Profile of the Climategate Whistleblower

Seeing as we’ve just passed the first anniversary of the Climategate leak, it might be of topical interest to repost a piece I did shortly after the emails became a blogosphere bombshell. In the time since then, the ‘hunt’ for the whistleblower has not met with any success that I’m aware of. I would be stunned if it ever does.

The Climategate whistleblower : a profile.

Okay, I’ll preface this with the caveat that I have no access to first hand sources, the people in the unit or any of the IT forensics. Therefore, instead of the usual who, where, when, how and why, I have to go on the latter – which is basically motivation; an intellectual challenge but interesting. I will give my reasons for each conclusion, something which I don’t usually do. The reasons will offend a lot of sensibilities.

I’ve outlined in a previous post why I think it very unlikely that the emails were obtained by an external hacker. Therefore, they were leaked by an insider who had “access”, without which any source is useless. If one thing comes out of reading the emails, it is that the unit was a very closely-knit and intense peer group, the classic bunker mentality. The second thing is that a decade’s worth of emails must contain a large element of messages of a personal nature. These appear to have been stripped out. Why? To focus on the science without needlessly hurting or humiliating other people. Notice also, that the content was not edited and the damning emails were left in context – the work of a fair-minded individual.

If you have knowledge of climate science and the arguments going on within it, the emails are obviously explosive stuff. A layman would simply not appreciate that. He knows his climate science and to a depth.

This betrayal of the peer group was done purely over a matter of scientific principle and by a man. Women have just as good a capacity for betrayal as men but usually for them, the reasons are inter-personal, rarely if ever for matters of ‘high’ principle. Running the risk of blowing up your career and becoming a pariah within the peer group for something as silly as “your principles” doesn’t play for them. The whistleblower is almost certainly a man. Whistleblower is such a long word and gets in the way of developing a mental image so I shall call him Unus henceforth, after a very pertinent character buried long ago in the golden era of Marvel.

Let’s focus on Unus to see what picture we can get from what little details we have of his activities. The first reliable report of the offering up of the zip file is to BBC journalist Paul Hudson on the 12th October 2009. Why him? Because Hudson had recently penned an atypical BBC piece entitled “Whatever Happened To Global Warming”. He also worked for a respected british institution with journalistic integrity (sarcasm on my part but not for Unus at the time). Hudson, at face value, looked to be at least sympathetic and he did work for the BBC. He, of course, decided or had it decided for him, not to run with the scoop of the century (that was your 15 minutes, Paul).

What’s this tell us about Unus? Basically, he’s far from worldly wise and politically very very naive. The BBC may run the odd story questioning AGW doctrine but that’s just a nod to the impartiality bit of the Charter and anyway, young Mr. Hudson is a nobody a long way down the food chain and very much the last person anyone would expect to do a “Woodward and Bernstein” with the story. To be that innocent of realpolitik, Unus is probably in the middle to late twenties. Also, when you’re older, married, mortgaged with a few kids, you simply don’t risk them all and your livelihood on “matters of principle”. This would be especially true in the closed environment of academia where being found out would be a complete career killer. There exists a possibility that Unus is a single, much older man nearing end of career who’s had enough of the dishonesty but the IT considerations, which I’ll be moving on to, militate against it.

It’s important to note that from his viewpoint, giving the information to the BBC, a perceived neutral party, no big betrayal was being done. It was more in the nature of having a discreet word with the referee, telling him that someone on your side wasn’t playing fair. A little tentative step, not really a betrayal. The ref would handle it.

As far as I’m aware, nothing is heard from Unus for over a month. Why so long? You’ve got the ammo, you’ve shown the will to use it, just pull the trigger somewhere else. It didn’t happen. Why not? I suspect the interaction between Unus and the BBC was a bit of a cold shower for him. Welcome to the real world, Unus and it has sharp edges. In the aftermath and thinking it through, there was no referee, no neutral third party to hand the data to, they were all on the bandwagon. The only people who would do anything with the data were the sworn enemies of the CRU. Of all the people you could betray the group to, that would be the worst. There was no avoiding it. This would be betrayal with a big fat capital B. I suspect you struggled with that decision long and hard for that whole month.

