As a security guy I’ve been pinged by the news about the East Anglia hack, the one about the climate site that was hacked with a slew of emails, data, and code swiped. Whenever something like this happens people wonder if it can happen to their site. Of course, the answer is yes. But we don’t have the full context of the hack. Was it really a hack or was it an inside job? There’s a big difference. An inside job doesn’t necessarily require actually breaking into the system while a proper, outside hack does. Until we find out what actually transpired we won’t know if the systems were truly compromised or not. Unfortunately, if the hack was well executed it might be very difficult to tell if it was an inside job or an outside hack. Such is the problem with modern computer systems and the complexity that arises from their high interconnectedness. All that said, there is another issue: the data that was taken. Leaving aside the legality of whether or not the data should have been released publicly or not, either via this supposed breach or via an FOI, the fact is that it has raised the
