Climate Science Glossary

Term Lookup

Enter a term in the search box to find its definition.

Settings

Use the controls in the far right panel to increase or decrease the number of terms automatically displayed (or to completely turn that feature off).

Term Lookup

Settings


All IPCC definitions taken from Climate Change 2007: The Physical Science Basis. Working Group I Contribution to the Fourth Assessment Report of the Intergovernmental Panel on Climate Change, Annex I, Glossary, pp. 941-954. Cambridge University Press.

Home Arguments Software Resources Comments The Consensus Project Translations About Support

Twitter Facebook YouTube Pinterest MeWe

RSS Posts RSS Comments Email Subscribe


Climate's changed before
It's the sun
It's not bad
There is no consensus
It's cooling
Models are unreliable
Temp record is unreliable
Animals and plants can adapt
It hasn't warmed since 1998
Antarctica is gaining ice
View All Arguments...



Username
Password
New? Register here
Forgot your password?

Latest Posts

Archives

Skeptical Science hacked, private user details publicly posted online

Posted on 25 March 2012 by John Cook

Sometime over the last few days, the Skeptical Science website has been hacked. The hacker has taken much or all of the Skeptical Science database, zipped various excerpts into a single file, uploaded the file onto a Russian website then linked to the zip file from various blogs. While we are still attempting to verify the authenticity of the file, initial scans seem to indicate the hacker has included the entire database of Skeptical Science users. Access to the full database (which includes private details) is restricted only to myself and I am the only one with access to all of the raw data - this fact alone indicates that this breach of privacy came in the form of an external hack rather than from within Skeptical Science itself.

Of great concern is the fact that the hacker has published personal details such as emails and IP addresses of each user. Many users for various reasons have posted under pseudonyms and the Skeptical Science Comments Policy forbids cyberstalking. Consequently, that the private details of every Skeptical Science user has been stolen and publicly posted is a deeply regretable and unfortunate occurence.

Although user passwords are encrypted in the database, it is unknown whether the hacker has been successful in decrypting passwords. As a safeguard, it is highly recommended that everyone update their user passwords. You can do this via the Update Profile form.

Rest assured, we are working hard to upgrade Skeptical Science's security in order to more robustly protect users' private details. We are also in the process of soliciting legal advice on these matters and contacting the appropriate authorities. We would like to thank those who have come to us with information about this hack and those who have decided against spreading the aforementioned files (e.g. Anthony Watts). We all believe that protecting the privacy of individuals is of the utmost importance and we would hope that all illegally obtained documents and files are removed from uploaded servers and disposed of. 

UPDATE: Anthony Watts has since reneged on his pledge to not use illegally stolen private correspondance and has posted excerpts on his website.

0 0

Printable Version  |  Link to this page

Comments

Prev  1  2  3  Next

Comments 51 to 100 out of 133:

  1. @John Cook I too got this message: "Your update wasn't completed because one or more errors occurred. Please resubmit after making the following changes: That username has already been taken." Unfortunately - or perhaps fortunately - the email address in my profile is no longer valid. So I cannot use the "forgotten password" option. I have, in the meantime, changed my password on the only other website I used it. But I would like to avoid the embarrassment of seeing inappropriate messages posted under my name. Any suggestions?
    0 0
  2. Thanks for that joabbess. I've implemented all your suggestions but it still won't let me change my password; since I don't use this site's password for any other log in, perhaps it doesn't matter too much... ...still, it should be possible for me to change my psswd here!
    0 0
  3. I get same error message as in 51 above -- no update button, just "send message". Also, when do the "forgot password" it comes back and says email sent to a bogus gmail account.
    0 0
  4. In a roundabout way, this is recognition that SkS is a thorn in the side of the Denial Industry and deserves such attention.
    0 0
  5. Nefarious activity can be easily spotted with login attempts from unusual ip addresses especially from vietnam, india, pakistan, brazil, africa and other countries where many users have no clue about safe surfing, and ISPs have no obligation to keep their networks clean. (This is my personal gripe, so I developed an adaptive firewall and track 1.5 million addresses over the last decade)
    0 0
  6. This is too bad. In November 2010- Thanksgiving Day- someone hacked me- HD crashed. Same Thing Christmas Eve 2011. I have total protection from McAfee-stuff still can get through. Recently my Google account was compromised- sent them a nasty note. My Boston Globe account was also hacked. It seems someone is out to get me/us. Lets face it we probably have enemies as climate 'crusaders'--- I successfully changed my email and password. Carry On.
    0 0
  7. The charming Bishop Hill - how did I think to look there? - has provided a helpful link to one Tom Nelsons' blog, where Mr Nelson futher provides a link to the zipped trove of material and a few opportunities to blather on for the self-styled 'leaker'. But what's most interesting is the culled 'revelatory' material Nelson has kindly posted. Because there's a rather outstanding hole in it where anything even resembling a 'smoking gun' might be. How I laughed when I realised that the best they could come up with was -
    To achieve this goal, we mustn't fall into the trap of spending too much time on analysis and too little time on promotion.
    With the description of what this goal actually is conveniently omitted from their cherrypick lest it might turn out to be, oh, what, perhaps, increasing the audience for the website? For sound AGW science generally? Something equally 'sinister'? Then follows a list of whole bunch of proposed - wait for it - outreach activities that I commend you all for undertaking. It's a genuine pity about what promises to be a rather interesting paper's probable chances at Science given this untimely revelation of its submission. Other than that this really says most about is the truly grubby arm of Denial and the pathetic lengths to which they are prepared to go.
    0 0
  8. What a bugger. I haven't noticed anything odd yet. I'm guessing mainly spam or unwanted blog visitors might happen, and can cope. Hard to see how it could be used on more sinister way.
    0 0
  9. I tried to change my password but got the message that the name is already taken. I tried the 'forgotten password' route, entered my name and email address, and it said the password has been sent to an email address that isn't mine. What to do?
    0 0
  10. I suspect this is causing John some anxiety, but for my part, I would ask him to rest easy, mostly. I comment anonymously because I fear the irrational behavior of, I guess, irrational people. But I think only a small set of people commenting/posting here would actually receive personal attention, and I do not think I am in that set of noteworthy people. I use different passwords depending on the nature of the material; ie, my password here is in the set of social media/I-don't-really-care passwords, which is distinct from my financial passwords, etc. So, even if the passwords are decrypted, I'm think I have little to loose. I work with databases and software; Andy Lee is giving good advice. My expertise is not in security or web hosting; his knowledge is beyond mine is this area, but my limited understanding jives with his advice. Kind of curious what is posted about me, but not so much that I want this site to post a link. If I had to guess, I would hazard that this is the work of a highly motivated, at least moderately skilled, but delusional person, and not the work of someone directly involved in the denial industry. I don't see what there is to gain for the professional deniers by hacking identities. Russian? Maybe, but I suspect whoever did it merely used a Russian site to post because of legal considerations. Honestly, what is to be gained by this hack? I suppose that it could be used to sway opinion (out of context or misunderstood quotes - same as climategate), but personal information does not change the laws of physics; so, I'm wondering what the hacker was hoping to achieve.
    0 0
  11. John Russel@45 We can only hope that some of the facts sink in but the contrarians do not have a very good track record with regard to reading comprehension.
    0 0
  12. I do not know if it is a coincidence but I sure have had a lot of Comet Cursor problems in the last few days
    0 0
  13. A bigger concern could be over the viruses, trojans, worms and stolen passwords that silently do damage. The nefarious payload that does blatant damage does us a favor by its reveal... I fear the invisible attack that acts as a relentless parasite. Personally, for my comments here...I could say that now I have an excuse for all the blunderingly stupid things I have said. But thanks for all that you do. Fail gracefully and try to make new mistakes.
    0 0
