Hackers hit leading UK climate research unit

Unconfirmed reports on a number of websites suggest that more than 1000 emails between senior academics and other interested parties on both sides of the Atlantic are in the files stolen by the hackers.

The BBC quotes the University of East Anglia's CRU as confirming that a hack has taken place and that police have been informed.

A complete security investigation is also under way on-campus, Infosecurity understands.

According to Mark Fullbrook, a director with Cyber-Ark, the IT security specialist, whilst details of the hack are still emerging, it is looking likely that it is a major one, and will act as a classic case study on the need for secure collaborative working practices.

"It appears that the data stolen includes more than 1000 emails and 70-odd documents that are highly contentious as regards the issue of global warming - something that various groups have alleged the governments of the world have kept a lid on for years", he added.

According to Fullbrook, it remains to be seen how explosive the data stolen by the hackers is, but unconfirmed reports suggest that the information is potentially embarrassing to several of the leading academics in the field of climate research in the UK and US.

What's interesting about the story, Fullbrook went on to say, is that the FTP link  is on a Russian server which the hackers have chosen carefully - possible because of worries that the data might be taken down when the server owners realise the political dynamite it contains.

Regardless of what happens in the aftermath of the data breach, Fullbrook said it is a textbook case of why secure collaborative systems exist.

The big question, the Cyber-Ark director noted, is why the University's CRU hadn't installed some form of security on the potentially explosive data held on its servers.

And, he explained, with references to the US government's apparently negative stance on climate change - which former vice president Al Gore has been trying to publicise for years - the data breach could cause ructions on Capitol Hill.

"Once the political fall-out from this data breach incident has settled, questions will undoubtedly be asked by those in charge about why better IT security systems weren't installed on the University CRU's servers", he said.

"I find it astonishing that politically sensitive data like this wasn't kept under highly encrypted protection."

"This data leak has the potential to add weight to the climate change cause, as well as acting as a case study on the need for secure collaborative data working."

What’s hot on Infosecurity Magazine?