You are viewing ijish

SwiftHack 2.0: more complete first impressions

00000000  50 4B 03 04  0A 03 00 00  PK......
00000008  00 00 00 60  21 3E 00 00  ...`!<..
00000010  00 00 00 00  00 00 00 00  ........
00000018  00 00 05 00  00 00 46 4F  ......FO
00000020  49 41 2F 50  4B 03 04 14  IA/PK...
00000028  03 00 00 08  00 00 60 21  ......`!
00000030  3E 8C 2C F4  13 CE 25 00  <.,...%.
00000038  00 92 54 00  00 0F 00 00  ..T.....
00000040  00 46 4F 49  41 2F 52 45  .FOIA/RE
00000048  41 44 4D 45  2E 74 78 74  ADME.txt
00000050  85 5C 59 6F  E3 54 14 7E  .\Yo.T.~
00000058  F7 AF 30 15  52 A7 52 BA  ..0.R.R.
00000060  A4 CB B4 45  08 54 4A 99  ...E.TJ.
00000068  29 30 03 6A  D9 47 7D 70  )0.j.G}p
00000070  EC 9B C4 D4  B1 83 97 86  ........
00000078  F0 C0 6F E7  FB CE 39 F7  ..o...9.
...

The 'zzzz' you heard was the sound of me waiting for the interminably long download of FOIA2011.zip to complete. Anyway, now that I've got hold of the file, here are some initial thoughts...

About files.sinwt.ru, the server originally hosting the file:

  • Why on earth is the server down so often? Was it also cyber-attacked? Well, I've obtained an e-mail address for the site administration from Google's cache, and I've contacted them.
About file times in the .zip:
  • Only modification times in the local time zone are present in the main .zip; there aren't any UTC modification times or UTC access times, unlike the last data dump. And FOIA/all.7z contains only UTC modification times.
  • Almost all the file modification times have been whited out, and read either 1 Jan 2011 12:00:00 local or 1 Jan 2011 17:00:05 UTC -- quite a weird choice of file times if you ask me.
  • However, there's one file time which the SwiftHackers didn't white out. Can you find it?
About README.txt and the unencrypted e-mails:
  • The e-mails are numbered FOIA/0001.txt to FOIA/5349.txt, but there are some gaps in the numbering, starting from a missing FOIA/0009.txt. There are no gaps from FOIA/0198.txt on.
  • The README and e-mails were likely created in a Unix-like environment (line endings are LF rather than CRLF).
  • The capitalization of e-mail headers -- date:, from:, subject:, to: -- differs from the 2009 dump.
About the encrypted FOIA/all.7z:
  • There's one file which was probably not ripped from CRU: all/README. It's 211 bytes large, so it's different from the 21,650-byte FOIA/README.txt file in the main .zip. What secrets does all/README hold?
About the state of the investigation by the Norfolk constabulary:

Update 2011-12-02: The Guardian's Leo Hickman has also been looking at the .7z file.