Log in

Two more tidbits of information on SwiftHack

From a commenter named "Hoi Polloi" at the Climate Audit blog post regarding the supposed "Mosher Timeline": [cached]

Personally I ["Hoi Polloi"] downloaded the FOIA file on Nov.19th [2009] via the Russian FTP server [at http://ftp.tomcity.ru/incoming/free/FOI2009.zip] which ad[d]ress I got from the AV site [probably the Air Vent, where the URL appeared]. There were some other personal, climate unrelated files on that server, did anyone analyzed these in order to establish the identity of the hacker/leaker? I couldn't see any link with CRU.

(For me, by the time I tried to access ftp.tomcity.ru, the site had unfortunately already gone down, so I couldn't see what was in the free/ directory.)

And from a question-and-answer at RealClimate by Lucia Liljegren and Gavin Schmidt, seen via (!) Bishop Hill blog: [latter cached]

My visitors always ask and I can't answer: Was the break-in [into the RealClimate blog] to the WordPress Admin area only? Or did they hack onto the hosted account on the server [which holds the blog]?

[Response: They used something to directly access the backend mySQL database (to export the password/user details to file prior to erasing them in the database) and to monitor logins to the ssh [Secure Shell] account. Neither of these things are standard WordPress functions. I conclude therefore they must have hacked both, though the actual entry point is obscure. - gavin]