Two more tidbits of information on SwiftHack
Personally I ["Hoi Polloi"] downloaded the FOIA file on Nov.19th  via the Russian FTP server [at
http://ftp.tomcity.ru/incoming/free/FOI2] which ad[d]ress I got from the AV site [probably the Air Vent, where the URL appeared]. There were some other personal, climate unrelated files on that server, did anyone analyzed these in order to establish the identity of the hacker/leaker? I couldn't see any link with CRU.
(For me, by the time I tried to access
ftp.tomcity.ru, the site had unfortunately already gone down, so I couldn't see what was in the
My visitors always ask and I can't answer: Was the break-in [into the RealClimate blog] to the WordPress Admin area only? Or did they hack onto the hosted account on the server [which holds the blog]?
[Response: They used something to directly access the backend mySQL database (to export the password/user details to file prior to erasing them in the database) and to monitor logins to the ssh [Secure Shell] account. Neither of these things are standard WordPress functions. I conclude therefore they must have hacked both, though the actual entry point is obscure. - gavin]