Climate Change E-mail Leak Indicates 'Hacktivism' Trend


Hackers broke into the e-mail server of the Climate Research Unit at the University of East Anglia, one of the U.K.'s premier climate research institutes, on Friday, stealing 1079 e-mails and more than 3,800 documents. The CRU hack, which occurred in the weeks prior to a major global climate summit in Denmark slated for December, was later confirmed by a CRU spokesperson.

Hackers then posted the e-mails and documents onto an anonymous FTP server in Russia, as well as a link to the 61-MB file on the blog Air Vent, accompanied by a note that read, "We feel that climate science is, in the current situation, too important to be kept under wraps. We hereby release a random selection for correspondence, code and documents."

The e-mails elicited a firestorm of criticism from the blogosphere, particularly climate change skeptics, who used the published e-mail segments as a tool to corroborate theories that global warming is a fabrication created by the scientific community. They said that CRU climate scientists manipulated data and hid information to support their own conclusions. Meanwhile, Republicans in Congress launched an investigation examining the CRU climate scientists accused of stifling dissenting views about global climate change.

Security experts said that in addition to various arguments surrounding global warming, the incident indicates a continuous trend of political hacktivism -- online sabotage that forwards political agendas -- which in turn, could galvanize organizations to take necessary precautions from becoming the next victim.

Sponsored post

"Hactivism seems to have gotten more popular in recent times," said Roel Schouwenberg, senior antivirus researcher for Kaspersky Lab, via e-mail. "It's hard to predict how exactly it will evolve and how it will present itself in the public domain. I think that a major implication is that people will start to think more seriously about encrypting their mail and other sensitive content."

However, Dave Perry, director of global education for Trend Micro, said that because details surrounding e-mail hack are yet unknown, the incident might not have been a true "hack." Instead, individuals could very likely have gotten a hold of a password and logged on as authenticated users, he said.

"It's unlikely that somebody hacked the server," Perry said. "It's much easier to get a password and log on when you go to write an e-mail."

This is not the first time that strong public backlash occurred as the result of e-mail hack exposing private communications. Similarly, a Yahoo e-mail hack exposed the personal e-mails of Republican vice presidential candidate Sarah Palin. A blogger identified as "rubico" admitted he posted a message to the 4chan's forum /b/ board claiming that he had hacked into Palin's Yahoo account by using the password reset feature, which prompts a user to answer several personal questions, such as name of first pet or grade school, before allowing them to reset the e-mail account password.

But because of the politically charged nature of the issue, the global warming hack could indicate a shifting paradigm for e-mail as a means of "private" communication while underscoring the need for users to deploy technologies such as encryption to protect sensitive documents and communications.

Security experts say going forward, any online correspondence will continue to be brought under public scrutiny for hot button issues, such as climate change. That means that even ostensibly "private" communication such as e-mail will be up for grabs, experts say.

"What would your choice of words say to the world at large?" Perry said. "Don't assume that online is private ever. There is no privacy online. Everything is a matter of public record and a determined person will be able to uncover it."

Schouwenberg agreed.

"I think the vast majority of users consider e-mail conversation to be a private thing. That perception is flawed," Shoenberg said. "Hopefully this incident will make people more aware that unless encrypted, the content of their e-mail may end up in the public domain."