Scotland Yard Interviewed

The Norfolk Constabulary report a “sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet”.

CA sources have learned that UK police believe that the plan was carried out by a “mindermast”. The insidious methods of a mindermast are revealed in the interview below. here

Update: Police Q&A here. H/t Hilary. Q&A
Cabin

The Norfolk Police reported:

The nature and sophistication of the attack does not suggest that it was anyone at the UEA.

Apparently, one of the steps in the “attack” involved calculating a trend in Excel. The police, quite reasonably in the opinion of many observers, accordingly excluded anyone at UEA.

The vocabulary of the Norfolk briefing is pleasingly similar to Peter Cook’s
plod. Cook’s police inspector solemnly pronounced the great train robbery to be the work of thieves:

Q: who perpetrated this awful crime?
A (deadpan): we believe this to be the work of thieves. ANd I’ll tell you why. The whole pattern is reminiscent of past robberies where we have found thieves to be involved: the telltale loss of property, the snatching away of money. It all points to thieves

Life surely imitates art in the pronouncement of the Norfolk Constabulary that they believed the release of emails to be the work of criminals, criminals so competent that no one at the University of East Anglia could be suspected. In the words of Peter Cook, by a mindermast.


86 Comments

  1. BFJ
    Posted Jul 19, 2012 at 3:23 PM | Permalink

    One wonders if the Norfolk Constabulary will now present their evidence for Climategate being a break-in, and why the data couldn’t have been leaked by an insider with a conscience and a usb stick; or whether they’ll content themselves being seen to side with their fellow civil servants at UEA.

  2. Bebben
    Posted Jul 19, 2012 at 4:06 PM | Permalink

    Congratulations FOIA! You pulled it off and got away with it.

    How it was done, is less important – what’s important is what Climategate tells us about the “sophisticated” and “well orchestrated” Climate Machine, its agents and their modus operandi.

    • Adrian
      Posted Jul 19, 2012 at 6:30 PM | Permalink

      “Congratulations FOIA! You pulled it off and got away with it.”

      No (t)he(y) committed other crimes whose statute of limitations are not tolled. e.g. hacking the RC server in the US.

      I would also think anybody who archived the emails (rather than crtiqued parts) could be eligible for civil prosecution under copyritght law by UEA and others?

      • MikeN
        Posted Jul 20, 2012 at 9:23 AM | Permalink

        Was the RC hack investigated? Do we have anything beyond Gavin’s statements that it was not based on a password revealed in an email at UEA? Has anyone there ever guestposted?

  3. Andy
    Posted Jul 19, 2012 at 4:11 PM | Permalink

    Free the rest of the emails FOIA.

  4. Posted Jul 19, 2012 at 4:22 PM | Permalink

    Well done Steve. Very funny indeed and very clever. Not to mention very apt. Your regular readers should be able to relate very well when you get your material elements from beyond the fringe.

    • Posted Jul 20, 2012 at 9:03 AM | Permalink

      Re: uknowispeaksense (Jul 19 16:22), What’s even more interesting is that even recent arrivals quickly perceive the appropriateness of the material and the clear connection.

  5. Posted Jul 19, 2012 at 4:24 PM | Permalink

    Steve, thanks for that “trip” down memory lane! And it is so very apt when one considers this particular “investigation” ;-)

    • Steve McIntyre
      Posted Jul 19, 2012 at 4:33 PM | Permalink

      the language of the Norfolk Constabulary was delightfully reminiscent.

  6. Jeff
    Posted Jul 19, 2012 at 4:44 PM | Permalink

    Steve, unless I’m on the outside of an inside joke, your link to the Q&A links to a PDF from June, 2010

    Steve: revised.

  7. Posted Jul 19, 2012 at 4:50 PM | Permalink

    Apparently, one of the steps in the “attack” involved calculating a trend in Excel.

    Aha! I suggest that Dr. P. Jones can be eliminated — even if he was seen in the laboratory.

    I know that someone who thought he was more knowledgeable that I suggested that “Dr. Jones had done it in the laboratory in an Excel spreadsheet“. But we all know that a trend line was not in the realm of possibilities under those circumstances.

    • Martin A
      Posted Jul 20, 2012 at 6:12 AM | Permalink

      Phil Jones confessed he needs someone to help him if he needs to do a regression using Excel.

      Whereas Michael Mann regards needing to use Excel as the mark of an amateur.

      No wonder Phil Jones regards Michael Mann as a statistical and computing genius

  8. Schnoerkelman
    Posted Jul 19, 2012 at 4:55 PM | Permalink

    Ray at Lucia’s Blackboard made an interesting observation:

    There seems to be some doubt over whether or not there really is a 3 year limit on prosecution under this act.

    At JustAnswer the following question was posed and the answer that follows:

    Q: What is the statute of limitations or time limit for prosecution or reporting to the police for a hacking crime under the computer misuse act that was committed in 2009 in England?
    A: There is no limitation period for criminal offences. The Limitation Act applies to civil matters rather than criminal offences.
    Q: In the original Computer Misuse Act 1990 the time limit was 3 years even though it was a criminal offence. When was the limitiation removed?
    A: Originally it was a summary offence and therefore subject to a 6 month timeframe for prosecution. This ran from the point the prosecutors had sufficient knowledge of the evidence – this was decided in Morgans v Director of Public Prosecutions.