  14. Dana @43, Yes, we agree. In case I wasn’t clear I think the other emotions are all valid too. Bill@57 – You mean there’s nothing at all about how Katniss has been lied to and manipulated for purely political reasons by SkS? I guess that will come out in one of the later installments. ;)
    0 0
  15. I am also getting the "That username has already been taken" message
    0 0
  16. How do I unregister at SkS? See my comment #59.
    0 0
  17. arch @#64 - Indeed - the sound you're not hearing is me holding my breath!
    0 0
  18. I suggest everyone change their IP address. You may need to contact your ISP if you have a static IP or a long lease IP. Best to err on the side of caution, IMHO. How To Change Your IP Address
    0 0
  19. Changed password, notified FB-friends, in case someone has voyeristic tendencies and wants to compromise their computers by meddling with the cracked file.
    0 0
  20. I also suggest going over to Bishop Hill to give Montford some stick for linking to the file via Tom Nelson. If John wants to set up a fund to hire someone or a service to try and trace the hacker, I'll gladly contribute. Via a secure server, mind ;) Hey, you never know where it'll lead to.
    0 0
  21. > If John wants to set up a fund +1 J Bowers
    0 0
  22. Clearly Anthony Watts is a far better man than Montford. Who knew?
    0 0
  23. Oh, and here's a quote from Bishop Hill (Montford) himself on the thread below the leak story, attacking the one person brave enough to defend SKS on the thread: "Hengist, If your contributions were less dishonest I think people would be more inclined to be civil to you." Mar 24, 2012 at 7:54 PM | Bishop Hill Montford's defending the vitriolic attacks other posters have made against Hengist. Compare that to how SKS responded to criticisms of Antony Watts on this thread. How people treat their opponents is often more telling of their character than how they treat their friends... http://bishophill.squarespace.com/blog/2012/3/24/behind-the-scenes-at-skeptical-science.html
    0 0
  24. Jeez - what a weekend. Friday afternoon we find out what has happened and start investigating. By Friday night frantically changing passwords all over the place and manage to knock coffee over keyboard in process, and Saturday get a new keyboard and return to discover the whole town's telecoms are down - broadband, cashpoints, the lot. This morning by contrast seems a bit more normal! So I can now catch-up: it's good to read that Watts, despite our frequent differences, has vetoed spreading what is basically a stack of personal data further. The climate debate can be a street-fight at times, but perhaps we should all reflect that vigorous disagreement is one thing, but a line should be drawn as to what constitutes fair play. Things like this go well beyond that.
    0 0
  25. A few days ago (sorry, I can't remember exactly when) I received a popup message when I visited SKS. It was a standard Windows prompt for me to log on. I chose to ignore the message, closed the window and found that I was already logged on. I don't know sufficient about computers to say whether this could be relevant to what has happened, but it has certainly never happened before or since. Paul
    0 0
  26. Well, I had no difficulty changing my password. It was unique to this site, anyway. Like others here, I'm not in the least bit surprised that SkS has been targeted for an unethical & illegal attack by the 'other side'. Sorry to see they've been somewhat successful, though. And I'm happy to admit that my opinion of Anthony Watts just went up a few notches after reading this thread.
    0 0
  27. Password successfully changed, no problem for me there. No sign of unusual spam etc as yet either. It seems to be becoming some kind of a (rather twisted) badge of honour to be targeted by illegal hackers - a nod to the high quality of work done by SkS. It seems to be all the hackers can resort to as they are totally lacking in evidence for their point of view. paulchevin #75, for a while on one of the SkS articles there was an image that was linked (IIRC) to a NOAA page, which triggered a random login popup window for NOAA, not sure if that would be related?
    0 0
  28. Is access to the database " restricted only to myself" (i.e. John Cook) or restricted to John Cook plus the forum software which must access the database to do its job. If the latter (which makes the most sense to me) then the forum software contains both a username and password in its configuration files either in clear text or in a form that can be automatically decrypted by the SW which might as well be clear text. Regardless of that, the only plausible explanation for the leak is external hacking, most likely by exploiting vulnerabilities that Andylee has talked about. My own instance of PHPBB was hacked, it is unfortunately all too common.
    0 0
  29. Oh, great. Now the whole world will know that my PW here was "JohnCookIsACyborg". How embarrassing. But on a slightly more sane note, I think this incident is a classic revelatory action. It shows [1] how effective SkS has been in the eyes of the deniers. That doesn't really tell us much about the deniers; you'd have to be too dumb to use a browser not to see the SkS influence online. And they're certainly at least that competent. And [2] it shows just how utterly desperate deniers are to throw sand in the gears of science and efforts to communicate science's findings to a wider audience. Given the nature of this site and the lack of anything "interesting" they could have acquired by their nefarious means, it's one of the last ones I would have expected them to attack. So I have to admit to being slightly surprised. Ever onwards.
    0 0
  30. I myself sent email to Watts thanking his actions relating this stupid little episode. If we can stick to the old proverb "things fight, not people", there's still hope.
    0 0
  31. @ John Cook Hi John, I hope I'm not sounding to impatient as this is my third comment. I still have not been able to change my password. Perhaps I'm not doing everything correctly. Could you either give me precise instructions or delete my user? Cheers, Martin

    0 0
    Response:

    [DB] I have changed your password, but the email you signed up under for this user ID does not appear to be valid.  Are you also signed up under the user "martin"?  If so, I will send the new password to that email address.

  32. DB, perhaps you could do the same for me. As someone who signed up quite a long time ago, I suspect that the email address I signed up with might also not be valid any longer....even 'though SkepticalScience returns my password to my current email address when I "pretend" I've forgotton my password. So I am signed up under the user "chris", and I would like a new password to be sent to the email address associated with that username. ...hope that makes sense...

    0 0
    Response:

    [DB] I have reset your account & sent an email with the details to the email account on file.

  33. thanks DB, that seems OK. The Update Profile still won't let me change my password but I'll worry about that later when the fuss has died down...
    0 0
  34. Are you going to send an email to those whose information was stolen alerting them of this? In the profile change I noticed that: a) There is no captcha (easy to implement) b) The password is not confirmed (leading to involuntary user self invalidation)
    0 0
    Moderator Response: [Sph] We are working on a number of things, but there is a lot to do and only so much manpower. This is a 100% volunteer run site, one that generates a lot of posts, works on other efforts, and so on. The programming needed to fix this is not trivial, especially while simultaneously trying to track down the hacker, secure the site and evaluate the dangers of all of the data that was stolen (and please do not for one minute doubt this, we have substantial, irrefutable proof that the entire site was hacked in a way that was not trivial, Any claims that somehow we just left a door open, and someone happened to find stuff, are utterly and completely ludicrous.)
  35. Mod test??????
    0 0
    Moderator Response: [Sph] Yes, sorry. We have to test a lot of things. I just randomly picked your comment to do so.
  36. Oh dear. If this was indeed a sophisticated attack to unearth evidence about some vile conspiracy, the doers must feel rather disappointed now. But do not fall to desperation, my friends, maybe the secret orders for black helicopters are to be found from some other place. After all, internet is vast :)
    0 0
  37. I read on a denial site that if you put the hacked files onto an old phonograph and play it backwards you can hear John (Cook, not Lenin) saying "Paul flies black helicopters."
    0 0
  38. Oh dear, we must have upset someone. Churchill's quote comes to mind. "You have enemies? Good. That means you've stood up for something, sometime in your life." The regrettable thing is that we have been exposed as agents for the New World Order, part of a socialist conspiracy, with massive funding from the shadowy Illuminati. Do you think that might affect our reputation?
    0 0
  39. Hi guys... can you please reset my account too? see my comments at #59 and #66.

    0 0
    Moderator Response: [DB] I have reset your account & sent an email with the details to the email account on file.
  40. Sorry you were hacked. Hope you can catch them.
    0 0
  41. Thanks DB, all good now.
    0 0
  42. The main logical reason for the hacking would be to uncover any conspiracy that only really exists in the fevered minds of deniers. Having found nothing the only thing they then can do is make the information public in the hope that extremists can use it to harass or worse. You only have to look at recent history to see the same M.O. used against other law abiding organisations or individuals. They are simply projecting their own standards onto others. Reason facts and logic are irrelevant to them. This is my only real fear. Bert
    0 0
  43. SKS donation link: http://www.skepticalscience.com/donate.php
    0 0
  44. FWIW, Over at Hot Topic this issue arose, and a regular poster (from the other side - one who has considerable expertise in this area, however) has downloaded the zip file and tells me the following:
    The user.csv file contains usernames, date of joining, user level (an integer 1-14 or so) and email addresses The email addresses are not really redacted as such. They seem to drop the last part of the domain (e.g) .com) Example would be joe@gmail,so therefore it is pretty easy to deduce the full email address in most cases. There are no IP addresses in the user csv, but I have since noticed that IP addresses are logged against user names in the forums (these are the “private” forums where mods and other power users are discussing SkS strategies etc). There are no passwords from what I can see. John Cook posted on SkS that passwords are encrypted on his website, so a hacker would have to get hold of the encryption key.
    (Or crack them via the method andylee discussed above, I suppose, but it's really hard to see any great benefit being derived from this.) Anyway, he echoed Gareth's statement, as reiterated above, that it would be prudent to change any passwords, especially if you share your SkS password with any other websites. I've certainly not noticed any influx of spam or hatemail, thankfully!
    0 0
  45. John, I have solved all the problems you are dealing with many times before on the social networking sites that I run, and would to help you with my experience and tools. This testimonial on my linkedin page is quite apposite: "Andy is a multi-talented iconoclast. He's exactly the guy you want on your team when Russian hackers decide to take down your server. However, don't be surprised if you discover him playing piano late one night (or early in the morning) at your local watering hole. I'm 100% certain that Andy has capabilities that I haven't even considered. What I do know is that he is honest, loyal and hard working - the right kind of guy to have in your corner."
    0 0
  46. Sadly for the SkS hacker, I have nothing to hide. I stand behind everything I have posted here and any emails exchanged with John. Wow, that'll make exciting reading for someone! "Look. look, Doug thinks the Earth is warming!" Big deal. Not.
    0 0
  47. John, I hope you deleted my emails about the eco-warriors' brave struggle to cleanse Gaia of capitalism. Please let me know if otherwise and I will advise the Earthplight underground to sanitise the old safe houses and set up new ones. Long live the Earth-mother.
    0 0
  48. Barry - speak in code, man! Doug H - that's the obvious difference between the denial-o-sphere and the science. It's all open here. When the professional doubters get cranked up and try to push untruth onto the open side of the ledger, we get Scafetta, Michaels, Lindzen, Spencer, and the usual second-tier oddballs publishing mathturbation at WUWT. This hacking is a milestone for SkS. The range of possibilities is limited: private conversations twisted out of context, a chilling effect (fat f-ing chance), or the possibility of finding something juicy that 99% of the posters here know nothing about. John Cook, you are actually the clone of Friedrich Engels. Gasp! Or perhaps this is some sort of bizarre "payback" for Gleick's action. This is either childish (I know a number of net technicians who have a slim grasp on adulthood, despite their thinning hair), desperate, or just another move in the "yes, my integrity is for sale" game of opinion-making and economic manipulation (probably a combination of all three in different parts of the action). It reminds me of putting someone in a bad position on the chessboard and having their response be "accidentally" tipping the board over.
    0 0
  49. "Format Your Quote? Would you like us to format the text you copied? Format Text More Options Powered by Curate.Us" Is that a pop-up that should happen? Part of the investigation?
    0 0
  50. jyyh at 15:41 PM on 26 March, 2012

    "Format Your Quote?

    Would you like us to format the text you copied?

    Format Text More Options

    Powered by Curate.Us"

    Is that a pop-up that should happen? Part of the investigation?

    No, jyyr, it seems to be a new kind of block quote feature as demonstrated above.
    0 0

Prev  1  2  3  Next

You need to be logged in to post a comment. Login via the left margin or if you're new, register here.



The Consensus Project Website

THE ESCALATOR

(free to republish)


© Copyright 2021 John Cook
Home | Links | Translations | About Us | Privacy | Contact Us