Gavin Schmidt has been peddling some bollocks about an attempt to upload the zip to RealClimate but I find it hard to believe. Why try to upload it to a pathologically pro AGW website, especially one whose founders appear in the emails?

Back to reality. The zip file was uploaded in middle November to an open server in Tomsk Russia and emails were sent to WUWT  and possibly others alerting them to the file’s location. Why in Russia of all places? To explain that one I have to digress so bear with me. The EU Data Retention Directive 15th Dec 2005 obliges the capture within all EU states of the details of all mobile calls and their location, text messages, landline calls, internet website visits and emails. As Mr. Caine would say, not many people know that. Interestingly, this piece of legislation is an EU record holder. It went from draft to full directive in three months flat. Why? Because it was already being done but the data being gathered was inadmissible in court. Now it is.

Basically the internet, like all forms of electronic communication, is one big tape recorder – you have been warned. It’s your ISP who’s obliged to render up the logs of your online activities. The chances of the Norwich constabulary getting the access log from a Russian ISP are somewhere between extremely slim and non-existent and patently Unus knows this. What’s more, getting some sort of injunction on an ISP outside the EU to take down the zip file would be problematic at best.

The Norwich police called in a specialist IT unit to track down Unus. Every computer on the internet has a unique IP address. Find his IP address and you’re well on the way to finding Unus. You get that by examining any emails sent by him or any sites accessed by him. You don’t have the start point of any communications but you do have the end points. There are three possibilities. The Tomsk server is a dead end and getting access to the WUWT emails across the pond would be a procedural and legal nightmare. That leaves the BBC emails with Mr. Hudson. Getting their hands on these presents no legal problems, so I assume they have. Did they get a useful IP Address or not? The answer appears to be no, simply because they’ve obviously fallen back on plan B.

Plan B involves scouring all outward communications from within the CRU to see who’s been pissing out of the tent. This explains their momentary interest in the unfortunate Mr. Paul Dennis who had some dialogue with climate sceptics, not quite yet a criminal offence for a climate scientist but enough to earn you an automatic arguido status. The fact that the IP address on the BBC emails was of no use to them means it was concealed either technically (IP chaining, multiple proxy servers etc etc) or Unus used a physical cut out such as public WiFi or an internet café.

Most commentary on Climategate discusses the emails. What’s commonly forgotten is that the zip file also contained program source code and a lot of it. Emails are written in plain English, programs are written in a programming language. The difference is that while the former can be ambiguous, the latter is totally unambiguous. If you’re going to cheat on the computer side, you have to programme it explicitly to cheat, you can’t fudge it. Take my word for it or take the time to check out some of the analysis done, the code is ten times more damning then the emails. That’s why Unus added it to the payload. He’s comfortable reading computer code.

What does all this computer stuff tell us about Unus? He knows his IT to a depth one wouldn’t expect of a climate scientist. Having said that, most of the deductions with regard to his IT expertise are heavily predicated on the level of competance of those trying to find him, which I may have overestimated. He, like them, may not be all that slick. If so, they already know who he is but of course, will never “find” him …

We haven’t heard from Unus since November. Not a peep. I think we never will. Draw your own conclusions. I’ve drawn mine and choose to omit them from this profile.

I’ve looked over what skimpy bios of the CRU players I could find for someone matching this profile, especially for one with the knowledge in the two specialist areas but without any success. The reason, I’m beginning to suspect, is that the whistleblower’s name is not Unus but Gemini.

© Pointman

Related topic : Why Climategate was not a computer hack.

Click for a list of other articles.

34 Responses to “Profile of the Climategate Whistleblower”
  1. hro001 says:

    Pointman, thank you for posting this “encore” (because I didn’t see it the first time!) I agree with most of what you’ve written – with a few exceptions:

    This betrayal of the peer group was done purely over a matter of scientific principle and by a man. Women have just as good a capacity for betrayal as men but usually for them, the reasons are inter-personal, rarely if ever for matters of ‘high’ principle

    I’ll overlook the “sexism” inherent your generalization above because I think the more important point of divergence is that I’m not so sure it had to be someone within the “peer group”. If one thinks outside the Inbox, so to speak, the first thing one has to ackonowledge is that even in (in this instance third rate) academia communication is not limited to emails!