    However s35 of the Police and Criminal Justice Act 2006 made an offence under s1 CMA an either way offence and accordingly no time limit is applicable any longer for prosecution of the offence.

    I went Googling and found this:

    Computer Misuse Act amendments come into force on 1st October 2008

    The controversial amendments to the Computer Misuse Act 1990, which were brought onto the statute book by the Police and Justice Act 2006, are finally coming into force this Wednesday 1st October 2008.
    See: SI 2008 No. 2503 The Police and Justice Act 2006 (Commencement No. 9) Order 2008
    The penalties for Section 1 unauthorised computer access offence (“hacking”) is increased from 6 months to 2 years, making it eligible for Extradition from foreign countries.
    The statutory limitation on this Section 1 is abolished (formerly a charge had to be brought no later than 6 months from an arrest, and nothing older than 3 years ago could be considered).

    and this

    The UK has NO statute of limitations with regard to criminal offences. In short, you can be arrested and taken to court for an indefinite time after the offence was committed.

    I then went and located the actual legal texts. The Police and Justice act 2006 and the Computer Misuse Act 1990 as amended

    From the amended Act we find (Note the brackets enclosing the entire section tagged F1)

    [F1(1)F2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    (2)Subject to subsection (3) below, proceedings for an offence under section 1 above may be brought within a period of six months from the date on which evidence sufficient in the opinion of the prosecutor to warrant the proceedings came to his knowledge.
    (3)No such proceedings shall be brought by virtue of this section more than three years after the commission of the offence.
    (4)For the purposes of this section, a certificate signed by or on behalf of the prosecutor and stating the date on which evidence sufficient in his opinion to warrant the proceedings came to his knowledge shall be conclusive evidence of that fact.
    (5)A certificate stating that matter and purporting to be so signed shall be deemed to be so signed unless the contrary is proved.
    F3(6). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
    (7)This section does not extend to Scotland.]

    F1 S. 11 repealed (prosp.) by Police and Justice Act 2006 (c. 48), ss. 52, 53, Sch. 14 para. 23, Sch. 15 Pt. 4 (with s. 38(2))

    You can click on the pieces I’ve bolded and you get (from page 180 of the 2006 act) this:

    23Section 11 of that Act (proceedings for offences under section 1) is repealed.

    IANL but the bottom line would seem to be that there is no statute of limitations that is about to expire and either the Norfolk Police screwed up big time or there are other reasons for dropping the investigation. I leave it as an exercise for the reader to imagine what those might be.

    Bob

    • TerryS
      Posted Jul 20, 2012 at 5:07 AM | Permalink

      Bob,
      Section 11 of the computer misuse act has 7 different sub-sections. Sub-sections (1) and (6) have been repealed are are no longer in force. Sub-section (3) is still in force and this states:

      (3) No such proceedings shall be brought by virtue of this section more than three years after the commission of the offence.

      Here are the original sub-sections (1) and (6) before being repealed:

      (1) A magistrates’ court shall have jurisdiction to try an offence under section 1 above if—
          (a) the accused was within its commission area at the time when he did the act which caused the computer to perform the function; or
          (b) any computer containing any program or data to which the accused secured or intended to secure unauthorised access by doing that act was in its commission area at that time.

      (6) In this section “commission area” has the same meaning as in the Justices of the [1979 c. 55.] Peace Act 1979.

      The 3 year time limit is still applies.

      • woodentop
        Posted Jul 20, 2012 at 7:51 AM | Permalink

        TerryS – after re-reading the statute today (without a couple of beers on board ;-)), you are correct. Interestingly, it appears that s.1 was modified to make it an “each way” offence which, unless stated otherwise, means there is no time bar on prosecution.

        s.11 does indeed state otherwise.

      • bob edgar
        Posted Jul 24, 2012 at 7:15 AM | Permalink

        Re: TerryS (Jul 20 05:07),
        I’m still NAL but I think you’re incorrect on this point. I believe that the entire section 11 is repealed. The original page is here

        Changes to legislation:There are outstanding changes not yet made by the legislation.gov.uk editorial team to Computer Misuse Act 1990. Any changes that have already been made by the team appear in the content and are referenced with annotations.

        11 Proceedings for offences under section 1.
        [F1(1)F2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        (2)Subject to subsection (3) below, proceedings for an offence under section 1 above may be brought within a period of six months from the date on which evidence sufficient in the opinion of the prosecutor to warrant the proceedings came to his knowledge.
        (3)No such proceedings shall be brought by virtue of this section more than three years after the commission of the offence.
        (4)For the purposes of this section, a certificate signed by or on behalf of the prosecutor and stating the date on which evidence sufficient in his opinion to warrant the proceedings came to his knowledge shall be conclusive evidence of that fact.
        (5)A certificate stating that matter and purporting to be so signed shall be deemed to be so signed unless the contrary is proved.
        F3(6). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
        (7)This section does not extend to Scotland.]
        Annotations:
        Amendments (Textual)
        F1S. 11 repealed (prosp.) by Police and Justice Act 2006 (c. 48), ss. 52, 53, Sch. 14 para. 23, Sch. 15 Pt. 4 (with s. 38(2))
        F2S. 11(1) repealed (1.4.2005) by Courts Act 2003 (c. 39), ss. 109(1)(3), 110, Sch. 8 para. 346, Sch. 10; S.I. 2005/910, art. 3
        F3S. 11(6) repealed (27.9.1999) by 1999 c. 22, ss. 106, 108(3)(f), Sch. 15 Pt. V(1) (with Sch. 14 paras. 7(2), 36(9))

        I have bolded the amendment text at the bottom, the other bolding is in the original and the F1 bracket encloses the entire 7 subsections.

        As woodentop noted from the Crown Prosecution Service (my bold)

        Section 35 of the Police and Justice Act 2006

        Section 35 of the Police and Justice Act 2006 increases the penalty for section 1 CMA offence on summary conviction to a maximum of 12 months’ imprisonment or / and a fine and on indictment to a maximum of 2 years’ imprisonment or / and a fine. All CMA offences are either way and no longer have a time limit. The increased penalty only applies to section 1 offences committed after section 35 Police and Justice Act 2006 comes into force (see Section 38(2) Police and Justice Act 2006).

        Sorry for not responding earlier but I was far from the Internet for a long WE :-)
        bob

  9. dougieh
    Posted Jul 19, 2012 at 4:59 PM | Permalink

    AH
    now i get it, SQUASH – Sceptics Quietly Use Analysis to Suppress Hockeystick & “doubles” is your best IT agent.
    you’ve been rumbled.

    /sarc off

  10. KnR
    Posted Jul 19, 2012 at 5:15 PM | Permalink

    There is another possibility, we know from the leaked e-mails that the data management and software was a bit of mess at CRU, perhaps the security was the same , with no clear idea over who had permission to what and who actual had accessed what, the police had to fall back on asking staff members who, unsurprisingly said they did not do it. Faced with no evidenced , because the system was so rubbish , of an internal leak they went for external hack because they could not admit to a total failure, the rest as they say is just PR and BS which is nether sophisticated nor carefully orchestrated.

  11. Posted Jul 19, 2012 at 5:30 PM | Permalink

    I suspect here some large obfuscation
    Even in this “crime’s” characterization
    Those aren’t the emails
    Of the U — no, that fails
    It’s a person-owned mail situation:

    … concerning the investigation of the publication of emails belonging to members of the
    University of East Anglia
    .

    I had found the above-quoted bit
    (And I’ve bolded the “who owns” from it)
    I have just seen today
    In their FOIA
    This description, to me, is just crap.

    ===|==============/ Keith DeHavelle

  12. Adrian
    Posted Jul 19, 2012 at 6:19 PM | Permalink

    “The nature and sophistication of the attack does not suggest that it was anyone at the UEA.”

    Damning with faint praise, lol

  13. TerryS
    Posted Jul 19, 2012 at 6:28 PM | Permalink

    From the Q&A

    The conclusion was the person /s were highly competent in what they were doing.

    I can understand why they ruled out UEA staff.

  14. gober
    Posted Jul 19, 2012 at 6:28 PM | Permalink

    From the PDF: “the climate sceptic community would, in the main, give the appearance of
    welcoming the published data because it supports their view.”

    Quick, somebody give the police copies of the Oxburgh etc reports showing that CRU did nothing wrong.

  15. woodentop
    Posted Jul 19, 2012 at 6:50 PM | Permalink

    There is no statute of limitation in this case.

    Posted on Bishop Hill, h/t Bob:

    http://www.bishop-hill.net/blog/2012/7/19/more-from-norfolk-constabulary.html#comments

    Bob – well done on the legal research! There are limitations on criminal offences in the UK depending on the offence: broadly speaking statutory offences have time limits; common law crimes don’t. But it gets a bit messy in the detail. However you’re right to highlight the “each way” prosecution rule, which means that the time limit on such statutory matters evaporates.

    To the case in point: there is a shortcut – the CPS helpfully publish advice for prosecutors (come on COPFS!), in this case it can be found here:

    http://www.cps.gov.uk/legal/a_to_c/computer_misuse_act_1990/

    The relevant section is this:

    Section 35 of the Police and Justice Act 2006
    Section 35 of the Police and Justice Act 2006 increases the penalty for section 1 CMA offence on summary conviction to a maximum of 12 months’ imprisonment or / and a fine and on indictment to a maximum of 2 years’ imprisonment or / and a fine. All CMA offences are either way and no longer have a time limit. The increased penalty only applies to section 1 offences committed after section 35 Police and Justice Act 2006 comes into force (see Section 38(2) Police and Justice Act 2006).

    (my bold) this does appear to have been in force in 2009, when the incident occurred.

    • Schnoerkelman
      Posted Jul 19, 2012 at 11:35 PM | Permalink

      Re: woodentop (Jul 19 18:50),

      Section 35 of the Police and Justice Act 2006
      Section 35 of the Police and Justice Act 2006 increases the penalty for section 1 CMA offence on summary conviction to a maximum of 12 months’ imprisonment or / and a fine and on indictment to a maximum of 2 years’ imprisonment or / and a fine. All CMA offences are either way and no longer have a time limit. The increased penalty only applies to section 1 offences committed after section 35 Police and Justice Act 2006 comes into force (see Section 38(2) Police and Justice Act 2006).

      Thanks for that addition, I’d overlooked it and that makes it explicit.
      Strangely, no one seems to care. So it goes.

      Thanks for looking,
      bob

      • TerryS
        Posted Jul 20, 2012 at 6:23 AM | Permalink

        The 3 year time limit in section 11 subsection 3 still applies. It hasn’t been repealed or modified by the Police and Justice Act. That act only modified Section 1.

    • Posted Jul 20, 2012 at 12:56 AM | Permalink

      So it would appear that a case could be made that this much trumpeted “closure” could constitute an instance of “premature evacuation”.

      And was it not such “premature evacuation” that ultimately proved to be very detrimental to the careers of certain high level officials at the MET (formerly known as Scotland Yard) in the scandal surrounding their “investigation” of the now defunct NOTW (former home of Neil Wallis, PR consultant to the stars, the cops and … the prima donnas of the University of East Anglia)?

  16. Don McIlvin
    Posted Jul 19, 2012 at 7:19 PM | Permalink

    If find some aspects of the Q&A telling about certain attitudes of the police investigation.

    Case in point..

    Do you know when the attacks began?
    There’s a timeline of events and there has been speculation, in the media and the blogs,
    that there may have been an orchestrated campaign of Freedom of Information requests to the University in the summer of 2009. It appears the attacks were undertaken late in that summer, early autumn, through to November. The first tactic that we were aware of was in September 2009.

    I find it interesting that when asked plainly about when the attacks began, he weaved in the underlined above the several connecting legitimate FOI requests in terms of orchestration.

    Then I don’t know what to make of the following smear.

    Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view. Therefore, we were realistic about the prospect of them being helpful to our investigation.

    Steve, you mentioned the interviewed you, asking about your views, but no even asking for the IP address that left the “uploaded” climate gate I info. Perhaps they already knew “FOIA” was using proxy servers.

    But what is this “we were realistic about the prospects of them being helpful” all about?

    • Steve McIntyre
      Posted Jul 19, 2012 at 7:28 PM | Permalink

      To give you an idea of how bizarre – they never contacted Mosher for an interview though they contacted Charles the Moderator. They wasted time interviewing numerous CA readers who had done nothing more than submit an FOI request.

      • Posted Jul 19, 2012 at 10:32 PM | Permalink

        And if memory serves me correctly, they didn’t contact Anthony – nor did they even contact Charles until February 2010, after he had been named in one of the two articles in the Guardian

        It’s almost as if the Norfolk plod were determining their “avenues of enquiry” solely on the basis of media coverage … and perhaps a few visits to a few blogs! And what they might have been told by the noble climate scientists™ at CRU.

        Certainly an indication of a whole lotta “mindermasting” goin’ on somewhere in the cyberuniverse!

      • charles the moderator
        Posted Jul 20, 2012 at 5:04 AM | Permalink

        Re: Steve McIntyre (Jul 19 19:28),

        For reference, my write up at the time.

    • Don McIlvin
      Posted Jul 19, 2012 at 7:54 PM | Permalink

      The information Bishop Hill dug up indicates 40 people from the “skeptic community” were interviewed.

    • Steve McIntyre
      Posted Jul 19, 2012 at 9:54 PM | Permalink

      Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view. Therefore, we were realistic about the prospect of them being helpful to our investigation.

      They sent interviews to numerous Climate Audit readers and to me, most of whom, to my knowledge, answered. I answered all the questions that I was asked. The questions were irrelevant and pointless, but, in my opinion, their effort to follow FOI requests and interrogate CA readers on their views of climate change was misguided – a point that we made at the time and one that should have been “helpful” to their investigation.

      • Skiphil
        Posted Jul 19, 2012 at 10:48 PM | Permalink

        re: “welcoming the published data because it supports their view”

        That’s a very interesting phrase considering how strenuously the climatologists and their media allies try to pretend there was “nothing to see here, move along.” Sometimes the most revealing comments are when people think they are talking about something else….

        • Sailorman
          Posted Jul 21, 2012 at 4:44 AM | Permalink

          This comment resonates with me.

        • Skiphil
          Posted Jul 21, 2012 at 9:24 AM | Permalink

          Yes, it resonates because it is such a succinct confirmation that of course the authorities know the Climategate revelations support “skeptical” views in various ways…. yet there have been so many strenuous attempts to deny that it all means anything beyond some minor human foibles.

      • Posted Jul 20, 2012 at 12:41 AM | Permalink

        They didn’t contact me at all.

        • Latimer Alder
          Posted Jul 20, 2012 at 6:27 AM | Permalink

          Re: bishophill (Jul 20 00:41),

          It was the subtlety of your nom de plume that fooled them, Bish.

          They were chasing that evil denier Anthony Montford who so upset nice Professor Jones with his bad bad horrible book, not a Scottish cleric. Who could possibly have worked out that they are one and the same?

        • Posted Jul 20, 2012 at 6:30 AM | Permalink

          Back in 2009/10 there was a large body of people on the web who thought I was Lord Monckton. Maybe they spoke to him instead.

      • Don McIlvin
        Posted Jul 20, 2012 at 10:30 PM | Permalink

        Well, the investigative technique of those suspicious CA FOI request persons, was that said persons would get irritated by the stupidity and irrelevancy of the questions and blurt out – I did it!

        Is there a better explanation?

  17. John Slayton
    Posted Jul 19, 2012 at 8:22 PM | Permalink

    …the published data…supports their view.

    They got that right.

  18. Steve McIntyre
    Posted Jul 19, 2012 at 8:31 PM | Permalink

    A forensic specialist wrote me:

    I saw one commenter mention that they closed things out 4 months short of the deadline. Realistically, it went on entirely too long as it stood. Once more than a few days go by, except in exceptional circumstances, log files and identifying information about who had what IP at what time starts to evaporate into the ether.

    Gavin Schmidt learned about RC/FOIA on Nov 17. UEA did not report it to the police until Nov 20. The Norfolk police did not take possession of the server until Nov 24 and don’t appear to have done any investigation until January or so, when they began their pointless interviews of people who had sent in FOI requests. The primary culprits in the delay that enabled RC/FOIA’s coup therefore appear to be Gavin Schmidt and Edward Acton.

    UEA did not spend a penny on their own forensic work (while spending over STG 112,000 on Outside Organisation PR.)

    • Posted Jul 20, 2012 at 12:57 AM | Permalink

      UEA did not spend a penny on their own forensic work (while spending over STG 112,000 on Outside Organisation PR.)

      An indicator not only of where priorities lay but of UEA’s tacit knowledge. They knew quite enough about who had done it not to want to look for them. Case closed :)

  19. R DeWitt
    Posted Jul 19, 2012 at 8:40 PM | Permalink

    If anyone would like to read an account of literal train robbery (fictional) take a look at Arthur Conan Doyle’s “The Lost Special”.

  20. Steve McIntyre
    Posted Jul 19, 2012 at 8:40 PM | Permalink

    There’s a timeline of events and there has been speculation, in the media and the blogs, that there may have been an orchestrated campaign of Freedom of Information requests to the University in the summer of 2009. It appears the attacks were undertaken late in that summer, early autumn, through to November. The first tactic that we were aware of was in September 2009.

    If they think that there was some overall “orchestration” of both the FOI requests for CRU confidentiality agreements and RC/FOIA, they are seriously deranged. They should not be promulgating such misinformation (to borrow David Karoly’s words.)

    Peter Gleick described himself as “Heartland Insider” but he wasn’t a Heartland insider. That was a false flag that tricked innocents like Andy Revkin. Mosher speculates cogently that “FOIA” was a false flag as well. CA readers know that the emails have no relation to FOI requests, but this elementary false flag was enough to trick the climate “community”, Nature and, apparently, the Norfolk police – not just in this statement, but in their seemingly Clouseau-esque approach to the investigation.

    • Posted Jul 20, 2012 at 12:51 AM | Permalink

      I always took the FOIA as choice of file name as ironic. The person concerned certainly believed that this particular information should be free. They were also aware (from reading CA most likely) that FOI requests had recently been denied by CRU. It was a gentle way of saying two fingers to all that. And here’s what I’m going to do instead.

      Remember the remarkably culturally attuned way RC (as they called themselves the first day) announced the great escapade. Here’s ‘Dominic’ on The Mosher Timeline

      It was on a thread called “Miracles and Strip Bark Standardization” which had a cartoon showing scientists at a blackboard with a step in the calculation saying “and then a miracle occurs”. Then at 5.24am the all important posting simply said

      A Miracle Just Happened

      Not even an exclamation mark. Someone subtle (too subtle in fact) and with a sense of humour. So cryptic yet so magical.

      Too subtle because completely missed by Steve McIntyre and all the other great brains of Climate Audit! But the gentle irony is hard to miss, as subtle as Norfolk plod has been leaden for 30 months since. Again, respect.

      • Posted Jul 20, 2012 at 3:36 AM | Permalink

        I’ve seen (and read of) many physics-laws-breaking miracles and FOIA has the same quality: humble, simple, often unrecognized as miraculous at the time, but doing a good deed in impossible circumstances.

    • fastfreddy101
      Posted Jul 20, 2012 at 7:10 AM | Permalink

      “There is a time to laugh and a time not to laugh, and this is not one of them, yeu kneuw.” ~ Chief-Inspector Jacques Clouseau.

  21. theduke
    Posted Jul 19, 2012 at 10:15 PM | Permalink

    The following is from a briefing document released today by the police and posted at Bishop Hill:

    Summary of findings

    That the data was taken between September 2009 and November 2009 during a series of remote attacks via the Internet, which accessed an internal back-up server.
    That a large amount of data was taken and subsequently published on the Internet in two separate files in 2009 and 2011. The first was entitled FOIA 2009 and contained 3480 documents, 1000 e-mails and 1073 text files. The second was entitled FOIA 2011 and contained 23 documents, 5292 e-mails and 220,000 files. Much of the data published in FOIA 2011 was protected by an unknown password.
    That the data was not obtained via physical access of the CRU back-up server.
    That there is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.
    The offender (s) had used methods common in unlawful internet activity to obstruct enquiries, by planting a false trail and utilising a series of proxy servers located around the world.
    That the attack was highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity.

    I don’t see anything in there that most commenters here did not already know.

    They also use the word “proportionate” twice to describe the investigation, which suggests they were sensitive to the cost. But when it comes to tallying up the cost, they take a pass and state that it would be too difficult to give an accurate accounting, if you can believe that.

    My take on this is that if it had been a high government official’s server that had been hacked, the person(s) who did it would be in jail now. I don’t think the effort to find the guilty party was a strenuous one, and that a lot of people are relieved the case was not solved.

    • ChE
      Posted Jul 19, 2012 at 11:06 PM | Permalink

      The offender (s) had used methods common in unlawful internet activity to obstruct enquiries, by planting a false trail and utilising a series of proxy servers located around the world.
      That the attack was highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity.

      Excuse me, but that hardly qualifies as “highly competent”, that’s basic script kiddy 101 stuff. This isn’t climate science.

      • DaveS
        Posted Jul 20, 2012 at 11:42 AM | Permalink

        ‘highly sophisticated’ may well be from the perspective of the plod. These things are relative; after all, drawing a line in Excel is a ‘highly sophisticated’ task to some UEA professors.

    • Mindert Eiting
      Posted Jul 20, 2012 at 10:24 AM | Permalink

      I did not know that ‘the data was taken between September 2009 and November 2009′. I did know that the data was released in November 2009. Because data cannot be released before it is taken, the data should be taken in or before November 2009. Actually, the data could have been taken during 1990-November 2009, but September 2009 as lower bound is interesting. Where does that information come from?

      • Duke C.
        Posted Jul 20, 2012 at 11:51 AM | Permalink

        File access timestamps were indexed by several bloggers/commenters shortly after the CG1 release. For all we know, the Plod acquired this information simply by reading the blogs. No investigation required!

        http://ijish.livejournal.com/831.html

        • Steve McIntyre
          Posted Jul 20, 2012 at 12:07 PM | Permalink

          CG2-4270 contains a record of the Mole incident. IT manager Mike Salmon searched the FTP server logs for addresses that had downloaded files and reported to Jones what had happened.

          Date: Tue, 28 Jul 2009 17:52:02 +0100
          From: Mike Salmon
          User-Agent: Thunderbird 2.0.0.22 (X11/20090608)
          To: Phil Jones
          Subject: Re: Fwd: RE: Station data
          ClimateAudit says: “July 28th, 2009 – Late yesterday (Eastern time), I learned that the
          Met Office/CRU had identified the mole.”

          Looking at the FTP server logs, two addresses fetched newcru* in that time period:
          99.231.2.44 = CPE0050bfe94416-CM00195efb6eb0.cpe.net.cable.rogers.com
          209.77.230.64 = ppp-209-77-230-64.dsl.chi2ca.pacbell.net
          Rogers is a Canadian company, so I assume that’s McIntyre
          [1]http://www.rogers.com/web/Rogers.portal
          (PacBell is part of AT&T in the US)

          Looking through other log entries with that address, he’s also interested in this file:
          /projects/advance10k/cruwlda2.zip which, ahem, also contains the LUND data! Shall I move that too? It’s been there since 1996. The earliest fetch of the full data from that address was:
          Sat Jul 25 21:13:01 2009 11 99.231.2.44 2051007 /data/newcruextusall.dat.Z b _ o a
          mozilla@example.com ftp 0 * c
          so he “got the data” at 2009-07-25 2013UTC
          Mike

          I presume that this sort of information would be their starting point. If the IP addresses were anonymous proxy servers, what conclusions could they draw?

  22. geronimo
    Posted Jul 20, 2012 at 1:12 AM | Permalink

    The say the total cost over the two year nine month investigation was £84,000. Assuming the average cost of a bobby as £30,000 ex travel expenses, and given the cost of travel, to Tallbloke’s house where five busies when to get his PC, they have put much less than one man(woman)/year of effort into the investigation over the timeframe. I don’t believe they’ve given this investigation their best shot.

    • Skiphil
      Posted Jul 20, 2012 at 1:43 AM | Permalink

      Not “total” cost because the caveats expressed mean that there could have been vast (or very little) additional work from a variety of other officers, detectives, specialists. They basically said a lot was not tracked if people were working on multiple assignments, and whether it adds up to large amounts of hours or not is anyone’s guess.

    • Posted Jul 20, 2012 at 2:27 AM | Permalink

      I think thhe costs quoted are cheques written to external suppliers, not manpower costs.

      • geronimo
        Posted Jul 20, 2012 at 6:04 AM | Permalink

        I think you’re right BH, having worked in the private sector I had assumed that they would tell us their total costs in terms of people paid to do the job and their expenses. I might just send a FOI request for the total costs, just to see how many £ks have been blown away in a futile attempt to stick it to someone.

        Lot of BHers on here today.

        • Carrick
          Posted Jul 21, 2012 at 2:51 PM | Permalink

          geronimo

          I think you’re right BH, having worked in the private sector I had assumed that they would tell us their total costs in terms of people paid to do the job and their expenses. I might just send a FOI request for the total costs, just to see how many £ks have been blown away in a futile attempt to stick it to someone.

          At my institution (in the US), we would include man-hours, so it would be total “fully weighted” costs.

      • Posted Jul 20, 2012 at 6:32 AM | Permalink

        They tell me that they don’t keep separate records of time spent on particular investigations. (To anyone who has worked in the private sector this suggests an organisation that lacks any management control, but that’s by the by.)

  23. TerryS
    Posted Jul 20, 2012 at 2:13 AM | Permalink

    How do you know it was an external hack?
    In outline terms, we know it came via the internet from a number of different IP addresses, in various countries, which may have been proxy servers.

    I have my own mail server, ftp server, web server and VOIP server. I don’t “advertise” any of them. Looking through the log files of all of them I can see an orchestrated attempt, from a number of different IP addresses, in various countries, which may be proxy servers, to hack into my servers. Examining the attacks reveals how sophisticated some of them are.

    • ChE
      Posted Jul 20, 2012 at 11:02 AM | Permalink

      You don’t have to be a hard-core geek to do that, though. Just using Tor out of the box (so to speak) will leave that kind of a log.

      Sorry, but this isn’t Stuxnet. This is something that any reasonably computer-literate person can do in a few hours. The difficult part is getting into the system in the first place. Hiding your tracks is kiddy stuff.

      • Steve McIntyre
        Posted Jul 20, 2012 at 11:27 AM | Permalink

        Re: ChE (Jul 20 11:02),

        during the mole incident in late July, lots of people parsed the UEA website. They did some sort of rearrangement to take a lot of information off the internet onto private network in its wake. I’m told that at least one UEA employee left his password on an open webpage. I don’t know how far into the system that would have led.

        The fact that the intrusions began relatively soon after the Mole incident suggests a connection to me. Not through FOIA but something else.

        The other aspect of the affair that is not discussed is the connection to Yamal. RC/FOIA was very interested in Yamal and began accumulating Yamal documents right after my Yamal posts. This hardly seems like the activity of “cyber-terrorists”, a hysterical notion that Revkin has given oxygen to once again.

        • Posted Jul 22, 2012 at 8:21 PM | Permalink

          This hardly seems like the activity of “cyber-terrorists”, a hysterical notion that Revkin has given oxygen to once again.

          And not just “oxygen” but (IMHO) post-to-post “resuscitation”. His narratives draw only from the July 18 “News Release” and he succeeded in highlighting both instances of the plods’ “sophisticated and carefully coordinated attack” – one of which he planted as an “update” to a post of July 6, 2010, and the other he featured in a post of July 19, 2012.

          For details, pls see:

          Revkin screens out cops’ Climategate screening exercises

        • Posted Jul 22, 2012 at 8:32 PM | Permalink

          Sorry, my “…carefully coordinated …” above should read:

          “…carefully orchestrated …”

    • TimTheToolMan
      Posted Jul 23, 2012 at 9:22 AM | Permalink

      One of which was http://seventhproxy.org no doubt

  24. MikeN
    Posted Jul 20, 2012 at 9:20 AM | Permalink

    Would the conclusion of the inquiry have been announced publicly so they could highlight the 3 year statute of limitations? Perhaps they are hoping that on Nov 18, someone will reveal themselves to the public, and then they can arrest them because there is no statute of limitations after all? Very clever gambit.

  25. AntonyIndia
    Posted Jul 20, 2012 at 9:21 AM | Permalink

    The Guardian has a telephonic inteview with Detective chief superintendent Julian Gregory.

    • AntonyIndia
      Posted Jul 20, 2012 at 9:53 AM | Permalink

      Here is a pearl from that interview: “We’ve found no evidence to implicate anyone from UEA and the nature of the attack – the level of sophistication – leads me to a hypothesis that it was very unlikely to be someone from UEA” :-)

    • AntonyIndia
      Posted Jul 20, 2012 at 10:04 AM | Permalink

      Another quote from Gregory:”I think it was Steven Mosher who said he knew who it was, or had a theory, at least. Maybe he does. Maybe he doesn’t. Where does that take you? And is he likely to tell the police? The difference between the police and, say, journalists, is that we won’t embark on a number of lines of enquiry because, ultimately, you can see that in terms of getting to where we need to get to – which is beyond reasonable doubt – it’s not going to get you there.”

  26. MikeN
    Posted Jul 20, 2012 at 9:25 AM | Permalink

    Steve McIntyre, how did you orchestrate the FOI requests to UEA? I thought I was following ClimateAudit at the time, and never noticed anything.

  27. Posted Jul 20, 2012 at 9:42 AM | Permalink

    Were Tallbloke’s computers ever returned? Is he now exonerated?

    • Posted Jul 20, 2012 at 10:54 AM | Permalink

      Tallbloke’s highly sophisticated equipment (an ancient laptop, I believe) was returned, following an intimidatory drive cloning.

      It will be very interesting to see what Acton comes up with to dispose of the UEA’s server and thumbdrives. I expect that the good professor is urgently consulting with the best and brightest in the world of e-waste recycling at News International, Blair’s 10 Downing Street, and the Nixon White House…

    • Posted Jul 20, 2012 at 10:17 PM | Permalink

      Yes, Roger Tattersall aka Tallbloke’s computers were returned – and in his article on his interview with “Detective chief superintendent Julian Gregory, the senior investigating officer”, even Leo Hickman (who had done much to promulgate an inaccuracy-riddled initial story of the seizure) thought fit to parenthetically note that “The police later confirmed that Tattersall was not a suspect and returned his computers following a forensic inspection”.

      Which reminds me … during this interview with Gregory, Hickman had asked:

      Have you kept on top of all the internet speculation and commentary surrounding this case?

      To which Gregory replied:

      Firstly, you can’t investigate what’s said online. Secondly, you look at those blogs and most of it is speculative, uninformed and, occasionally, ridiculous.

      Setting aside the fact that this has a somewhat familiar echo of the IPCC’s new, improved rules regarding (i.e. specifically excluding) blogposts as suitable material for citation in their reports – not to mention that one wonders how he might have arrived at such conclusions without “investigating” …

      One has to wonder what it was about Tallbloke’s blog that led Gregory & Co. to … uh …break the rule that “you can’t investigate what’s said online.”

      Who knows, perhaps a noble climate scientist™ had discovered and alerted Gregory & Co. to the comment dropped by The Saint (my preferred name for RC/FOIA) on Tallbloke’s blog. Ergo, because a climate scientist said so, might well have elevated the comment to being worthy of “investigation”.

      But, in the absence of any follow-up from Hickman regarding this glaring inconsistency on Gregory’s part, it would seem that consistency at the constabulary – not unlike the investigation as a whole – has on occasion been abandoned … perhaps for the greater good of “the cause”.

  28. Posted Jul 20, 2012 at 9:48 AM | Permalink

    It is odd, given the political nature of this hack, that the perp seemingly never tried to “get caught”. From the pentagon papers to wiki leaks and eventually even “Deepthroat”, people who stick their necks out for what they beleive usually want to be recognized.

    Unless the hacker occupies a prestigous or powerful position in his daily life (and the board room is an unlikely breeding ground for sophisticated hacking), it would seem to me that the infamy from being revealed as the hacker would ultimately bring the hacker more glory than pain. Or, it should seem so in his/her mind, considering he already went ahead with the theft and two sets of postings. In other words, not the most risk-averse person in the first place.

    This is all assuming the hacker was an outsider. If he was an insider however, meaning his occupation is basically where governmet funding/academic research meet, he become ostracized from this circle, and never allowed to work in his primary field of interest. Speculation of course, but I think the fact that the hacker has been so disciplined with his obviously valuable trove of emails suggests he’s not an lonely Anonymous-type hacker.

  29. FlyingComic
    Posted Jul 20, 2012 at 7:14 PM | Permalink

    For a bureaucrat, any sufficiently competent person is indistinguishable from a mastermind.

    Apologies to Arthur C. Clark.

  30. Beth Cooper
    Posted Jul 20, 2012 at 7:52 PM | Permalink

    If the mastermind is a whistle blower from CRU, that would certainly narrow down the field of enquiry wouldn’t it, one white sheep in a black sheep flock?

  31. michael hart
    Posted Jul 20, 2012 at 7:56 PM | Permalink

    Regarding the identity of “FOIA”, I never expressed a thought I had when I first read about “redactions” by FOIA or “redacted” data.

    That thought was “What does that mean?”. I grew up in England and while I claim no special linguistic talents, it was a word I could not at first recall ever having heard in my more than four decades of speaking English.

    Quoting from the MacMillan dictionary website:

    http://www.macmillandictionary.com/buzzword/entries/redact.html

    “In the Oxford English Dictionary, redact is described as ‘rare’ and defined simply as ‘to edit’.”
    And also [after the parliamentary expenses scandal]:
    “In a backlash of sceptical coverage by the media, the verb redact subsequently hit the spotlight [in 2009] as a euphemism for ‘cover-up’…”

    Upon further reflection I recalled that I probably had heard the word before, but only spoken, or written, by people using North American English. I wonder if the East Anglia Constabulary gave any thought to this during their investigations?

    • michael hart
      Posted Jul 20, 2012 at 8:04 PM | Permalink

      And the follow-up question: What is the English dialect of Steve Mosher’s prime suspect?

      • dearieme
        Posted Jul 21, 2012 at 4:04 AM | Permalink

        If you’re on the lookout for North Americans, look out for people who say “parse” when they mean “analyse” or “construe”.

    • Mindert Eiting
      Posted Jul 23, 2012 at 11:52 AM | Permalink

      It is a perfect Dutch word for editing. I could have made that error.

      • Mindert Eiting
        Posted Jul 23, 2012 at 12:07 PM | Permalink

        Oops, and German as well as I see now in my dictionary. Yes, we need some serendipity.

        • michael hart
          Posted Jul 24, 2012 at 4:05 PM | Permalink

          Do you have, or have you ever had, access to the servers at UEA, and if so, what access privileges did you have? :)

        • Mindert Eiting
          Posted Jul 25, 2012 at 4:15 AM | Permalink

          Alas Michael, I never got the opportunity to become the secretary of CRU’s managing director.

  32. Posted Jul 21, 2012 at 8:04 PM | Permalink

    Reblogged this on Climate Ponderings.

  33. Posted Jul 22, 2012 at 5:23 PM | Permalink

    Requests for dispensation
    Should be taken in moderation
    This is longer-stuck than most
    Was it deemed “improper post”?

    ===|==============/ Keith DeHavelle

2 Trackbacks

  1. […] Steve McIntyre has a post up on an interview with the Norfolk Police regarding the conclusions on the Climategate hack. Apparently, there was a sophisticated effort to break in to the mail server and access was available for an extended period of time. This document is very interesting in particular. […]

  2. […] http://climateaudit.org/2012/07/19/scotland-yard-interviewed/ […]

Follow

Get every new post delivered to your Inbox.

Join 3,379 other followers

%d bloggers like this: