Your discussions are usually much more entertaining that this. Perhaps it’s time, like the Norfolk Police, to move on to something more likely to reward your efforts – the latest Arctic sea-ice revelations, perhaps? Let’s face it, this endless speculation about the Crime of the Century is very boring and utterly pointless.

“Norfolk Constabulary has made the decision to formally close its investigation into the hacking of online data from the Climate Research Centre (CRU) at the University of East Anglia (UEA) in Norwich.”

This clearly states that the Norfolk Constabulary was called in to investigate the hacking of online data from the CRU. Period (just in case you missed it (the period))

“the investigation has concluded that the data breach was the result of a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.”

They found no evidence of a hack, therefore it must have been “sophisticated and carefully orchestrated”. They know that the files eventually wound up in the hands of the internet, so they know the internet was somehow involved, but they do not have enough evidence to prosecute the internet a.k.a. “the World Wide Web”, but the file will be passed on to Interpol.

“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

There is no evidence of this being an crime perpetrated by anyone working with the UEA because that was outside the scope of their investigation into an external hacking job. Anyway, an inside job would have suggested a whistle blower thereby removing the “crime” part of the investigation and we all now know the investigation; “focused on unauthorised access to computer material,” thereby ruling out authorized access to computer material.

“Good morning Super.”
“Good morning Wonderful”

If the police did indeed hire experts, these experts would have traced the exploit down and the means by which the hacker gained access to userland or even root access, thereby giving himself full access to accounts. etc.

This does generally leave footprints behind, such as server logs, stray accounts, changes passwords for users.

However, had this been found, the report would say “used (insert exploit here) to gain access to root, or a user account, or mail, blah, blah blah” Since it merely says “can’t find evidence that someone at CRU did it” the real clues are what was NOT said, rather than what was.

Imagine you took your car to the mechanic, because one day the motor started knocking, and the mechanic says “Someone that’s not your gas station attendant or oil change person used a sophisticated plan to cause your motor to fail catastrophically.” That would mean he’s got NO FREAKING CLUE why your motor failed, but he wants to say someone did it to you. If the bearings are burned out and the inserts show embedded material in the bearings, and the oil analyzed shows silica, yeah, someone dumped sand into the oil filler. And any nominally competent mechanic would know and do exactly that, and he’s never use the terms above. He’d say “someone put sand in the motor”.

The only thing that “can’t find evidence that a CRU person did it” kind of statement implies is that they didn’t find the files in someone’s inbox, network drive, or account space on the server. Nothing else. It certainly doesn’t rule anyone out.

So, I’d say this means: They found no actual forensic evidence of a hack (it’s possible for a hacker to clean up after himself, but few would bother… what is the point, to hide that you’ve been there? Usually the act is to do something that makes it obvious it’s happened..), and they didn’t find any directly incriminating evidence that someone UEA did it.

Which leaves the most probable prospect… Someone at UEA, possibly in collaboration with someone else who has some “cover my butt” skills. I’d say it was collected over time, intentionally, and the data walked out via a usb drive or was collected off-site over time.

Which all points to someone with intimate knowledge. And that points to someone on the inside.

Won’t trust a single word of this press release, especially if they need to repeat that “sophisticated and carefully orchestrated attack” BS part twice within a few sentences – do they think anybody reading their statement is stupid?

k, this is probably a little childish but it did catch my eye and I can’t resist poking fun at deniers. My recent comments over at Climate Audit has prompted a flood of traffic from mostly deniers. None of them commenting though which is a shame. Anyway, a check of my site stats revealed this.

Textbook definition of a troll – a troll who is sad that his bait didn’t quite catch…

Emails reveal UK government’s moves to protect nuclear power from bad news and here.

The key phrase in my opinion.