Internet security and climate change had a surprising run-in last week, as thousands of emails from the University of East Anglia's Climate Research Unit wound up on climate-skeptic web sites. The University says it is cooperating with police and launching its own investigation into how the emails wound up online.
While many universities have suffered data  breaches by cybercriminals, the fact that this data was released to anti-climate change sites strongly suggests the breach was politically motivated, said Andrew Storms, director of security operations at nCircle Security. "There is no doubt in my mind that the break-in was a targeted attack," Storms said.
"Cybercriminals seek assets worth value on the black market -- private and personal information primarily. Large amounts of emails about climate research aren't worth much when it comes to identity theft," Storms said. "Further, if the attackers felt there was monetary value in this information, they would not have leaked it so readily."
Republicans Pounce on Emails
Even if the investigations find there was a criminal trespass by hackers with a political agenda, the release of the documents have put climate scientists and politicians trying to pass climate-change legislation back on their heels.
An aide to Rep. Darrell Issa (R. Calif.), the ranking member of the House Committee on Oversight and Government Reform, said congressional investigators are studying the purloined emails, according to a report in the Wall Street Journal.
The aide said the investigation is centering on emails sent by White House Science Adviser John Holdren. In a series of emails sent in 2003, Holdren, then at the Woods Hole Research Center in Woods Hole, Mass., defended research by Michael Mann of Pennsylvania State University, a scientist who believes human activities account for global warming.
Mann reportedly sent an email in 2003 suggesting climate researchers stop contributing to the journal Climate Research, after it published a paper questioning whether the 20th century was in fact abnormally warm. "I think we have to stop considering 'Climate Research' as a legitimate peer-reviewed journal," Mann wrote. "Perhaps we should encourage our colleagues in the climate research community to no longer submit to, or cite papers in, this journal."
Wake-Up Call for Academics?
Holden issued a statement Monday, saying, "I think anybody who reads what I wrote in its entirety will find it a serious and balanced treatment of the question of 'burden of proof' in situations where science germane to public policy is in dispute." Mann said there was nothing wrong in saying researchers "shouldn't be publishing in a journal that's activist."
Regardless of the merits of the climate change debate, Storms said, any data breach should put organizations -- academic, government and private sector -- on alert to shore up their defenses -- and employees to watch what they say in email. "Climate change debate aside, one pillar still holds true -- computers and computer networks are very good at storing data. If you think you might be doing something shady, don't blab about it in email," Storms said.
"Most corporate users in large companies have become rather aware that all their computer operations can and will be monitored. That realization may not be so evident in an academic setting where openness and information sharing is the norm," Storms added.
|
