Norfolk Police Inquiry at East Anglia Ends

Andrew Montford reports that the East Anglia police inquiry has closed. The police say that it was a hack, rather than a leak or inadvertent exposure, but did not provide details of why they arrived at that conclusion.

Norfolk Constabulary has made the decision to formally close its investigation into the hacking of online data from the Climate Research Centre (CRU) at the University of East Anglia (UEA) in Norwich.

The decision follows a comprehensive investigation by the force’s Major Investigation Team, supported by a number of national specialist services, and is informed by a statutory deadline on criminal proceedings.

While no criminal proceedings will be instigated, the investigation has concluded that the data breach was the result of a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.

Senior Investigating Officer, Detective Chief Superintendant Julian Gregory, said: “Despite detailed and comprehensive enquiries, supported by experts in this field, the complex nature of this investigation means that we do not have a realistic prospect of identifying the offender or offenders and launching criminal proceedings within the time constraints imposed by law.

“The international dimension of investigating the World Wide Web especially has proved extremely challenging.

“However, as a result of our enquiries, we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet. The offenders used methods common in unlawful internet activity to obstruct enquiries.

“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

The security breach was reported to Norfolk Constabulary on 20 November 2009, following publication of CRU data on the internet from 17 November onwards.

An investigation was launched by the joint Norfolk and Suffolk Major Investigation Team, led by Det Chief Supt Gregory, with some support from the The Met’s Counter Terrorism Command, the National Domestic Extremism Team and the Police Central e-crime Unit, along with consultants in online security and investigation.

The investigation, code-named Operation Cabin, focused on unauthorised access to computer material, an offence under the Computer Misuse Act 1990, which has a three year limit on proceedings from the commission of the original offence. It has been concluded by Norfolk Constabulary, in consultation with The Met, that due to outstanding enquiries this is now an unrealistic prospect.

Norfolk Assistant Chief Constable Charlie Hall, Protective Services lead, said: “Online crime is a global issue. While law enforcement agencies continue to develop our response to emerging threats, it falls upon individuals and organisations to be alert to this and and take steps to mitigate risk as far as is practicable.”

76 Comments

  1. Posted Jul 18, 2012 at 10:44 AM | Permalink

    Will we now see contrarians referring to the emails as “stolen” instead of “leaked” as has been the case, or will they flex their anti-establishment muscles and deny the Detective Senior Inspector’s expert, evidence-informed opinion?

    • theduke
      Posted Jul 18, 2012 at 10:56 AM | Permalink

      I do not see the word “stolen” in the press release. Who are you quoting?

    • Steve McIntyre
      Posted Jul 18, 2012 at 11:03 AM | Permalink

      I, for one, don’t believe everything that the police say, just because they say so. (I once filed a formal complaint against Toronto Police in connection with destruction of evidence of an assault against my son. The complaint was stonewalled; though the policeman against whom I complained was later charged for corruption in other incidents, charges which the police stonewalled for 6 years until time expired.) So I don’t take police statements as revealed truth.

      Nor do I dismiss it out of hand. Unless they provide some details on why they believe it to be hacked, I doubt that they will change any minds.

      The initial investigation by the UK police was really strange: as I mentioned here, they asked me about my views on climate change, but didn’t ask the IP address under which “RC” posted the initial notice of the release of the files. Even if the IP address led nowhere, they should have asked for it.

      Mosher, whose instincts on these things is very good and who’s interested but not dogmatic, strongly believes that “RC”/”FOIA” came from within East Anglia and that there were personal aspects to the RC/FOIA/s relationship with Jones, Briffa and/or CRU. I can’t imagine that he’s going to change his opinion based on a flannel assertion by the police without any documentation or evidence to support the assertion.

      Mosher observed to me long ago that it would be rational even for an internal RC/FOIA to carry out the download as a “hack” from an anonymized address.

      I don’t think that a mere statement from the Norfolk Constabulary will settle this.

      • pouncer
        Posted Jul 18, 2012 at 8:42 PM | Permalink

        S McI: ” (I once filed a formal complaint against Toronto Police in connection with destruction of evidence of an assault against my son. The complaint was stonewalled…)

        Y’know — if a person absolutely HAD to attribute actions to motives to motivating events, as in a narrative model than in real life… That bit of back-story connects to the dogged persistence exhibited better than any speculation about the motivating powers of “big oil” payoffs.

        I would suspect that with such experiences, one would find few to zero professionals in any profession whose statements could be taken as revealed truth.

    • neill
      Posted Jul 18, 2012 at 12:00 PM | Permalink

      Whatever happened to that old chestnut, ‘question authority’?

    • fastfreddy101
      Posted Jul 18, 2012 at 12:29 PM | Permalink

      Mike, you must be one of the last persons on this planet who takes police statements for granted, or is it just “poking fun at deniers”?

      Ok, this is probably a little childish but it did catch my eye and I can’t resist poking fun at deniers. My recent comments over at Climate Audit has prompted a flood of traffic from mostly deniers. None of them commenting though which is a shame. Anyway, a check of my site stats revealed this.

      Maybe “deniers” don’t comment because who carez?

      • seanbrady
        Posted Jul 18, 2012 at 4:29 PM | Permalink

        Mike, how do you know their views if they don’t comment? Do you have a list of the IP addresses of all “deniers”?

        If so, you should send it to the Norfolk Police ASAP; there’s still four months to go before the statute runs! Oh wait, nevermind.

      • Tony Mach
        Posted Jul 20, 2012 at 6:38 AM | Permalink

        k, this is probably a little childish but it did catch my eye and I can’t resist poking fun at deniers. My recent comments over at Climate Audit has prompted a flood of traffic from mostly deniers. None of them commenting though which is a shame. Anyway, a check of my site stats revealed this.

        Textbook definition of a troll – a troll who is sad that his bait didn’t quite catch…

    • Kenneth Fritsch
      Posted Jul 18, 2012 at 1:46 PM | Permalink

      “Will we now see contrarians referring to the emails as “stolen” instead of “leaked” as has been the case, or will they flex their anti-establishment muscles and deny the Detective Senior Inspector’s expert, evidence-informed opinion?”

      Some of these comments from the more partisan in the AGW debate do seem to look unfavorably at anti-establishment types and in this case supports the words of a senior police detective with little details how he arrived at the conclusion he did. I wonder if that attitude comes from the consensus thinking and inclination of some evidently that what comes from scientists (authority) must be right.

      Regardless of how it was revealed the what that was revealed cannot be changed by revealing who provided the what.

    • don
      Posted Jul 18, 2012 at 4:58 PM | Permalink

      “There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”
      Curious, but I don’t see any mention of those people of interest being offered polygraph tests during the investigation.

      • Arthur Dent
        Posted Jul 19, 2012 at 6:21 AM | Permalink

        As most environmentalists like to quote “Absence of evidence is NOT evidence of absence.”

    • geronimo
      Posted Jul 19, 2012 at 6:51 AM | Permalink

      What is it with warmists that they have to use lurid words to describe everything? The files were not “stolen” by any meaning of the word because they’re still there on the CRU computers. If a thief came to your house and photocopied a your utility bills you couldn’t charge him with stealing them, you’d still have them. There are only three words that suit this case and they are “leaked, copied distributed and hacked. They were either hacked, copied and distributed, or copied and leaked. Stolen doesn’t come into it the owners still have the possession of the goods.

      • Posted Jul 19, 2012 at 7:22 AM | Permalink

        *sigh* hacked and illegally duplicated then.

        • Tony Mach
          Posted Jul 20, 2012 at 6:43 AM | Permalink

          Poor thing, now he is sighing. But I guess that happens when you write about things you don’t understand – not that you would understand that. And it is always a drag using the right words to represent reality – just writing what “feels right” about those dreadful “deniers” and “contrarians” is soooo much easier, isn’t it.

  2. Posted Jul 18, 2012 at 11:06 AM | Permalink

    Independently of Mosher, I also have indications from appropriate sources that the police scenario outlined in the story is not accurate. Mosher’s nose for this is legendary–I just got lucky.

  3. MikeN
    Posted Jul 18, 2012 at 11:07 AM | Permalink

    Yes, it would be helpful to have confirmation that they found hacking methods at the theft, and didn’t just reach the conclusion based on the use of proxies when releasing files, which are methods common in unlawful internet activity that are used to obstruct enquiries.

    • Steve McIntyre
      Posted Jul 18, 2012 at 11:18 AM | Permalink

      A commenter at Bishop Hill asks how the police knew that the attack was “carefully orchestrated” if they don’t know who did it or why. Good question.

      Even if it were a hack, without knowing the author, how can they know that the attack was carefully orchestrated as opposed to individual initiative?

      That part of their statement looks to me like it was just invented.

      • stan
        Posted Jul 18, 2012 at 1:42 PM | Permalink

        What does “carefully orchestrated” even mean? Orchestrated implies a group (e.g. an orchestra of musicians) being controlled. That raises the question of who is supposed to have been in control of all those being orchestrated. And carefully (not recklessly?).

        Are we supposed to think that some evil, fossil fuel industry-funded, bad guy put together a group of people who pulled this off? And then edited all those e-mails.

        Nonsense term, but I bet it plays very well with people who read Joe Romm.

      • MikeN
        Posted Jul 18, 2012 at 1:46 PM | Permalink

        It is possible an individual was carefully orchestrating several machines to do certain downloads.

      • Duke C.
        Posted Jul 18, 2012 at 3:06 PM | Permalink

        “Carefully Orchestrated” could also encompass how the dossier was publicly distributed. Via link(s) posted at several skeptical blogs using foreign proxies. Some planning (orchestration) was indeed involved.

        • Follow the Money
          Posted Jul 19, 2012 at 2:53 PM | Permalink

          “The international dimension of investigating the World Wide Web especially has proved extremely challenging.”

          The key phrase in my opinion.

        • Tony Mach
          Posted Jul 20, 2012 at 6:50 AM | Permalink

          And quite obviously the Norfolk Police is unaware that “The World Wide Web” is not identical to “The Internet”, and that when they write about “The WWW” they actually mean “The Internet”.

          Won’t trust a single word of this press release, especially if they need to repeat that “sophisticated and carefully orchestrated attack” BS part twice within a few sentences – do they think anybody reading their statement is stupid?

      • theduke
        Posted Jul 18, 2012 at 3:23 PM | Permalink

        I’m one who believes that it doesn’t require more than one person to “carefully orchestrate” something. I can see why Steve might be sensitive about the use of the term because it leaves open-ended the possibility that several well-known individuals (no doubt financed by Big Oil) were conspiring maniacally to make the Climategate material public.

        But a conductor can carefully orchestrate a symphony. To me it means one or more people are arranging and executing a complex task of some kind.

        My old Websters dictionary defines “orchestrate” as “to compose or arrange (music) for an orchestra.”

        So while the authorities may believe there was a conspiracy, their words don’t necessarily say that there was.

      • P. Solar
        Posted Jul 18, 2012 at 4:56 PM | Permalink

        The police statement also referes to “person or persons” responsible. ie they do not even know whether it was one or more persons but repeatedly declare it was “carefully orchestrated”.

        They have clearly done very little since the initial excitement when there was a political impetus to prove it was a “criminal” act. The remaining two years of silence seems to have been spent watching the clock tick on the statutory limitation.

        The UK police forces have no more inclination to find out it was a wistleblower than the US authorities have
        to procecute Peter Gleick.

    • Posted Jul 18, 2012 at 8:26 PM | Permalink

      Heck, with all the “hackers” and other computer experts in the world reading the internet, the police should just post what evidence they do have and let everyone else have a go at it !

  4. Ed Moran
    Posted Jul 18, 2012 at 11:44 AM | Permalink

    Why should I accept that an outfit that can’t spell “Superintendent” (the press release reads “Superintendant”) is capable of running a complex investigation?

    If we are not told why these conclusions have been reached why should we not put this investigation into the “whitewash” bin with the other so-called inquiries so rightly derided by all?

  5. achuara
    Posted Jul 18, 2012 at 11:45 AM | Permalink

    Of course, the police hasn’t taken into account the fact that an insider (programmer, etc) using an outside computer and with the correct password could have accesed the files. Or had given the passowrd to another person. Why are they always thinking people is stupid? This is part of the whitewash, off course.

    • Steve McIntyre
      Posted Jul 18, 2012 at 12:00 PM | Permalink

      There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.

      Given that they dont seem to have any evidence on the location of RC/FOIA, the same statement could be said of any other university or organization,

      There is no evidence to suggest that anyone working at or associated with the [Pacific Institute] was involved in the crime.

      There is no evidence to suggest that anyone working at or associated with the [Harrisburg Chamber of Commerce] was involved in the crime.

      • MikeN
        Posted Jul 18, 2012 at 1:47 PM | Permalink

        More importantly, there is evidence to suggest that an it was a leak. That is what led people to suspect it was a leak. They need an extra qualifier on the evidence.

      • MikeN
        Posted Jul 18, 2012 at 3:20 PM | Permalink

        Obviously, noone has accused Pacific Institute or Harrisburg of leaking files. It is only necessary for them to rule out UEA.

    • Jon Grove
      Posted Jul 18, 2012 at 6:48 PM | Permalink

      I’m not sure I follow here.

      Would you really prefer the police report to have stated: ‘It may have been somebody at the CRU, but we don’t have any firm evidence to support that theory’.

      Would one really want to tolerate a suggestion like this from an official police investigation?

      As regards the tenor and assumption of other comments here, I find myself wondering, even if there was an insider involved, who was prepared to leak such a quantity of material, why should one assume this automatically rules out the involvement of outsiders at various different levels of engagement, some of whom might have had a financial stake? I have no evidence of this: but it seems no less likely to me that n any other suggestion.

      I don’t see why a cynical view of climate science needs to carry with it the necessity of interpreting the intentions and activities of /all/ who share that cynicism, for one reason or another, and in one of many different shapes or forms, as white and pure and beyond all criticism.

  6. theduke
    Posted Jul 18, 2012 at 11:54 AM | Permalink

    The “hack,” if it was a crime, was clearly one of conscience or, if you prefer, an act of civil disobedience. If Mosher and Fuller say it was someone (or more than one) with connections to the CRU, then it’s more likely than not that that is true.

    I’m also convinced that, with the possible exception of the police, it was in no one’s interest to discover who actually executed the “attack.” The risk of creating a martyr and focusing world-wide attention back on the content of the emails through exposure at a trial would not have served the interests of the authors of the IPCC narrative.

  7. Steve McIntyre
    Posted Jul 18, 2012 at 12:13 PM | Permalink

    Richard Black here

    Prof Edward Acton, the university’s vice-chancellor, said he was disappointed that the perpetrators had not been caught.

    “The misinformation and conspiracy theories circulating following the publication of the stolen emails – including the theory that the hacker was a disgruntled UEA employee – did real harm to public perceptions about the dangers of climate change.” he said.

    Too bad that they didn’t provide any evidence to actually dispel the theory that RC/FOIA “was a disgruntled UEA employee”. Nor do I believe anything that Acton says on this matter without corroborating evidence – which has notably not been provided here.

    If they’d resisted the temptation to embellish – “carefully orchestrated” for example – they’d have had a better chance of people accepting a statement. But such embellishments make it impossible to accept this without corroboration,

  8. Posted Jul 18, 2012 at 12:36 PM | Permalink

    Just sharing a few tweets- Roger Harrabins (BBC) sounds a bit odd.. (climategate act of global sabotage!)

    @BarryJWoods
    Is it just me? Or do the police sound like a press release the Outside Orgsnisation would have written 2 yrs ago? @leohickman @adissentient

    Bishop Hill‏@aDissentient
    @BarryJWoods No, the wording was familiar to me too – the stuff about sophisticated and carefully orchestrated. High entropy. @leohickman

    @RogerHarrabin
    http://bbc.in/OYGs6T @BBCRBlack Old Bill drops Climategate. If climate science is right the hack will be seen as an act of global sabotage.

    Barry Woods‏@BarryJWoods
    Really?you seriously think that? @RogerHarrabin @BBCRBlack meanwhile. Meanwhile.Guardian reports thst chinese Per CAPITA emissions = EU av

    http://www.guardian.co.uk/environment/2012/jul/18/china-average-europe-carbon-footprint?INTCMP=SRCH

    —–

    The reactions to this news story will be fascinating

  9. KnR
    Posted Jul 18, 2012 at 12:43 PM | Permalink

    Its a pure PR release with lots of suggestions of mysteries ‘hackers’ but zero evidenced to support it .
    You have ask if there so sure it was a ‘hack’ rather than an inside job why don’t tell us how they know this .

    My guess that got no where , they can’t prove a dam thing and so they go for ‘sophisticated and carefully orchestrated’ becasue their embarrassed over their rubbish standards , especial given the ton of cash they spent . And with a pressure from CRU have followed normal climate science procedure and come out with something they like the sound off and never mind the actual evidenced.

    One good thing does that now mean the CRU e-mail server they kept is now open for FOI , as its no longer evidenced , if that is the case , I winder if its not already been ‘shorted out’ by our friends at CRU?

    • ChE
      Posted Jul 18, 2012 at 1:12 PM | Permalink

      Yes. If they didn’t get anywhere, the way to save face is to blame it on a “sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet”. And then to say “The offenders used methods common in unlawful internet activity to obstruct enquiries.”, without saying anything about what those methods were reeks of CYA.

      The alternative would be to say that they were Keystone Kops, and don’t have a clue.

  10. Skiphil
    Posted Jul 18, 2012 at 1:06 PM | Permalink

    I hope that FOI requests are pouring forth in the UK for the contents of that CRU email server that has been so long (so conveniently) tucked away in a police evidence vault.

  11. Posted Jul 18, 2012 at 1:38 PM | Permalink

    The security breach was reported to Norfolk Constabulary on 20 November 2009, following publication of CRU data on the internet from 17 November onwards….The investigation, code-named Operation Cabin, focused on unauthorised access to computer material, an offence under the Computer Misuse Act 1990, which has a three year limit on proceedings from the commission of the original offence. It has been concluded by Norfolk Constabulary, in consultation with The Met, that due to outstanding enquiries this is now an unrealistic prospect.

    It’s only July. The last emails in the record could not have been accessed until November 2009. Why are they so sure that the next 4 months will be so unproductive that they should call off the search now?

    And if the search is being called off, will they at least tell us what they did find out?

    I don’t see where the police call it an outside hack. The wording is rather careful. They call it a “breach”, which could mean many different things.

    …we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet.

    So the data theft was done “remotely via the internet”. Ah yes, the internet–who’d have guessed that was involved. “Remotely” doesn’t have to mean in another country, it could just mean up the street. As for the “sophistication” and “orchestration,” that implies that they did actually find out something about the data trail or access methods, and if they are so completely stymied as to give up 4 months early, they are admitting they don’t know where the trail leads. So when they say:

    “There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime”

    I don’t take that to mean they know it does not lead back to the UEA, only that they do not know if it does.

    The offenders used methods common in unlawful internet activity to obstruct enquiries.

    Offenders – plural? So they are saying it was a group effort?
    Methods – Like hiding their identity, presumably. In which case, again, they aren’t in a position to make a clear statement that it wasn’t a UEA insider.

    Maybe this is a strategy – maybe they actually suspect it is a UEA insider, and think that by calling off the search and claiming there were no leads back onto campus they will tempt the perpetrator to come out from hiding and do something careless before November 17.

    • Kenneth Fritsch
      Posted Jul 18, 2012 at 1:51 PM | Permalink

      “Maybe this is a strategy – maybe they actually suspect it is a UEA insider, and think that by calling off the search and claiming there were no leads back onto campus they will tempt the perpetrator to come out from hiding and do something careless before November 17.”

      I think that scenario is more for TV police shows. I wonder if the police can use national security as a reason not to give details on what they found – or did not find.

    • MikeN
      Posted Jul 18, 2012 at 1:54 PM | Permalink

      They are quitting early because they need all hands on deck for the Olympics.

    • dcfl51
      Posted Jul 18, 2012 at 4:36 PM | Permalink

      “The investigation, code-named Operation Cabin, focused on unauthorised access to computer material, an offence under the Computer Misuse Act 1990″
      ===================================================
      Did they apply any of their investigative powers towards authorised access, which is not an offence under the Computer Misuse Act ? If this was a leak perpetrated by a whistleblower he may well have been authorised to access these email records.

    • Brandon Shollenberger
      Posted Jul 18, 2012 at 4:37 PM | Permalink

      Ross, there’s no reason to make much of the deadline issue. It hardly matters if the next few months could be productive for their investigation. The three year deadline is for prosecution. Even if they could figure out who the culprit was, there would still inevitably be a delay while the person was investigated, a case was built and prosecution began.

      In a case like this, it isn’t surprising they’d stop with four months left on the clock.

  12. MikeN
    Posted Jul 18, 2012 at 1:51 PM | Permalink

    It is obviously a sophisticated method, as Norfolk was unable to track them down.
    It is orchestrated, because it happened prior to the Copenhagen meeting, and later before Durban, as well as using RealClimate to release the files.
    It is offenders plural, because the e-mail said ‘we’.

    Or perhaps they just asked Michael Mann for his interpretation and went with that.

    • P. Solar
      Posted Jul 18, 2012 at 5:18 PM | Permalink

      I think ‘orchestrated’ implies orgainisation of a group of people rather than just timing of when to do it.

      However, to orgainise the release of information with the intent to sobotage Copenhagen would imply knowledge of what they would find before they committed the “breach”.

      Everyone that was already tuned in to climate skepticism at that time seems to have been gob-smacked by what came out.

      It seems unlikely anyone outside their “community” would have known there would have been the sort of damaging material that could have that sort of impact.

      It seems far more credible that there were reputable scientists (probably) inside UEA that though “enough is enough”. That the corruption of science had to be exposed before the world took a major wrong turn at COP15 based on a falsified scientific consensus.

  13. Labrador
    Posted Jul 18, 2012 at 2:13 PM | Permalink

    Went down the elevator at 5pm

    • sue
      Posted Jul 18, 2012 at 4:37 PM | Permalink

      ?? passphrase ?? ;)

      • billGH
        Posted Jul 19, 2012 at 9:25 AM | Permalink

        worked for me

  14. Posted Jul 18, 2012 at 2:15 PM | Permalink

    Reblogged this on Climate Ponderings.

  15. ChE
    Posted Jul 18, 2012 at 3:00 PM | Permalink

    Let’s not forget that there’s potentially one more shoe to drop – the key to the encrypted files. It could be that they have evidence of who did it, but they called off the dogs out of concern that that key might be released.

  16. MikeN
    Posted Jul 18, 2012 at 3:22 PM | Permalink

    Why say attack on the data files? Most people would say attack on the server. Are the files themselves encrypted?

    • Tony Mach
      Posted Jul 20, 2012 at 7:23 AM | Permalink

      No, it is PR BS.

  17. Steve McIntyre
    Posted Jul 18, 2012 at 3:53 PM | Permalink

    According to Richard Black, Michael Mann has urged that “criminals be brought to justice”:

    Prof Michael Mann from Penn State University in the US, who collaborated with CRU researchers on many projects and led the development of the noted “hockey stick” graph, said it was important that the criminals be brought to justice.

    Peter Gleick was apparently unavailable for comment.

    • achuara
      Posted Jul 18, 2012 at 4:11 PM | Permalink

      Well, what about if the “criminals are brought to justice” along with Phil Jones, Mann and the merry bunch? But all boils down to emails and the data released or hacked have not been shown to be altered, or faked –and that is the crux of the issue. They have been lying, plotting and falsyfing data in the Hadley Center for decades, in a clear criminal use of public money. But the issue seems to be it was not a leak but a hack! Give me a break!

    • Posted Jul 19, 2012 at 3:39 AM | Permalink

      “Peter Gleick was apparently unavailable for comment.”

      Beautiful.

  18. Posted Jul 18, 2012 at 5:07 PM | Permalink

    The security breach was reported to Norfolk Constabulary on 20 November 2009, following publication of CRU data on the internet from 17 November onwards.

    How curious that UEA did not report this “security breach” until Nov. 20. When – according to Gavin’s Nov. 23/09 “reconstruction” of the “details” – UEA had been “informed” on Nov. 17, following an alleged “hack” (for which no evidence has ever been provided) at RC, which super-sleuth Schmidt* had described as (inter alia):

    At around 6.20am (EST) Nov 17th, somebody hacked into the RC server from an IP address associated with a computer somewhere in Turkey, disabled access from the legitimate users, and uploaded a file FOIA.zip to our server.
    [...]
    The use of a turkish computer would seem to imply that this upload and hack was not solely a whistleblower act, but one that involved more sophisticated knowledge. [emphasis added -hro]

    Interestingly (or not), the opening paragraph of Mann’s latest exercise in creative writing begins:

    On the morning of November 17, 2009, I awoke to learn that my private e-mail correspondence with fellow scientists had been hacked from a climate research center at the University of East Anglia in the United Kingdom and selectively posted on the Internet for all to see.

    Isn’t it an amazing coincidence that both Mann and Schmidt should have awoken to such a similar realization on the morning of Nov. 17 – yet no one reported this alleged “hack” to the appropriate authorities on either side of the Atlantic until Nov. 20.

    Kinda makes one wonder: if none of the emails had surfaced (as they began to do) on Nov. 19, would anyone on either side of the Atlantic have even reported this alleged “hack” to the authorities? But I digress …

    In the absence of any evidence to the contrary, perhaps Norfolk’s finest have made their determination of “sophisticated and carefully orchestrated attack” solely on basis of the “testimony” of Schmidt and Mann (two noble climate scientists™) simply because they said so!

    Considering the questions that we know were asked (and those that weren’t) of those whom the Norfolk constabulary actually contacted, perhaps their mode of enquiry took the same approach as Muir Russell: If you ask the wrong questions of the wrong people, you are well on your way to ensuring that you will get the right answer.

    * Readers might want to visit (or revisit!) Of Climategate, constabularies and Copenhagen: Gavin Schmidt’s ever-changing story

    • Skiphil
      Posted Jul 18, 2012 at 5:17 PM | Permalink

      “If you ask the wrong questions of the wrong people, you are well on your way to ensuring that you will get the right answer.”

      Well said, Hilary! This pithy quotation sums up much that is wrong with the various inquiries and investigation (sic) (cough, laughter). Not to mention sooo much sub-standard “journalism” and “climate science” where many are careful not to ask serious questions of people who would actually shed light on a topic.

      btw, you may find the latest Karoly shenanigans of interest…. (re: the pathologies of certain climate scientists).

      • Green Sand
        Posted Jul 18, 2012 at 5:29 PM | Permalink

        Re: Skiphil (Jul 18 17:17),

        I think all the inquiries were run more on the lines of “if you might not like the answer, then do not ask the question”

        • Skiphil
          Posted Jul 18, 2012 at 5:45 PM | Permalink

          yessss…. and like the old saying for attorneys doing witness examination in a live courtroom setting, “never ask a question for which you do not already know the answer”… the inquiries practiced

          “only a question if you already know and like the answer”

          None of those Climategate and Manngate inquiries had credibility.

    • thisisnotgoodtogo
      Posted Jul 19, 2012 at 8:48 AM | Permalink

      STOP THAT !
      Gavin did not call police because…well, because…he didn’t have a complete inventory worked up of what had been stolen !
      So…Who you gonna call ?

  19. Green Sand
    Posted Jul 18, 2012 at 6:03 PM | Permalink

    In this case I might well revise it to being “if you KNOW you will not like the answer, then there must NEVER be a question”

  20. Paul-in_CT
    Posted Jul 18, 2012 at 6:03 PM | Permalink

    So, they can’t figure out who had anything to do with it, but but they know this for sure:

    “While no criminal proceedings will be instigated, the investigation has concluded that the data breach was the result of a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.”

    Sophisticated and carefully orchestrated? Who was the Maestro? How could they figure that out if they couldn’t even finger a single person involved? Looks more like a lifting of Michael Mann’s press releases – he says the same things about critics repeatedly, and with a similar lack of supporting material.

    If they were so well orchestrated, one would think we should at least be able to see s schematic of the orchestra…

    -Paul

  21. Rafa
    Posted Jul 18, 2012 at 8:17 PM | Permalink

    Norfolk police press release reminds me the crime scene where a dead man lies down in the floor with a knife on his chest. The superintendent says “someone killed someone”. Case closed.

  22. Alexander K
    Posted Jul 18, 2012 at 8:31 PM | Permalink

    Like Steve, I have developed a healthy distrust of the police over the years through quite nasty personal experience with various manifestations of the breed. The statement from the police reads more like a ‘teaser’ press release for an upcoming TV drama than a factual assessment of the affair. Considering the police admit to knowing very little, they have set about building a large and imaginary edifice with very little in the way of actual building materials.

  23. Don McIlvin
    Posted Jul 18, 2012 at 8:36 PM | Permalink

    OK. So the investigation is closed. The statute of limitations is up Nov 17/20 2012. Between now and then there may be some limbo, but certainly the day is nearing when ‘normal’ access to the server should become available. As I recall, the restrictions the police placed on access to the data thwarted a previous attempt to check for the Briffa attachment. It seems to me a timely appeal is in order.

  24. Gerald Machnee
    Posted Jul 18, 2012 at 8:39 PM | Permalink

    I see two possibilities:
    1. The police have no clue.

    2. Someone does not want the investigation to continue as the results may be contrary to stated beliefs. Any guesses?

  25. Freddy
    Posted Jul 18, 2012 at 9:36 PM | Permalink

    Note that “There is no evidence to suggest that anyone …” is not equivalent to “There is evidence to suggest that no-one …”.

  26. Tom C
    Posted Jul 18, 2012 at 9:58 PM | Permalink

    I think there is still prima facie evidence that it was release by an insider. Someone knew just where to look to assemble the E-mails that told the story of Team skullduggery re paleo work and peer review of contentious articles. It would have been a pretty exhaustive task for an outsider to sift through all the correspondence and build the story from scratch. Plus, it seems unlikely an outsider would have come across the harry_read_me (or whatever that was called) file.

  27. AntonyIndia
    Posted Jul 18, 2012 at 11:34 PM | Permalink

    I agree with Don McIrvin: the server (or HD drives) impounded by Norfolk police should become available now for other investigations. If the UEA has nothing to hide they should fully cooperate. snip
    If they block full access they admit guilt for me.

  28. Geoff Sherrington
    Posted Jul 18, 2012 at 11:39 PM | Permalink

    Do others wonder also, how carefully the emails were selected from what is reported to be a larger number still under the encryption key? An external hacker would probably not have done a selection while online, did not appear to use key words to select and therefore it remains logical that the file was assembled some time before the public read it? Given the serious accusations made against some people in the emails, could not the police have reported whether or not the file(s) were assembled at CRU, and by whom, and for what reason?

    Several above have already noted the meaningless use of “There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.” It is significant however that it is described as a crime, because that excludes legitimate whistleblower activity.

    This police report is unsatisfactory because it does not rule out anyone. This allows those with imagination to continue to believe that it must be (insert a person or group of choice). Therefore, there is no clearing of the innocent, when there should be.

  29. Posted Jul 19, 2012 at 8:14 AM | Permalink

    Sir David King (possibly channeling Neil Wallis) favors the term ‘sophisticated’ in his climategate disinformation efforts: http://climateaudit.org/2011/07/14/covert-operations-by-east-anglias-cru/

  30. MarkB
    Posted Jul 19, 2012 at 10:17 AM | Permalink

    “The investigation, code-named Operation Cabin,..”

    Code name? Were they afraid the investigation they announced to the public would become public knowledge?

  31. AntonyIndia
    Posted Jul 19, 2012 at 11:29 PM | Permalink

    In how different a light others internal e-mails get published at the Guardian if it suits their ideological line; their moral “criminal hacking” language vanishes. See here:

    Emails reveal UK government’s moves to protect nuclear power from bad news and here.

  32. Mark K
    Posted Jul 21, 2012 at 1:16 AM | Permalink

    I have some slight knowledge in this area… A “Hack” is specifically exploiting a vulnerability in applications or operating system, which allows you to do things you’re not supposed to be able to do. These “things you’re not supposed to be able to do” tend to be highly specific and restrictive. And, most of them simply cause malfunction / crash / shutdown / etc. Only a few allow you some “useful” action. And those “useful” actions tend to consist of taking passwords, changing passwords, or executing other programs to give you the ability to get control of an account or create one to use to then explore and take.

    If the police did indeed hire experts, these experts would have traced the exploit down and the means by which the hacker gained access to userland or even root access, thereby giving himself full access to accounts. etc.

    This does generally leave footprints behind, such as server logs, stray accounts, changes passwords for users.

    However, had this been found, the report would say “used (insert exploit here) to gain access to root, or a user account, or mail, blah, blah blah” Since it merely says “can’t find evidence that someone at CRU did it” the real clues are what was NOT said, rather than what was.

    Imagine you took your car to the mechanic, because one day the motor started knocking, and the mechanic says “Someone that’s not your gas station attendant or oil change person used a sophisticated plan to cause your motor to fail catastrophically.” That would mean he’s got NO FREAKING CLUE why your motor failed, but he wants to say someone did it to you. If the bearings are burned out and the inserts show embedded material in the bearings, and the oil analyzed shows silica, yeah, someone dumped sand into the oil filler. And any nominally competent mechanic would know and do exactly that, and he’s never use the terms above. He’d say “someone put sand in the motor”.

    The only thing that “can’t find evidence that a CRU person did it” kind of statement implies is that they didn’t find the files in someone’s inbox, network drive, or account space on the server. Nothing else. It certainly doesn’t rule anyone out.

    So, I’d say this means: They found no actual forensic evidence of a hack (it’s possible for a hacker to clean up after himself, but few would bother… what is the point, to hide that you’ve been there? Usually the act is to do something that makes it obvious it’s happened..), and they didn’t find any directly incriminating evidence that someone UEA did it.

    Which leaves the most probable prospect… Someone at UEA, possibly in collaboration with someone else who has some “cover my butt” skills. I’d say it was collected over time, intentionally, and the data walked out via a usb drive or was collected off-site over time.

    Which all points to someone with intimate knowledge. And that points to someone on the inside.

  33. Jeff Norman
    Posted Jul 21, 2012 at 1:15 PM | Permalink

    Has the EAP press release been examined carefully? Truly?

    “Norfolk Constabulary has made the decision to formally close its investigation into the hacking of online data from the Climate Research Centre (CRU) at the University of East Anglia (UEA) in Norwich.”

    This clearly states that the Norfolk Constabulary was called in to investigate the hacking of online data from the CRU. Period (just in case you missed it (the period))

    “the investigation has concluded that the data breach was the result of a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.”

    They found no evidence of a hack, therefore it must have been “sophisticated and carefully orchestrated”. They know that the files eventually wound up in the hands of the internet, so they know the internet was somehow involved, but they do not have enough evidence to prosecute the internet a.k.a. “the World Wide Web”, but the file will be passed on to Interpol.

    “There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

    There is no evidence of this being an crime perpetrated by anyone working with the UEA because that was outside the scope of their investigation into an external hacking job. Anyway, an inside job would have suggested a whistle blower thereby removing the “crime” part of the investigation and we all now know the investigation; “focused on unauthorised access to computer material,” thereby ruling out authorized access to computer material.

    “Good morning Super.”
    “Good morning Wonderful”

  34. ThosThos
    Posted Aug 14, 2012 at 8:38 AM | Permalink

    Here’s my take on this police statement. “no evidence” means that they have nothing that could lead to a prosecution. It might also mean that they haven’t a clue what went on or, more likely, they have a good idea who was responsible but, given the nature of the “offence”, can’t prove it. CRU does not have a mail server, UEA email is handled by the Computing Centre and distributed to each user’s email client, usually Eudora but any client can be used. In spite of the somewhat snide speculation here about the Norfolk police, I must confess that I have always found them to be rather good at what they do. When it comes to routine investigations like this, they are as good as anybody – after all it’s what they do year in, year out. They have their own computing people who are more than qualified to investigate a simple problem like this. The really interesting thing is the idea that a CRU computer was hacked from outside. There would be a trail, of sorts, to show that this was the case. However, it is easy, and legal, to hide the real identity of your computer in a morass of aliases, so the trail would end fairly quickly. Also, logs would show that the computer had been hacked, rather than simply logged into. Again, the police statement implies this. It is possible that an insider was involved, but unlikely. Rather than a heroic whistle-blower, who after all had simply to copy the emails to a USB stick and walk out with them, the likely evidence of hacking suggests that the only role of an insider was probably someone who talked too much in the pub!

    Your discussions are usually much more entertaining that this. Perhaps it’s time, like the Norfolk Police, to move on to something more likely to reward your efforts – the latest Arctic sea-ice revelations, perhaps? Let’s face it, this endless speculation about the Crime of the Century is very boring and utterly pointless.

  35. bob edgar
    Posted Jul 19, 2012 at 10:18 AM | Permalink

    Re: bob edgar (Jul 19 06:28),
    could an admin please free my comment from purgatory?

One Trackback

  1. [...] climateaudit [...]

Follow

Get every new post delivered to your Inbox.

Join 3,194 other followers

%d bloggers like this: