Hackers who broke into systems at the Climate Research Unit (CRU) at East Anglia University may have left pointers to their real IP address.
The hackers claim that the stolen data published on the RealClimate website proves that claims about global warming by the CRU have been overstated.
The hackers' attempted to hide their identity by posting the information using a third-party forwarding service known as an open proxy.
This is a common method used to hide the IP address of the source computer, but the method does not necessarily guarantee anonymity, according to Robert Graham, chief executive at Errata Security.
The proxy used by the hackers adds the originating IP address to the HTTP request headers sent to websites being visited, said Graham in a blog posting.
If the RealClimate website has advanced logging enabled, the attackers IP address may be easily found by searching the request headers, said Graham.