    I do agree that it had to be the careful work of an insider. But (as I seem to recall speculating in the very long thread over at Climate Audit at the time – and with apologies to Charles Dickens, one of my all-time favourite writers) … Oh, wait a minute … for all it’s go-get-’em greenishness, google is sometimes my best friend:

    is where I wrote:

    Put the case that someone totally outside the CRU crew had been doing some independent research and had figured out – and was thoroughly disgusted by – what had been going on (anyone with common sense would be able to spot the problems). Put the case that this person either had the skillset required to “grab” the files [restore from backup tapes, perhaps?] or at least knew someone with appropriate access who did – and/or had been gathering nuggets for some time.

    Considering that communication probably also took place using other means besides emails (water fountains, cafeteria, pub, telephone, hallways, open doors, etc), and considering that it’s not unreasonable to think that the decision on the FOI request might well have been communicated to Jones on the 12th [of November] (or even the 13th in the a.m.), he doesn’t strike me as the type who would keep such “good news” to himself.

    Put the case that Jane W. Blower – one way or another – got wind of this decision, decided that it was time to strike and she and/or her accomplice spent the next 4 days putting the package together […]

    From where I’m sitting, the emails served primarily to confirm that which all you great sleuths had uncovered about the “science” over the years. […]

    Re Hudson, btw,

    “I was forwarded the chain of e-mails on the 12th October, which are comments from some of the worlds leading climate scientists written as a direct result of my article ‘whatever happened to global warming’. The e-mails released on the internet as a result of CRU being hacked into are identical to the ones I was forwarded and read at the time and so, as far as l can see, they are authentic.”

    But apart from the above, and by extension the fact that Unus could have been Una – and/or Unus [or Una] and friend(s) – great post, which was definitely worth recycling 😉


  2. UninformedLuddite says:

    Thank you for not polluting your analysis with PC considerations.


  3. Greg says:

    “I’ve looked over what skimpy bios of the CRU players I could find for someone matching this profile, especially for one with the knowledge in the two specialist areas but without any success. The reason, I’m beginning to suspect, is that the whistleblower’s name is not Unus, but Gemini.”

    Your skill sets are way over my head, but I’m pretty convinced that you’re quite the tease.

    Keep up the good work and don’t worry too much about our sensibilities. 🙂


  4. AJC says:

    For all his boasting and lies about the role of WikiLeaks in first publishing the ClimateGate materials Julian Assange would not have published them first: they don’t suite his “politics”.

    Have you considered the possibility that some of the post-Hudon delay might have been Unus waiting on WikiLeaks?

    Some of Assange’s bluster might just be sour grapes.


  5. Dominic says:

    While I would dearly love to know who the leaker is, and I have some strong ideas about this as I have looked into it in detail, I am not inclined to assist the police to find out who it was by speculating openly. This person (or persons as you seem to imply) put themself at risk in order to expose a sham and I would not want to bring the rage of the climate warmist community on them. However, if exposed, let me be the first to buy them a big drink! Even if it was Phil Jones!!


  6. AJC says:

    In the body you refer to “the zip file” supplied to Paul Hidson. It may well not have been the full ClimateGate zip file. On the Bishop Hill “the zip file” thread today there are a couple of interesting posts (by clivere) whihch state …

    “Paul Hudson was provided with a copy of one email chain by one of the people involved. Paul used that to verify that at least for that one email chain the Climategate compilation appeared to be legitimate.

    Pauls first blog post was miscontrued by many people as him saying he had received a copy of all the Climategate emails before they were released on the internet. This has generated an internet myth that the BBC were sitting on the emails and that myth has been much used by BBC haters.”


    “Punkista – the email chain that involved Paul Hudsons blog post in October 2009 that upset a lot of the main Climategate players. Some of the other BBC correspondents were involved in the fallout and apparently Paul Hudson was provided a blind copy by one of those correspondents”


    • AJC says:

      Mea culpa . The Bishop Hill thread is “Norfolk Police speak”.


    • Mindert Eiting says:

      Important comment. E-mails on the Russian Server date from 6 March 1996 till 28 October 2009. Hudson cannot have received all that material on 12 October 2009. Probably a selection around the 11 October mail in which his name occurs. Interesting facts may reside in details. If Hudson got his share on 12 October, the material must have been collected in two or more steps.


      • Mindert Eiting says:

        The Glimategate-2 release contains mails (4 digits) and documents (9 digits) as noted here between brackets, from November 2009 as follows (see )
        1. (0307)
        3. (2463)
        4. (0376/0430/0751/1356/2234/2249/3120/3430/3654)
        5. (3380)
        6. (125753285/125754679/1541/1712/2869/3244/4301/4785/5303)
        9. (1085/2038/3179)
        10. (0448/0520/0924/0942/125784714/125787482/125788101/125788298/3735)
        11. (2773)
        12. (125803913/125805346/1962/5034)
        13. at 08:22:13(4027)
        Consequently, the last take was on Friday, November 13, 2009 after 08:22:13. Because the announcement of Climategate-1 at the Air Vent was on Tuesday, November 17, 2009, at 9.57 pm., this defines the interval in which the first material was uploaded to the Russian Server.


      • Pointman says:

        Hi Mindert.

        Nice piece of analysis. We don’t actually know how many emails Hudson received but at a guess, I’d say it was a small selection rather than thousands. If that’s so, the interesting thing to think about is which emails FOIA selected for him. Were they the sames ones we’ve all read or some of the ones locked away in the encrypted archive?

        As it happens, the next blog piece will be on climategate.



      • Mindert Eiting says:

        Hi Pointman,
        If Hudson spoke the truth (always doubtful), the deliverance of any subset is in my opinion an incredible stupid act, because harvesting was still going on. Perhaps twin-1 did it or an intermediary. Twin-2 (group or person) must be an ICT genius. After reading the read-me document of Climategate-2 I have the impression of a group of young, idealistic students. I’m looking forward to your next piece.


      • Mindert Eiting says:

        See also discussion at Lucia, suggesting that harvesting went on during the weekend:


      • Mindert Eiting says:

        Pointman, if you don’t mind my follow-up comments, this is a small part of the story. Sources can be easily found. It’s all about facts and a good time-line. On Friday, 9 October 2009, Hudson published his controversial piece. The next Sunday, 11 October 2009, Jones send out a mail at 18:03:13 about a data issue. This is very exceptional because Jones almost never send out mails on Sunday. He used his CRU email address. Was he at that time in his CRU office? I don’t think that he went to an office, closed in the weekends and beyond office hours. His colleague, Briffa, was on 29 September 2009 on sick leave, but nevertheless send mails with his CRU address on 1 and 2 October 2009. Probably, these senior staff members had a remote connection to the CRU computer, either at their homes or on portable. In 2009 this internet facility already existed, because I have used it my self.

        That same Sunday, Jones, as the only one of all CRU employees (just check the list of recipients), received a mail from Schneider, at 23:32:11 -0700 (PDT). Let’s say he received that mail about half past seven AM. This mail was an alert about the Hudson piece. Moreover, this mail is part of the climategate-1 delivery, and resided therefore on the zip file Agree that you cannot add a mail to a zip before its creation moment? It was a busy Sunday, because at 3.06 AM, 10.46 AM, and 12.30 PM the zip-file maker was adding stuff to

        The next day, Monday 12 October 2009, Hudson got his share, according to his own statement. Should we think that Schneider’s mail was not among that delivery? Or should we think that FOIA was that Sunday at CRU? So, either Jones, perhaps as a split-personality, is FOIA or FOIA was permanently monitoring Jones. And Jones, as the managing director of CRU, had access to all mails of his personnel as I have already said elsewhere. If FOIA is not Jones, he/she used the same internet facility and stood for months behind him. I’m still fantasizing about his secretary but that’s more a romantic issue. Problem solved?


      • Mindert Eiting says:

        Oh, that time zone stuff. Did Jones get the mail on Monday morning? I’m talking about #125531833 in In that case Hudson could not have received this document if it was send by FOIA. Remains the Sunday-story and the possibility of remote working.


      • Pointman says:

        Hi Mindert.

        As a general point, I never close off comments on any post, so people are welcome to add their thoughts on any piece, no matter how old.

        There does seem to be some uncertainty about the number of emails Hudson received (see Hilary’s HRooo1 comment above). Perhaps it was only a single email containing a chain of several emails, which would hide where it actually came from. It could have been leaked by anyone in the email chain.

        I agree about the dates but one thing to bear in mind, is all the dates connected with a file (creation, update, access etc etc) can easily be changed by commonly available utility programs.

        I don’t think FOIA is Jones, if only because climategate undermined his life’s work but I still think it was an inside job.



      • Mindert Eiting says:

        Hi, Pointman, I’m still learning about that ICT stuff:
        Several mails from Jones and Briffa in 2009, using their office mail addresses, during weekends, holidays, and sick leave, suggest that senior CRU staff used Remote Desktop Connection or a virtual private network (VPN). In one mail from 12 October 2009 (3939 ) it is explicitly said that Briffa used during his sick leave a VPN on Melvin’s portable. (See also a comment at CA on 11 May 2012). Apparently Jones and Melvin (on holiday in August) had a VPN.


      • Mindert Eiting says:

        Pointman, we should have the facts correct. If Hudson got something forwarded that Monday by FOIA it must have been #125531833. This can hardly be called a chain. But the most peculiar is a short undated text at the end ‘Steve, You may be aware of this already. Paul Hudson, BBC’. It seems as if Hudson was participant in the discussion and mailed with Schneider. For that reason the Hudson incident may have nothing to do with Climategate and should be kept outside all analyses. I have also established that the CRU staff used VPN with limited access as they could only access their mail. Their mail was backed up by the program BackupPC that run on a CRU intranet server crua6 (in 2012 still in use), a machine that should be distinguished from the UEA computer uealogin1 (in 2012 obsolete). The nine (or ten) digit numbers we meet in the first release were numbers chronologically assigned to all UEA mail by their mail server I’m still working on Briffa’s VPN problem. It becomes more and more interesting. It is almost certain that FOIA was not Briffa (or Jones).


  7. I think you are missing a step. The leaker probably sent the original package to the BBC – and whether it was a public cafe or the BBC ethically with held details we don’t know.

    I then think the leaker contacted some well known sceptic site. I suspect it was that site rather than the leaker which then did the techical stuff of hiding their identity to upload the file etc.

    As for the sex … I’ve always assumed they were female … don’t know why, perhaps because I expect most freedom of information “officers” to be female and it looks to me like a collection of files that were being processed for release under FOI.


    • Just for fun here are some other possibilities:
      1. Paul Hudson is the leaker … or more accurately, having failed to persuade the BBC to act on the emails he decided to make them public.
      2. That someone in PC world found them on a laptop
      3. That some rejected lover, friend etc., downloaded the information using a borrowed password.
      4. An undergraduate found the logon of a member of staff and showed the result to friends.
      5. That some sceptic organisation paid a hacker tens of thousands to hack into
      6. That a member of staff did it to spite another (lover’s tiff)
      7. That another climate “science” institution did it to undermine the credibility of the UEA to get the contract for the work.
      8. That Penn’s aliens leaked it in order to precipitate global meltdown thus allowing them to settle the earth after the human species has been wiped out by a fraction of a degree rise in temperature.
      9. That I did it … after which I erased my memory using my pocket men-in-black mermory eraser pen to remove all knowledge of the act so that I can now post this to you in the mistaken belief that it wasn’t me.


  8. Graeme No.3 says:

    In view of Norfolk police ending enquiry and comment by Dung:

    “Qinetiq were involved, those people are seriously high end military grade freaking experts. If Qinetiq describe the ‘attack’ as “highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity.” then it was a military grade job. Why on earth would those kind of people be interested in climate change? None of it makes sense.

    The above leaves me believing that the whole statement is a cover up. It was an inside job, it would be too embarrassing for the university to admit this and name the whistleblower so we get the cover up”.

    I have no knowledge of Qinetiq but
    “The reason, I’m beginning to suspect, is that the whistleblower’s name is not Unus but Gemini” has been my thought all along. Why else use “we” in release note; far more likely to be true than false lead.
    Why not this?
    Twin 1 collects or finds information on server. Leaves security hole.
    Twin 2 comes in from outside and collects information.

