I’m calling it. The leaked Skeptical Science forum was not due to a hack.
I admit I can’t know that for sure. It’s impossible to prove a negative. However, I can observe the fact we have no evidence to support the idea this was because of a hack. I mean that. There is no evidence. What Skeptical Science claims to be evidence isn’t.
We can see this by applying some critical analysis to Bob Lacatena’s latest post, especially its update. Before we do though, I want to point out I’m cutting the snark for this post. This is us viewing his argument with pure analysis, no insults:
I misunderstood the timeline of the logging feature in the Skeptical Science code. The feature was actually implemented in early 2010. It does not, however, substantively change the reasoning. It would not have been possible to construct the deleted comments and user table contents from the logs, as they include information prior to 2010.
If you haven’t read his post or followed the discussions elsewhere, Skeptical Science had an unprotected directory on its website named logs/. This directory was created in 2010, and it logged every SQL query made at Skeptical Science from that point on. It stored each day’s logs in a file anyone could access if they had the right URL. We can see the URL of one such file was stored by the WayBack Machine (an internet archiving service). Anyone could have found that URL by trawling the WayBack Machine’s entries for Skeptical Science.
That means anyone could have stumbled upon the publicly accessible Skeptical Science logs which tracked every SQL query from 2010 on. With that in mind, let’s examine what the supposed hacker released:
1) A forum going back to March 2010.
2) A simple .gif file created in March, 2010.
3) A comment.html file, containing deleted comments back to 2007.
4) A users.csv file containing users back to the site’s beginning (in 2007?).
The notable thing here, and something which always puzzled me, is the forum only went back to March of 2010 even though it must have existed prior to that (it was an active forum and there are no introductory posts for it). If a hacker stole the entire Skeptical Science database, why would he have only released a subset of the forum comments? And why is it that subset just so happens to cover the exact period Skeptical Science had publicly viewable logs for?
That’s a heck of a coincidence. Or maybe it isn’t. We have only two items showing the hacker had information from prior to March 2010. He had a file listing deleted comments, and he had a file listing user information. Both of these files contained information from prior to March, 2010. According to Bob Lacatena, they are out proof the leak wasn’t generated just from the publicly viewable logs.
But are they? Does the fact an individual had information from prior to 2010 mean he stole more than the logs of transactions from 2010 on?
No. It is perfectly possible the information in those two files was re-transmitted sometime after its creation. For example, what if John Cook corrupted his user database somehow? What would he do? Odds are he’d restore it from a backup. That’s easy to do with SQL. Cook could have uploaded an entire table in one command. And if he did, that entire table could show up in a log of his SQL queries.
Similarly, suppose John Cook kept a copy of all deleted comments in an unwieldly format. Now suppose he eventually decided to store in a table in his database so it was more convenient. Is it unreasonable to think he might have used SQL to transfer those comments some time after they were first made? Of course not.
There are dozens of possible reasons John Cook might have retransmitted data after that data was first created. He could have been performing housekeeping, restructuring his database, restoring a backup, or any number of other things. All of these could have resulted in pre-2010 information being stored in logs created in 2010 or later. With that in mind, we should revisit the comment which leaked the Skeptical Science forum. Specifically, we should note it says:
These files detail everything that happens on the site, from forum conversations to user accounts. I have collated some of the data in a more readable form.
Why has SkS chosen to publish all this on the public internet? Is it the first step towards transparency, or a catastrophic error? This is what I first intended to ask Mr. Cook.
Thankfully I realized what my question would have looked from the climate ethics perspective- highly inappropriate and unethical. I would have been seen as a denialist attacking Mr. Cook’s work with these bizarre claims about database logs.
This “leak” is just a format conversion of already public material.
Bob Lacatena claims “this statement is a falsehood,” but we have no evidence to indicate such. This person’s story fits perfectly with the evidence we have. It’s possible the story is a lie, but it’s also possible the story is the truth.
The only other argument Bob Lacatena has to claim this was a hack is his narrative of the hack which supposedly happened to Skeptical Science. In this narrative, Lacatena refers to a list of evidence, but none of that evidence can be seen or verified by anyone. All we have is his word it exists. We cannot assume his narrative is correct based upon nothing but his word.
Moreover, even if Lacatena’s narrative is true, nobody has done anything to link that supposed hack to the release of the Skeptical Science forum. Skeptical Science could have been hacked by one person while another person released material he gathered from publicly accessible logs (after reformatting it so it was legible).
We cannot know the truth. Skeptical Science refuses to provide us any actual evidence. As such, all we can go on is what we can see and read. When we do so, and when examine it, the only conclusion that can be reached is there is no conclusive evidence as to what happened.