was covered by confidentiality agreements. The non-confidential data was then requested, which was already supplied to Peter Webster but denied to McIntyre, even though the confidentiality argument is inconsistent here on the part of CRU] (Ironically, some of the raw climate data the bloggers requested was actually found months earlier  on unsecured links at UEA due to network glitches.) [update: According to Mosher, similar but older data was found, not the data that McIntyre requested.]
The emails that made up the now infamous “FOIA2009.zip” file that the hacker sent to the bloggers in late November were compiled in three batches, from Sept 2009 to Nov 13, 2009. Steve Mosher speculated  that the emails were sorted using fairly simple search functions to weed out the truly inane (out of office replies, etc) so that only emails likely to be relevant to skeptics’ arguments remained. He also speculated the hacker understood enough about climate skeptics’ previous arguments to know what types of information to highlight, but did not spend enough time with the file to find all of what would be considered ‘juicy’ evidence.
Steve Mosher  is an open-source software developer advocate and one of the moderators of a prolific commentor on The Blackboard , as well as ClimateAudit and WattUpWithThat. He also studied English in grad school at UCLA, specializing in statistical analysis of word frequencies. According to Patrick Courrielche  at BigJournalism.com, Steve Mosher is “an open-source software developer, statistical data analyst, and thought of as the spokesperson of the lukewarmer set…”
Initially the hacker was suspected to be a highly sophisticated person or team, but analysis by the Guardian shows that the hack and the posting likely did not involve a high level of sophistication . Downloading the files, sorting them and uploading them onto a Russian or Turkish FTP server are not difficult tasks technically, as long as someone had access to the East Anglia servers, which had been proven to be less than secure. The next step of hacking into the backend of RealClimate.org to upload the .zip file could be considered moderately difficult, requiring familiarity with the weaknesses of the WordPress blog platform.
The hacker used several methods to anonymously send the file to a small set of skeptical bloggers. He first hacked into RealClimate.org  (a site maintained by climate scientists Gavin Schmidt, Michael Mann, and others) and uploaded the FOIA.zip file. The hacker then attempted to write a post on RealClimate, which was not successfully published. He then commented on ClimateAudit.org  listing his name as “RC” at 10:54 GMT on November 17th with the text “a miracle just happened” and linking to Realclimate.org/foia.zip.
About twelve hours later, a comment  linking to the same file but located on a Russian FTP server was posted to WattsUpWithThat.com  stating “We feel that climate science is, in the current situation, too important to be kept under wraps” and listing a “sample” of 19 email file names and snippets. Charles Rotter, also known as Charles the Moderator or CTM, did not approve the comment but he did notify Anthony Watts immediately. Anthony Watts runs WattsUpWithThat.com . He is a former TV meteorologist who started by blogging about locations of surface weather stations . His site is regarded as the largest and most active of the climate skeptic sites.
The hacker then placed a brief comment on a more obscure climate skeptic site called the Air Vent  maintained by Patrick Condon (aka Jeff “Id”) and a long comment on Climate Skeptic  identical to the WUWT comment, both linking to the Russian FTP site. These actions occurred between 11:20am on the 17th and 3:47am UMT on the 18th.
Gavin Schmidt, NASA climatologist and moderator of RealClimate.org, says that up to four downloads were started  while the file was hosted on the Real Climate site on the 17th, although the downloads may not have been completed. As soon as he discovered it, Schmidt notified the University of East Anglia  about the breach. East Anglia began taking security measures and notifying their staff of a leak. Additionally, Rotter and Watts virus-scanned and downloaded the file from the Russian server  late on the 17th California time. The link on Climate Audit, linking to the Real Climate went without comment for two days.
Rotter is the head moderator of WattsUpWithThat,  a volunteer position. He only revealed his last name after heightened scrutiny following the leaked emails. He made a CD copy of the file and gave it to Steve Mosher around 9:36pm PST on November 17th. (Rotter and Mosher are flatmates in San Francisco.) Watts was traveling in Europe and says he didn’t look at file. Rotter felt that Mosher was far more qualified to look at it than he was .
Mosher started analyzing the emails for their validity. He and/or Rotter first called McIntyre  late in the evening of November 17th to confirm some of the emails, which included conversations between Phil Jones, Michael Mann and McIntyre regarding FOIA requests. McIntyre confirmed the emails involving him were genuine, and said he was intrigued, but claims he didn’t get the actual file until the 19th. Mosher apparently spoke to McIntyre frequently  over the next 36 hours.
On November 19th Paul Dennis , an isotope specialist and employee of CRU, emailed McIntyre  to notify him of the security breach. McIntyre shared discussed the email with Mosher, providing further assurance that the FOIA2009.zip files were genuine.
“Much is being co-ordinated among major players and the media”
The last known activity by the hacker happened just after Mosher and Rotter began distributing the story, about 60 hours after the first known activity of hacking into RealClimate.org.
[Updated, based on Mosher’s comments] Mosher says he became sure of the validity of the files when he learned of UEA’s security measures via McIntyre. He then looked for the files elsewhere online, found the comment on Air Vent,  which had gone unnoticed since the 17th. He said in an interview  that, “My first reaction to the link [on Air Vent] was relief. I didn’t want to be the only person who had these files…”
At 1:55 central time on the 19th, Mosher posted a comment #23722  under an unrelated thread  on Lucia Liljegren’s blog. Minutes later he posted a similar comment on Climate Audit (McIntyre’s blog). In the same hour, Rotter made a similar comment on Bishop Hill’s blog  under the name devilinthedetails. Liljegren saw the comment and made a new post, saying  “Steve Mosher alerted us to an interesting development,” and questioning the validity of the files.
Mosher also emailed Tom Fuller, a blogger at Examiner.com and sent a facebook message  to Andy Revkin at the NYTimes. We don’t know what other media people Mosher notified. While he has written extensively about the incident, he rarely mentions notifying Fuller, and I only found one reference to contacting Revkin (a note Revkins said he saw five hours later, after he had already seen the story elsewhere.)
An hour after these first comments from Mosher and Rotter, the hacker made a comment on WUWT which was held in moderation. According to Mosher , it said roughly “ ‘what the eff’ why isnt anybody talking about this”. Rotter, as moderator, replied via the comment forum  at 1:16pm CST, or 70 minutes after Mosher’s first post on Liljegren’s site.
By the time Liljegren made her short post , Mosher had almost two days to pore over the files. Despite Liljegren’s apprehension about posting the contents of any emails, Mosher proceeded to post four of the emails  as comments within 30 minutes. Lucia Liljegren studies fluid dynamics at Argonne National Lab and teaches university in Ames, IA. She began her site, The Blackboard , in Nov 2007 to document ‘teaching herself R’ (a statistical method) and using the European Climate Assessment database as her test set. She says  “I firmly believe CO2 will tend to cause global warming and the effect is sufficiently large to worry about. That said, I’m also interested in reading the questions and arguments presented by skeptics.”
In addition to posting to Liljegren’s site, Mosher also posted three of the emails  as comments on an unrelated thread on McIntyre’s site. Three of the six total emails were part of the ‘random’ selection posted by the hacker in the original comment, and the other three were new. One of the new ones contained the now-famous ‘hide the decline’ phrase that became and stayed the top-line message on the scandal among the right wing media. The ‘hide the decline’ email was the only email Mosher posted on both sites.
Watts posted on the story on his site from Dulles airport  on his way back from Europe within 90 minutes of Liljegren’s post on the afternoon of the 19th, according to the time-stamp on the first comment.
Only 10 minutes after the first comment on Watts’ post, Ian Wishart in New Zealand made a brief post , linking to Watts and stating that he had emailed Phil Jones to confirm. Wishart maintains a blog called The Briefing Room  and also writes for or edits Investigatemagazine.com , also known as TGIF. Wishart spoke to Jones in an ‘exclusive’ interview sometime in the next 12 hours and posted a story on TBR  and TGIF at 9:30pm NZ time, (8:30am on the 20th UK time), who confirmed that the files were in fact real and the CRU had in fact been hacked. The TGIF article is referred to as proof of the validity of the stolen emails in most early stories.
5 1/2 hours after Liljegren’s initial post (now about 8:50 pm EST on the 19th), Tom Fuller posted on the Examiner.com  that files were stolen, other people were writing about them. “I’m not going to publish the files. I hesitate to even write about what’s in them, other than in the most general terms.” Fuller posted two more blogs over the following twelve hours with more complete details. (Fuller also went on to write the Climategate book with Mosher.)
At 8:53 EST on the 19th, an hour after Fuller, Examiner writer Terry Hurlburt posted a long blog  with full details and essentially the same messaging that would be used throughout the news cycle. His post is rarely mentioned in other accounts of Climategate, but at the time many other blogs linked back to his. He made several updates to that post, and it’s possible he could have altered his initial post to make it more appealing and fleshed out, but the writing and circumstances to indicate that he didn’t alter his original text. The Examiner’s editorial and business model allows for thousands of writers to keep their own blogs and who are given free rein to post as they please, with editors then selecting and promoting pieces. It is likely that when his post began to generate traffic from bloggers, the editors noticed and began to promote it as well.
Possibly after seeing Wishart’s post, and two hours after Hurlburt’s post, Andrew Bolt in Melbourne wrote another comprehensive post  at 4:36am UMT which, similar to Hurlburt’s, captured the story as it would later be written by many larger outlets.
Marc Morano  at Climatedepot.com first linked to Andrew Bolt’s account with the headline: “Update: ‘CRU director admits emails seem to be genuine’ – Climatic Research Unit Hacked? ‘Warmist conspiracy exposed?’  Morano doesn’t write posts, only publishes headlines and links to other sites, and his links don’t have time-stamps so it’s difficult to determine exactly when he became involved. However, first linking to Bolt and following links backwards from there is a plausible way he arrived at the story. He then links to Liljegren, Fuller, Hurlburt and then Condon and posts regularly on the story from there. Many of Morano’s headlines were short, attention-grabbing quotes from emails or commentary from bloggers. He also quickly and repeatedly used headlines criticizing the mainstream media for not covering climate skeptics.
At 6:40am EST (11:40am UMT) on Friday morning, UK-based reporters began emailing Michael Mann in the US for confirmation and reactions to the story. This was less than 16 hours since the first public comment by Mosher on Liljegren’s blog. Three more requests for comment arrived in Mann’s inbox by 9am EST and they kept coming throughout the day, as well as phone calls, as US media started picking up the story.
By late afternoon on Friday the 20th, Competitive Enterprise institute had issued a press release  on the scandal, complete with a quote from Myron Ebell  saying in part: “Some of the e-mails that I have read are blatant displays of personal pettiness, unethical conniving, and twisting the science to support their political position.”
Spreading the Story Far and Wide:
Six hours after Wishart confirmed the leak in TGIF, James Delingpole published the story in a Telegraph blog , with the meme ‘the final nail in the coffin of anthropogenic global warming’. Minutes later the BBC posts its first story  at 2:13pm, UMT time. Four hours after that, Fox News started posting it online  in the US with the hook ‘skeptics see smoking gun in leaked climate science emails.’ At 1:48pm on Friday the Drudge Report first found the story , spreading it to an even broader network.
By the time Bolt had the story in Melbourne there were likely dozens of bloggers downloading the file and scanning it for quotes to share. Based on the number of comments that day and the average readership of the skeptic blogs, they had an army poring over the files in a race to find the next ‘juicy’ comment from the climate scientists. However, the media headlines were all shaped by the relatively small number of comments discovered and featured by Mosher.
Pat Michaels  of the University of Virginia and the CATO institute was quoted by the New York Times on the 20th  declaring the end of climate science. The Washington Post quoted Myron Ebell  from the Competitive Enterprise Institute on Saturday, a quote repeated by CBS News . Chris Horner of CEI first used the phrase  the ‘blue dress moment for global warming’ late on the 19th and repeated it again the next morning , and then kept writing about the story, presumably on CEI’s dime. He called for an investigation , acused the media  of missing the story, decided to sue NASA  over more FOIA requests and wrapped up his week by giving thanks on thanksgiving  for the files being illegally stolen.
On Monday the 23rd, Glenn Beck did a segment , and on Tuesday Pat Michaels was interviewed on Fox News. A mid-western group even produced a video on the 24th called ‘hide the decline ’ which rose to 500,000 views on Youtube after it was promoted by Rush Limbaugh.
Steve Mosher and Tom Fuller went on to write a book  detailing the series of events around the hack. Collectively, the group of skeptic bloggers have written extensively about the link and refer to it frequently. Police have made little progress in identifying who stole or leaked the files. The skeptic bloggers were able to take a security breach and present it to the PR and media organizations invested in opposing action to reduce global warming emissions.