    Would suggest Twin 1 is someone in IT Dept. at UEA, with time and permission to read files. Appalled by behaviour revealed, consults Twin 2 a friend in IT, hence above and police interest in Tallbloke.

    In the meantime both your articles are still very valid.


    • Mindert Eiting says:

      In another comment Pointman wrote that ‘the leaker had access to everyone’s emails’. I have worked at non-profit institutions and always the management had access to the mail of all their personnel. Who headed CRU since 1998? If I wanted to show the world that I am an ICT lay-man, I certainly would tell the public that I cannot do a computation in EXCEL. The whole world would laugh at me, not realizing that a scientist does not need his secretary’s office program. If you have time, just pay a visit to a psychiatrist and ask him why adult people commit suicide. If your mail lies on the street, would you do that? If you decided not to do that, would you tell the public that you considered this final act? Don’t tell the world which drama queen still is the primary Twin-1 suspect.


  9. eyesonly says:


    Good post. A review of the Climategate files needs to be done to keep us from forgetting. Look forward to future discussion with regards to the topic.

    Secret emails, whistle blowers, hackers, fraud, international government/state involvement, intrigue, cover-ups, billions of dollars, media complacency and vested interests, economic destruction, possible incarceration, etc. Toss in a possible Nobel Prize and ….

    Add a little sex and it’s more of a block buster than it already is. Hollywood could not put together a plot such as this and all generated by a bunch of …. (choose appropriate description).


  10. Mindert Eiting says:

    Briffa used Melvin’s laptop in order to have access to VPN. He used Melvin’s virtual office, because he send on 11 September a mail from Melvin’s address. Jones also had VPN because he send mails from his office address while he was on holidays and in places like Bristol.

    Jones was on an IPCC Expert Meeting Geneva during 14-16 September 2009. During these days he did not send mails (from the collection of course) from his office address. On 16 September 2009 the zip-file maker added the first harvest to the zip file.

    During 6-16 October 2009 there was a School on Statistical Analysis in Climate Research in Lecce (Italy). Jones gave there two lectures on Monday 12 October. During 12-13 October he did not send mails (on Sunday 11 October he did).

    During 10-11 November there was an Environment Agency Conference in London. Jones would be there ‘around’. On 11 November he did not send mails (on 10 November he did).

    These were the major opportunities for harvesting. Almost, because the collection contains two mails from Jones’ out-box, dated on Friday, 13 November 2009. At 08:22:13 Jones send a mail to Wigley and at 08:32:28 again to Wigley about the same subject and asked him whether Wigley got all his emails. The harvester could have used the next weekend, but it is interesting to know whether that Friday Jones was in his CRU office. That the harvester was in a hurry can be inferred from the fact that the last mail harvest (all mails since 24 October 2009) can be found in Jones’ in and out box only (that requires a considerable analysis not reported here). I want to know who had Jones laptop at his/her disposal.


    • Pointman says:

      Have we got a brand new suspect?



    • Mindert Eiting says:

      Just once more Agatha Christie speaking: Briffa had a laptop-plus-VPN at least since 2007 till March 2009. In September 2009 he had to use Melvin’s laptop, who certainly did not have a privileged account. The question is what happened to Briffa’s laptop.


  11. M Simon says:

    Well I like word games too. Gemini – twins. Not just two people, but two closely related people. Family will keep secrets better than unrelated people. So twins. Or at least brothers.

    I do not intend to track it down any further. I have circuits to design.

    I’m going to look at your most recent stuff. As usual if I find something I like the link love will follow.


Check out what others are saying...
  1. […] There’s a profile of the whistleblower here. […]


  2. […] all questions Unis, pointman is your […]


  3. […] can only be described as a highly speculative profile of the climategate leaker. You can find it here. I strongly suggest you read it now or you’ll have some difficulty following the rest of this […]


  4. […] well-worth reading eassays. In the first, which he wrote in December, 2010, he offers a repost of a profile of the whistleblower. The second, written a few days ago, includes his thoughts and questions regarding […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: