You are viewing ijish

Diagram showing how SwiftHack archive was created (as I understand it)

February 16th, 2010 (12:57 pm)
Tags: , , ,
6 Read Comments linkAdd to MemoriesShare

I've drawn a diagram that tries to summarize how the FOI2009.zip -- or, rather, FOIA.zip -- containing the cracked CRU e-mails and data was created, according to the information given in the posts and comments on this sub-blog and the old IJI blog. (Click for a larger version of the diagram.) It probably needs more work, so let me know what you think.

In the meantime, feel free to spread it around!

Update 2010-04-01: The link to IJI blog post category has been updated.

Comments

Posted by: Decoding SwiftHack (ijish)
Posted at: February 16th, 2010 05:10 pm (UTC)
Re: Unpack from archives

bigcitylib:

Beautiful.
Thanks again. :)
Any theories on why the attachments would have been unpacked.
If you're referring to why they were packed and then unpacked: I guess it may have to do with the attacker's method of ripping the files.

As I mentioned in a previous post (and as shown in the diagram), the attacker seem to have ripped 5 Word documents by starting up shell sessions -- perhaps by exercising a bug in a setuid program -- and recording the sessions. Perhaps the attacker used the same method to rip several files (plus their modification times) at once, by simply putting them into one .tar file and dumping that in a single shell session.

That's just my wild theory though; I haven't exactly been able to test it to any meaningful degree.

ReplyLink Parent Thread
Posted by: ((Anonymous))
Posted at: February 16th, 2010 06:49 pm (UTC)
Re: Unpack from archives

Could substes have been unpacked to, for example, be forwarded by email to a third party?

ReplyLink Parent Thread
Posted by: Decoding SwiftHack (ijish)
Posted at: February 17th, 2010 11:57 am (UTC)
Re: Unpack from archives

Could substes have been unpacked to, for example, be forwarded by email to a third party?
Maybe, but the files that ended up in the .zip don't look like they were saved separately from e-mail attachments -- the access times for each batch won't all read as the exact same second. That's to say, if the files were separately attached in e-mails, then that's probably not done as part of the process of creating the .zip file.

Still, if you come across any confidential CRU documents that had been floating around before SwiftHack, I'd definitely like to know. :)

ReplyLink Parent Thread
6 Read Comments

navigate

links

about


userinfoijish
Friend Me My To-do List Memories

blurb

.:Introduction:.

(If you don't already know what "climate change" or "global warming" is, read Weart's excellent write-up first.)

In 2009, a UK climatology centre, the Climatic Research Unit of the University of East Anglia, was hit by a cyber-attack. E-mails and data were stolen, and published on the Internet in two batches, once in 2009 shortly before the UN Climate Change Conference in Copenhagen, Denmark, and once in 2011 shortly before the conference in Durban, South Africa. Global warming `skeptics' -- people who dispute that the Earth is warming due to mankind's burning of fossil fuels -- quickly used the e-mails to portray global warming as being a hoax, and tried to manufacture a 'Climategate scandal' of climate science.

This blog comments on SwiftHack -- the cyber-attack on climate science -- and seeks to uncover the truth behind the events surrounding the attack.

For background and more, see the links on the right side of the page.

.:Attention!:.

If you have any information pertaining to the CRU cyber-attack which you think I show know about, please e-mail me at swifthack at mail dash on dot us.

April 2012

1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30