Hackers steal information from Climate Research Unit

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Planet earth
The UK-based Hadley Climate Research Unit (CRU), at the University of East Anglia in Norwich, is reported to have sufferered a security breach which has resulted in many confidential emails and files being uploaded to the internet.

A 61MB zip file containing information stolen from one of the world’s leading climate research centres, was posted onto an anonymous FTP server in Russia, accompanied by a note saying:

We feel that climate science is, in the current situation, too important to be kept under wraps.

We hereby release a random selection of correspondence, code, and documents

Sign up to our free newsletter.
Security news, advice, and tips.

In total it is believed that the unknown hacker accessed 1079 emails (some of which are marked as “Highly Confidential”) and over 3800 documents. A spokesman for the Climate Research Unit confirmed the hack to the BBC.

Climate change bloggers are feverishly discussing the contents of the emails, some of which – they claim – detail how members of the CRU discussed hiding the truth about climate change.

However much the Hadley Climate Research Unit may have wished their communications to have remained private, the truth is now that the genie is out of the bottle. Interested parties around the world have grabbed the archive of documents – so even if the Russian FTP site is shut down, others will be able to share the data to other interested parties.

Indeed, it appears that the data is already been distributed via peer-to-peer file-sharing networks.

Leaked Hadley CRU documents

Clearly climate change is a topic which raises strong passions – but I can’t remember an instance of either side resorting to cybercrime and hacking to gather information on the other before.

Whether you are sympathetic to Hadley CRU’s views on global warming or not, it shouldn’t be forgotten that they are victims of a criminal hack. Personal information, including the email addresses of scientists working at the organisation, is now in the public domain.

There is a real danger that some ne’er-do-well could use that information to spam or send targeted attacks against individuals who would have understandably expected their communications to have been held securely.

Details of how the hack occurred aren’t yet apparent, but this security breach may serve as a timely reminder to other organisations to ensure that they have put the necessary security in place to reduce the risk of something similar happening to them.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.