One Saturday morning in June, two days after the president had announced his intention to withdraw the United States from the landmark Paris climate agreement, Michael Mann was tweeting about Donald Trump.
Mann, a Penn State professor who is one of the world’s most prominent climate scientists, was thinking about the daily barrage of revelations surrounding Russia’s efforts to help Trump win the previous year’s election. The hacked Democratic documents posted on WikiLeaks. The media craze over private emails that had been ripped out of context. Smear campaigns circulating on social media.
“#Russia #Wikileaks #HackedEmails #Sabotaged #ClimateAgreements,” tweeted Mann. “Why does this story sound so darned familiar?”
Seven years earlier, Trump was riffing on a very different set of hacked emails. The real estate mogul had called into Fox News after a blizzard to declare that climate change was a hoax. Trump claimed that “one of the leaders of global warming” had recently admitted in a private email that years of scientific research were nothing but “a con.”
Trump was referring to the 2009 Climategate scandal, in which emails from climate scientists were hacked and disseminated across the internet. Climate change deniers claimed the messages showed scientists engaging in misconduct and fabricating a warming pattern that didn’t really exist. Multiple investigations ultimately exonerated the researchers, but not before a media firestorm undercut public confidence in the science—just as world leaders were meeting in Copenhagen, Denmark, to attempt to rein in greenhouse gas emissions.
In hindsight, the Climategate hack, clearly timed to disrupt the Copenhagen negotiations, looks like a precursor to the hack that helped shape the outcome of the 2016 election. That’s how John Podesta, the Clinton campaign chairman whose stolen emails were posted on WikiLeaks in the final weeks of the campaign, sees it. The parallels go beyond the hacks themselves. “I think it was the intentionality of influencing the public debate,” he says.
At its core, Climategate was a story about emails—some admittedly embarrassing or poorly phrased—that were dumped online with the intent of altering a crucial global event. WikiLeaks republished the scientists’ emails. Talk radio and Fox News had a field day. Politicians soon followed. Mainstream reporters amplified out-of-context quotes. And the victims of the hack—especially Mann and the University of East Anglia’s Phil Jones—were not prepared for the deluge of investigations, personal attacks, and even death threats that followed.
At the time, some observers openly wondered whether Russia might have orchestrated the Climategate hack. Investigators and other experts haven’t found much to support that hypothesis—the true culprit remains a mystery. Mann himself has pointed to the incident’s “curious connections” to Russia and WikiLeaks, but he, too, notes there’s no specific evidence that Moscow was to blame. Still, Mann sees other ways in which the episode was similar to what Hillary Clinton experienced in 2016. Both hacks, he notes, were “intended to impact the global political scene in a significant manner.”
Podesta, a leading advocate of climate action during the Obama years, describes Climategate as an early example of hackers conspiring “to take the fruits of illegal behavior, weaponize them, then use them in a political context.” And though the emails contained no evidence of scientific misconduct, Podesta notes, climate change deniers successfully used them to “change public perception and increase skepticism about the need for action at a pivotal moment.”
Climategate began in the fall of 2009, when someone accessed thousands of emails and other documents stored on a backup server at the University of East Anglia’s Climatic Research Unit—a prestigious institution in Norwich, England, that is one of the leading centers of global warming research. It wasn’t just CRU employees who were caught up in the hack; their communications with dozens of scientists around the world, including Mann, were stolen as well.
On November 17 of that year, links to a zip file containing the stolen material—labeled “FOIA.zip”—began appearing in the comments sections of blogs run by climate change skeptics. The file name had a clear meaning: Skeptics had been engaged in a long-running battle with the university to gain access to scientists’ raw data and communications using the United Kingdom’s Freedom of Information Act. The file itself was stored on a server in Russia, though that server space could have been used by anyone in the world.
The hacker also broke into RealClimate—a website run by a group of climate scientists—and drafted a post promoting the emails. NASA scientist Gavin Schmidt found the hacker’s post before it was published; it still sits in RealClimate‘s content management system today.
Within days, WikiLeaks published the emails. Its founder, Julian Assange, told PBS that the university had been trying “to suppress information from the Freedom of Information Act.” (At the time, Assange was considered an advocate of radical transparency. After WikiLeaks’ role in publishing Democratic documents hacked by the Russians and corresponding with the Trump campaign, his motives seem far more suspect.)
The emails in no way altered the well-established fact that humans are changing the climate. Still, skeptics zeroed in on a 1999 message sent by CRU’s Jones, in which he mentioned Mann’s research and also used the phrase “hide the decline.” Given that Mann was best known for the “hockey stick” chart showing the dramatic increase in global temperatures, the wording sounded nefarious. But it turned out that Jones wasn’t describing an attempt to conceal a decline in temperatures. (The world was warming rapidly, after all.) Instead, he was referring to a scientific method for dealing with complications in tree-ring data.
A series of independent inquiries would later conclude that while the University of East Anglia had improperly dodged open records requests, none of the scientists had engaged in any type of academic misconduct or fabrication. But that wasn’t the story taking shape on the news networks and in major papers.
On November 20, a New York Times front-page story opened by noting that skeptics “say [the emails] show that climate scientists conspired to overstate the case for a human influence on climate change.” The Washington Post quoted climate skeptic Myron Ebell—who would later run Trump’s Environmental Protection Agency transition team—as saying the emails exposed an “alarmist political agenda.” The Post even ran an op-ed by Sarah Palin, who claimed that scientists had “manipulated data to ‘hide the decline’ in global temperatures.”
Television coverage was even worse. NBC told viewers that “those who doubt that man-made greenhouse gases are changing the climate say these emails…show climate scientists massaging data.” ABC inaccurately claimed that “one of the most damning email exchanges credits Mann with a trick to hide the decline in temperatures.”
Mann quickly became a central target for climate change deniers. Right-wing groups and Republican politicians called for the federal government to revoke his research funding and for his university to investigate him. He received an envelope in the mail containing white powder; it turned out to be cornstarch. “You and your colleagues who have promoted this scandal ought to be shot, quartered, and fed to the pigs along with your whole damn families,” declared one emailer. Along with other climate experts, Mann was featured in an anti-Semitic post on the white supremacist website Stormfront—an ominous foreshadowing of 2016.
“I could easily brush off many of the attacks,” Mann would later write in his book, The Hockey Stick and the Climate Wars, which discusses the right’s assault on his research. “But to the extent that the industry-funded disinformation machine was taking direct aim not just at me—my livelihood, my reputation, my safety—but even my family, I was becoming incensed.”
Mann was cleared of wrongdoing by multiple subsequent investigations, including by Penn State. But the personal attacks would continue for years. In a 2012 blog post for the libertarian Competitive Enterprise Institute, Rand Simberg called the university investigation a “whitewash” and compared Mann to Jerry Sandusky, the Penn State assistant football coach convicted of sexually abusing children. “Mann could be said to be the Jerry Sandusky of climate science,” wrote Simberg, “except that instead of molesting children, he has molested and tortured data in the service of politicized science.” (CEI later removed that comparison from the post. Mann is suing CEI and Simberg over the incident.)
Other climate scientists experienced similar harassment. Jones, who was the target of much of the media scrutiny and online abuse, was eventually cleared of wrongdoing by his university and has since returned to work. He doesn’t want to speculate on who was behind the hack. “I’ve tried to move on from that,” he told Mother Jones.
After three weeks of relentless Climategate coverage, the UN climate conference in Copenhagen, which was intended to lay the groundwork for an international agreement to slash emissions, began. It was supposed to be an inflection point, in which the world would move past debating long-settled science and take serious steps to solve the problem. In the lead-up to the talks, even Trump signed on to a full-page ad in the Times calling on President Barack Obama and other leaders to take bold action to combat climate change. Instead, the negotiations broke down—a diplomatic failure that set climate action back years.
For Julian Gregory, the Norfolk, England, detective in charge of investigating the hack, the timing was obvious. The Climategate emails “were selectively taken and portrayed in a way…intended to undermine the scientists and therefore the validity of their science,” he later told Climatewire, after a second batch of stolen emails was released shortly before another round of climate talks. “The conclusion you are led to is that it was done with the intention of influencing the outcome of those conferences.”
The hack probably wasn’t the primary reason the Copenhagen talks collapsed. Even before the emails surfaced, there were warning signs that diplomats could be headed for an impasse. Former US officials who participated say they don’t remember Climategate coming up during negotiations. Instead, the Obama administration and other governments simply hadn’t done enough to bridge the divides between the United States, China, and the developing world.
But the scandal provided a convenient talking point for those seeking to block climate action. Days before the conference began, Mohammad al-Sabban, the lead negotiator from oil-rich Saudi Arabia, told the BBC that the emails would have a “huge impact” on the talks. “It appears from the details of the scandal that there is no relationship whatsoever between human activities and climate change,” he said. James Inhofe, the Senate’s leading climate denier, traveled to Copenhagen, where he told throngs of reporters that Climategate was proof of what he’d been saying all along: Global warming was a hoax.
The most obvious fallout was in the United States, where the emails played an outsize role in the media’s coverage of climate change. According to a study by Matthew Nisbet, then a professor at American University, more than 20 percent of the news and opinion stories about climate change published by five major outlets in December 2009 mentioned the hacked emails.
Perhaps even more significantly, the scandal seemed to have a big impact on US public opinion, helping climate change denial and obstructionism become even more entrenched on the right. After Climategate, notes Podesta, “you see attitudinal change [in] people’s willingness to believe the scientific community that climate change is happening.” It’s no coincidence that Trump publicly reversed his own views on the issue just three months later, when he joked that Al Gore’s Nobel Prize should be rescinded and cited the stolen emails. He’s been an outspoken denier ever since.
Public trust in the science was already on the decline in the months before the emails came to light. But according to a study by researchers at Yale and George Mason University, Climategate appears to have “deepened and perhaps solidified” Americans’ growing skepticism. That was especially true on the right. Fully 80 percent of conservatives who followed the scandal said they had less trust in scientists as a result. Seventy-three percent said it made them more certain that global warming wasn’t happening. A whopping 69 percent of all respondents who followed the story, and 94 percent of conservatives, agreed with the statement that “scientists changed their results to make global warming appear worse than it is”—an allegation later proved to be unequivocally false.
Another study found a similar effect among a particularly influential group of media figures, noting that Climategate had “eroded global warming belief certainty among a large minority of TV meteorologists, at least temporarily.”
Sound familiar? Russian intelligence agents followed a strikingly similar blueprint in 2016 after they hacked the Democratic National Committee, the Democratic Congressional Campaign Committee, and Podesta’s personal Gmail account.
“If you were a Russian operative [and] pitching influence ops for the DNC, and somebody’s like, ‘Eh, I don’t know about that,’ literally you just turn around and go, ‘Look at how well it worked [with Climategate],'” says Jake Williams, a cybersecurity expert and former analyst at the National Security Agency. “I wouldn’t necessarily say one influenced the other, but certainly it’s good proof that that’s a technique that works.”
To access Podesta’s emails, the hackers used a targeted phishing attack that led his office to inadvertently turn over his login credentials. The DNC was hacked by two groups associated with Russian intelligence—one starting in 2015 and another in 2016—also via targeted phishing attacks. Tens of thousands of emails were eventually made public, along with Democratic fundraising reports and other planning materials. Batches of the stolen documents were given to individual news outlets, while other chunks were published directly to the blog of Guccifer 2.0—an online persona thought to be a front for Russian intelligence.
By far the most damage was done via WikiLeaks, which published the DNC emails days before the Democratic National Convention. And when the Trump campaign was thrown into chaos after the Washington Post unearthed a 2005 video of Trump boasting about grabbing women “by the pussy,” WikiLeaks began publishing the Podesta emails less than an hour later. WikiLeaks then rolled out new batches of emails on a near-daily basis in the month leading up to the election. Once again, the timing was clearly designed for maximum impact.
The emails exposed Democrats’ dirty laundry and fueled the impression that the DNC had helped Clinton defeat Sen. Bernie Sanders in the hotly contested Democratic primary. They also revealed excerpts from paid speeches that Clinton had given to big banks—transcripts that she had refused to release earlier and that seemed to contradict her public rhetoric. “My dream is a hemispheric common market, with open trade and open borders,” Clinton said in one excerpt that was repeatedly highlighted by Trump. Another email revealed that Clinton had assured union officials that she would defend fracking—a disclosure that angered some environmentalists.
But as with Climategate, what made the 2016 Russian hacks particularly successful was the obsessive—and often inaccurate—coverage of the emails in the media. “The hacking is only one half of the story,” Podesta says. “It’s a media story, too, because it’s the voyeurism of reading the emails, whether there is much serious in them or not, that is captivating to the media. [It] throws them into high relief, sensationalizes little bits of them. And then at the end of the day when people go back and look at the whole story, they say, ‘Well, what was that about?'”
Political jargon was misinterpreted, and innocuous phrases were presented out of context. Years-old private emails were dumped into the public sphere. Benign interactions between reporters and their sources were twisted to imply collusion between the Clinton campaign and the mainstream media. In one particularly absurd example highlighted by the liberal group Media Matters for America, Rush Limbaugh and other conservatives breathlessly reported that Podesta had “admitted” that Clinton hated “everyday Americans.” Podesta had actually meant that Clinton hated the phrase “everyday Americans”—a slogan that her campaign frequently used at the time.
The 2016 hacks had devastating personal consequences for their targets. Mann had been compared to a child molester; Podesta was actually accused of child molestation by conspiracy theorists who declared they had detected code words in his emails designed to conceal a child sex ring supposedly operating out of a DC pizzeria. Every piece of the so-called Pizzagate scandal was a lie, but that didn’t stop restaurant staffers from receiving hundreds of death threats. In December 2016, a North Carolina man who claimed to be investigating Pizzagate fired an assault rifle inside the restaurant. Luckily, no one was injured.
We still know very little about “Mr. FOIA”—the online persona who claimed to be behind Climategate. His own words suggest he was a lone individual with no government or corporate backing. (Guccifer 2.0 also claimed to have no connection to Russian intelligence, an assertion that US intelligence agencies say is false.)
“It was me or nobody, now or never,” Mr. FOIA wrote in 2013. “Combination of several rather improbable prerequisites just wouldn’t occur again for anyone else in the foreseeable future. The circus was about to arrive in Copenhagen. Later on it could be too late.”
A November 2009 memo from the University of East Anglia’s IT department, obtained through a public information request, tells us more about the hack itself. This probably wasn’t phishing, like Podesta experienced. Instead the hacker seems to have obtained the files by breaking into the university’s backup servers through a compromised account—CRU’s servers were illegally accessed at least three times in September and October 2009 using stolen or cracked passwords. Once inside, the attacker was able to retrieve the files.
Steve Lord, a British cybersecurity expert who reviewed the university memo on the incident, told Mother Jones that the methods used to steal the climate emails, at least according to materials provided by the university, showed “no real sophistication.”
“It’s not a particularly complicated setup,” said Lord. “It’s not clear how they got in, but once they’re in, from the information we do have, this is not rocket science.” (You can read the university memo below.)
Mr. FOIA has reemerged twice since 2009. In November 2011—just days before the start of another UN climate conference—a new batch of more than 5,000 emails, part of the original set stolen from CRU, was, as before, posted on a Russian server and uploaded to the comments sections of several prominent climate skeptics’ blogs.
Theories still abound about who Mr. FOIA was. “The hypothesis, unfortunately, remains today where it started,” Gregory, the local detective, told the BBC in 2012 as the statute of limitations on the crime ran out and investigators dropped the case. “It ranges from a lone individual through to commercial or governmental interests…It could have been anyone on that spectrum. We can’t say.” The Norfolk police declined to discuss the investigation with Mother Jones, and Gregory, who has since left the force, didn’t return requests for comment.
The US Justice Department appears to have gotten involved after the second email leak in 2011, though it’s unclear what became of that inquiry. The DOJ, the FBI, and the National Crime Agency, the United Kingdom’s top law enforcement body, would not comment on the existence of investigations.
In a 2012 interview with the Guardian, Gregory said his inquiry spanned “most continents”—which likely means computer proxy servers around the world were used to mask the hacker’s true identity. The perpetrator, Gregory said, tried to “leave a false trail” to throw off investigators.
Some have speculated that Russia or another petrostate was behind the hack—an idea that gained new currency in the wake of the 2016 election. Vladimir Putin, after all, has periodically flirted with climate change denial, and Russia—which recently overtook Saudi Arabia as the world’s leading crude oil producer—is highly dependent on fossil fuel extraction.
But Gregory told the BBC that he’d found no specific information indicating that a government was behind the hack. Other experts agree: With the evidence at hand, it would be “a stretch” to point the finger at Russian hackers, says Lord.
Another theory, popular among climate change skeptics, was that a University of East Anglia insider, frustrated by scientists’ resistance to freedom-of-information requests, released the documents and made it look like an outsider had taken them. But according to Gregory, investigators were confident this wasn’t the case.
In March 2013, when Mr. FOIA released a third tranche of hacked documents and announced himself in a note published on climate-skeptic blogs, he mocked the idea that the hack had been funded by energy industry groups. “I wasn’t aware of the arrangement but warmly welcome their decision to support my project,” Mr. FOIA wrote, adding that he’d opened a bitcoin wallet to accept online donations. The wallet remains active, and nine payments have been made to the account over the past five years. The value, as of mid-November, was roughly $37,400.
“That’s right; no conspiracy, no paid hackers, no Big Oil,” Mr. FOIA wrote. “The Republicans didn’t plot this. USA politics is alien to me, neither am I from the UK. There is life outside the Anglo-American sphere.”
It wasn’t until December 2015 that the Obama administration was finally able to piece together a global climate agreement in Paris. Podesta, who had briefly joined the Obama White House the previous year, helped lay the groundwork for the deal. It was immediately denounced by much of the Republican presidential field. One of those critics, of course, was Trump, who on the campaign trail called US involvement in the Paris talks “ridiculous” and promised to pull out of the deal.
Just seven months after Russian hackers helped him win the presidency, Trump began to follow through on his pledge.
The online version of this story has been updated.