Replies

I believe the files where not ftp'ed or downloaded by other means from the CRU servers to another system but that someone working at CRU with root privileges set, perhaps an administrator, and or an actual root user level (they can get at anything on a system ... they own the system by default) assemble a number of files such as the emails for each user's email, copied into own directory space, then carefully gziped them then sent them out to a few individuals elsewhere with the notice they all had some 48 hours or whatever to do what they wanted to do.
As a root user on any UNIX system or Linux system I can view ,modify, delete, copy any file on the entire system if I so please to. And that of course holds true for the other UNIX variants as well as Sun Solaris systems.
An outsider would have had to gain root privilege in order to view the individual email users directories and stored emails as well as files used for the modeling etc..
Of course an insider who had root user level could have had an agreement with someone on the outside of the server(s) to during a brief period of time be granted what we call super user (su command in UNIX). The insider would have granted them SU privileges. Then once the access was complete, files copied by various means, removed the SU privilege. They then could have doctored the file that stores SU access to obliterate any reference to the so called hackers login name.
In the past I had given certain individuals su level access to do something on a given UNIX system I maintained. Very easy stuff to do when one is root user.