The Norfolk Constabulary report a “sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet”.
CA sources have learned that UK police believe that the plan was carried out by a “mindermast”. The insidious methods of a mindermast are revealed in the interview below. here
Update: Police Q&A here. H/t Hilary. Q&A
Cabin
The Norfolk Police reported:
The nature and sophistication of the attack does not suggest that it was anyone at the UEA.
Apparently, one of the steps in the “attack” involved calculating a trend in Excel. The police, quite reasonably in the opinion of many observers, accordingly excluded anyone at UEA.
The vocabulary of the Norfolk briefing is pleasingly similar to Peter Cook’s
plod. Cook’s police inspector solemnly pronounced the great train robbery to be the work of thieves:
Q: who perpetrated this awful crime?
A (deadpan): we believe this to be the work of thieves. ANd I’ll tell you why. The whole pattern is reminiscent of past robberies where we have found thieves to be involved: the telltale loss of property, the snatching away of money. It all points to thieves
Life surely imitates art in the pronouncement of the Norfolk Constabulary that they believed the release of emails to be the work of criminals, criminals so competent that no one at the University of East Anglia could be suspected. In the words of Peter Cook, by a mindermast.
Climate Audit 
85 Comments
One wonders if the Norfolk Constabulary will now present their evidence for Climategate being a break-in, and why the data couldn’t have been leaked by an insider with a conscience and a usb stick; or whether they’ll content themselves being seen to side with their fellow civil servants at UEA.
Congratulations FOIA! You pulled it off and got away with it.
How it was done, is less important – what’s important is what Climategate tells us about the “sophisticated” and “well orchestrated” Climate Machine, its agents and their modus operandi.
“Congratulations FOIA! You pulled it off and got away with it.”
No (t)he(y) committed other crimes whose statute of limitations are not tolled. e.g. hacking the RC server in the US.
I would also think anybody who archived the emails (rather than crtiqued parts) could be eligible for civil prosecution under copyritght law by UEA and others?
Was the RC hack investigated? Do we have anything beyond Gavin’s statements that it was not based on a password revealed in an email at UEA? Has anyone there ever guestposted?
Free the rest of the emails FOIA.
Well done Steve. Very funny indeed and very clever. Not to mention very apt. Your regular readers should be able to relate very well when you get your material elements from beyond the fringe.
Re: uknowispeaksense (Jul 19 16:22), What’s even more interesting is that even recent arrivals quickly perceive the appropriateness of the material and the clear connection.
Steve, thanks for that “trip” down memory lane! And it is so very apt when one considers this particular “investigation” 😉
the language of the Norfolk Constabulary was delightfully reminiscent.
Steve, unless I’m on the outside of an inside joke, your link to the Q&A links to a PDF from June, 2010
Steve: revised.
Apparently, one of the steps in the “attack” involved calculating a trend in Excel.
Aha! I suggest that Dr. P. Jones can be eliminated — even if he was seen in the laboratory.
I know that someone who thought he was more knowledgeable that I suggested that “Dr. Jones had done it in the laboratory in an Excel spreadsheet“. But we all know that a trend line was not in the realm of possibilities under those circumstances.
Phil Jones confessed he needs someone to help him if he needs to do a regression using Excel.
Whereas Michael Mann regards needing to use Excel as the mark of an amateur.
No wonder Phil Jones regards Michael Mann as a statistical and computing genius
Ray at Lucia’s Blackboard made an interesting observation:
At JustAnswer the following question was posed and the answer that follows:
I went Googling and found this:
and this
I then went and located the actual legal texts. The Police and Justice act 2006 and the Computer Misuse Act 1990 as amended
From the amended Act we find (Note the brackets enclosing the entire section tagged F1)
You can click on the pieces I’ve bolded and you get (from page 180 of the 2006 act) this:
IANL but the bottom line would seem to be that there is no statute of limitations that is about to expire and either the Norfolk Police screwed up big time or there are other reasons for dropping the investigation. I leave it as an exercise for the reader to imagine what those might be.
Bob
Bob,
Section 11 of the computer misuse act has 7 different sub-sections. Sub-sections (1) and (6) have been repealed are are no longer in force. Sub-section (3) is still in force and this states:
Here are the original sub-sections (1) and (6) before being repealed:
The 3 year time limit is still applies.
TerryS – after re-reading the statute today (without a couple of beers on board ;-)), you are correct. Interestingly, it appears that s.1 was modified to make it an “each way” offence which, unless stated otherwise, means there is no time bar on prosecution.
s.11 does indeed state otherwise.
Re: TerryS (Jul 20 05:07),
I’m still NAL but I think you’re incorrect on this point. I believe that the entire section 11 is repealed. The original page is here
I have bolded the amendment text at the bottom, the other bolding is in the original and the F1 bracket encloses the entire 7 subsections.
As woodentop noted from the Crown Prosecution Service (my bold)
Sorry for not responding earlier but I was far from the Internet for a long WE 🙂
bob
AH
now i get it, SQUASH – Sceptics Quietly Use Analysis to Suppress Hockeystick & “doubles” is your best IT agent.
you’ve been rumbled.
/sarc off
There is another possibility, we know from the leaked e-mails that the data management and software was a bit of mess at CRU, perhaps the security was the same , with no clear idea over who had permission to what and who actual had accessed what, the police had to fall back on asking staff members who, unsurprisingly said they did not do it. Faced with no evidenced , because the system was so rubbish , of an internal leak they went for external hack because they could not admit to a total failure, the rest as they say is just PR and BS which is nether sophisticated nor carefully orchestrated.
I suspect here some large obfuscation
Even in this “crime’s” characterization
Those aren’t the emails
Of the U — no, that fails
It’s a person-owned mail situation:
I had found the above-quoted bit
(And I’ve bolded the “who owns” from it)
I have just seen today
In their FOIA
This description, to me, is just crap.
===|==============/ Keith DeHavelle
“The nature and sophistication of the attack does not suggest that it was anyone at the UEA.”
Damning with faint praise, lol
From the Q&A
I can understand why they ruled out UEA staff.
From the PDF: “the climate sceptic community would, in the main, give the appearance of
welcoming the published data because it supports their view.”
Quick, somebody give the police copies of the Oxburgh etc reports showing that CRU did nothing wrong.
There is no statute of limitation in this case.
Posted on Bishop Hill, h/t Bob:
http://www.bishop-hill.net/blog/2012/7/19/more-from-norfolk-constabulary.html#comments
Bob – well done on the legal research! There are limitations on criminal offences in the UK depending on the offence: broadly speaking statutory offences have time limits; common law crimes don’t. But it gets a bit messy in the detail. However you’re right to highlight the “each way” prosecution rule, which means that the time limit on such statutory matters evaporates.
To the case in point: there is a shortcut – the CPS helpfully publish advice for prosecutors (come on COPFS!), in this case it can be found here:
http://www.cps.gov.uk/legal/a_to_c/computer_misuse_act_1990/
The relevant section is this:
Section 35 of the Police and Justice Act 2006
Section 35 of the Police and Justice Act 2006 increases the penalty for section 1 CMA offence on summary conviction to a maximum of 12 months’ imprisonment or / and a fine and on indictment to a maximum of 2 years’ imprisonment or / and a fine. All CMA offences are either way and no longer have a time limit. The increased penalty only applies to section 1 offences committed after section 35 Police and Justice Act 2006 comes into force (see Section 38(2) Police and Justice Act 2006).
(my bold) this does appear to have been in force in 2009, when the incident occurred.
Re: woodentop (Jul 19 18:50),
Thanks for that addition, I’d overlooked it and that makes it explicit.
Strangely, no one seems to care. So it goes.
Thanks for looking,
bob
The 3 year time limit in section 11 subsection 3 still applies. It hasn’t been repealed or modified by the Police and Justice Act. That act only modified Section 1.
So it would appear that a case could be made that this much trumpeted “closure” could constitute an instance of “premature evacuation”.
And was it not such “premature evacuation” that ultimately proved to be very detrimental to the careers of certain high level officials at the MET (formerly known as Scotland Yard) in the scandal surrounding their “investigation” of the now defunct NOTW (former home of Neil Wallis, PR consultant to the stars, the cops and … the prima donnas of the University of East Anglia)?
If find some aspects of the Q&A telling about certain attitudes of the police investigation.
Case in point..
I find it interesting that when asked plainly about when the attacks began, he weaved in the underlined above the several connecting legitimate FOI requests in terms of orchestration.
Then I don’t know what to make of the following smear.
Steve, you mentioned the interviewed you, asking about your views, but no even asking for the IP address that left the “uploaded” climate gate I info. Perhaps they already knew “FOIA” was using proxy servers.
But what is this “we were realistic about the prospects of them being helpful” all about?
To give you an idea of how bizarre – they never contacted Mosher for an interview though they contacted Charles the Moderator. They wasted time interviewing numerous CA readers who had done nothing more than submit an FOI request.
And if memory serves me correctly, they didn’t contact Anthony – nor did they even contact Charles until February 2010, after he had been named in one of the two articles in the Guardian
It’s almost as if the Norfolk plod were determining their “avenues of enquiry” solely on the basis of media coverage … and perhaps a few visits to a few blogs! And what they might have been told by the noble climate scientists™ at CRU.
Certainly an indication of a whole lotta “mindermasting” goin’ on somewhere in the cyberuniverse!
Re: Steve McIntyre (Jul 19 19:28),
For reference, my write up at the time.
The information Bishop Hill dug up indicates 40 people from the “skeptic community” were interviewed.
They sent interviews to numerous Climate Audit readers and to me, most of whom, to my knowledge, answered. I answered all the questions that I was asked. The questions were irrelevant and pointless, but, in my opinion, their effort to follow FOI requests and interrogate CA readers on their views of climate change was misguided – a point that we made at the time and one that should have been “helpful” to their investigation.
re: “welcoming the published data because it supports their view”
That’s a very interesting phrase considering how strenuously the climatologists and their media allies try to pretend there was “nothing to see here, move along.” Sometimes the most revealing comments are when people think they are talking about something else….
This comment resonates with me.
Yes, it resonates because it is such a succinct confirmation that of course the authorities know the Climategate revelations support “skeptical” views in various ways…. yet there have been so many strenuous attempts to deny that it all means anything beyond some minor human foibles.
They didn’t contact me at all.
Re: bishophill (Jul 20 00:41),
It was the subtlety of your nom de plume that fooled them, Bish.
They were chasing that evil denier Anthony Montford who so upset nice Professor Jones with his bad bad horrible book, not a Scottish cleric. Who could possibly have worked out that they are one and the same?
Back in 2009/10 there was a large body of people on the web who thought I was Lord Monckton. Maybe they spoke to him instead.
Well, the investigative technique of those suspicious CA FOI request persons, was that said persons would get irritated by the stupidity and irrelevancy of the questions and blurt out – I did it!
Is there a better explanation?
…the published data…supports their view.
They got that right.
A forensic specialist wrote me:
Gavin Schmidt learned about RC/FOIA on Nov 17. UEA did not report it to the police until Nov 20. The Norfolk police did not take possession of the server until Nov 24 and don’t appear to have done any investigation until January or so, when they began their pointless interviews of people who had sent in FOI requests. The primary culprits in the delay that enabled RC/FOIA’s coup therefore appear to be Gavin Schmidt and Edward Acton.
UEA did not spend a penny on their own forensic work (while spending over STG 112,000 on Outside Organisation PR.)
An indicator not only of where priorities lay but of UEA’s tacit knowledge. They knew quite enough about who had done it not to want to look for them. Case closed 🙂
If anyone would like to read an account of literal train robbery (fictional) take a look at Arthur Conan Doyle’s “The Lost Special”.
If they think that there was some overall “orchestration” of both the FOI requests for CRU confidentiality agreements and RC/FOIA, they are seriously deranged. They should not be promulgating such misinformation (to borrow David Karoly’s words.)
Peter Gleick described himself as “Heartland Insider” but he wasn’t a Heartland insider. That was a false flag that tricked innocents like Andy Revkin. Mosher speculates cogently that “FOIA” was a false flag as well. CA readers know that the emails have no relation to FOI requests, but this elementary false flag was enough to trick the climate “community”, Nature and, apparently, the Norfolk police – not just in this statement, but in their seemingly Clouseau-esque approach to the investigation.
I always took the FOIA as choice of file name as ironic. The person concerned certainly believed that this particular information should be free. They were also aware (from reading CA most likely) that FOI requests had recently been denied by CRU. It was a gentle way of saying two fingers to all that. And here’s what I’m going to do instead.
Remember the remarkably culturally attuned way RC (as they called themselves the first day) announced the great escapade. Here’s ‘Dominic’ on The Mosher Timeline
Too subtle because completely missed by Steve McIntyre and all the other great brains of Climate Audit! But the gentle irony is hard to miss, as subtle as Norfolk plod has been leaden for 30 months since. Again, respect.
I’ve seen (and read of) many physics-laws-breaking miracles and FOIA has the same quality: humble, simple, often unrecognized as miraculous at the time, but doing a good deed in impossible circumstances.
“There is a time to laugh and a time not to laugh, and this is not one of them, yeu kneuw.” ~ Chief-Inspector Jacques Clouseau.
The following is from a briefing document released today by the police and posted at Bishop Hill:
I don’t see anything in there that most commenters here did not already know.
They also use the word “proportionate” twice to describe the investigation, which suggests they were sensitive to the cost. But when it comes to tallying up the cost, they take a pass and state that it would be too difficult to give an accurate accounting, if you can believe that.
My take on this is that if it had been a high government official’s server that had been hacked, the person(s) who did it would be in jail now. I don’t think the effort to find the guilty party was a strenuous one, and that a lot of people are relieved the case was not solved.
Excuse me, but that hardly qualifies as “highly competent”, that’s basic script kiddy 101 stuff. This isn’t climate science.
‘highly sophisticated’ may well be from the perspective of the plod. These things are relative; after all, drawing a line in Excel is a ‘highly sophisticated’ task to some UEA professors.
I did not know that ‘the data was taken between September 2009 and November 2009’. I did know that the data was released in November 2009. Because data cannot be released before it is taken, the data should be taken in or before November 2009. Actually, the data could have been taken during 1990-November 2009, but September 2009 as lower bound is interesting. Where does that information come from?
File access timestamps were indexed by several bloggers/commenters shortly after the CG1 release. For all we know, the Plod acquired this information simply by reading the blogs. No investigation required!
http://ijish.livejournal.com/831.html
CG2-4270 contains a record of the Mole incident. IT manager Mike Salmon searched the FTP server logs for addresses that had downloaded files and reported to Jones what had happened.
I presume that this sort of information would be their starting point. If the IP addresses were anonymous proxy servers, what conclusions could they draw?
The say the total cost over the two year nine month investigation was £84,000. Assuming the average cost of a bobby as £30,000 ex travel expenses, and given the cost of travel, to Tallbloke’s house where five busies when to get his PC, they have put much less than one man(woman)/year of effort into the investigation over the timeframe. I don’t believe they’ve given this investigation their best shot.
Not “total” cost because the caveats expressed mean that there could have been vast (or very little) additional work from a variety of other officers, detectives, specialists. They basically said a lot was not tracked if people were working on multiple assignments, and whether it adds up to large amounts of hours or not is anyone’s guess.
I think thhe costs quoted are cheques written to external suppliers, not manpower costs.
I think you’re right BH, having worked in the private sector I had assumed that they would tell us their total costs in terms of people paid to do the job and their expenses. I might just send a FOI request for the total costs, just to see how many £ks have been blown away in a futile attempt to stick it to someone.
Lot of BHers on here today.
geronimo
At my institution (in the US), we would include man-hours, so it would be total “fully weighted” costs.
They tell me that they don’t keep separate records of time spent on particular investigations. (To anyone who has worked in the private sector this suggests an organisation that lacks any management control, but that’s by the by.)
I have my own mail server, ftp server, web server and VOIP server. I don’t “advertise” any of them. Looking through the log files of all of them I can see an orchestrated attempt, from a number of different IP addresses, in various countries, which may be proxy servers, to hack into my servers. Examining the attacks reveals how sophisticated some of them are.
You don’t have to be a hard-core geek to do that, though. Just using Tor out of the box (so to speak) will leave that kind of a log.
Sorry, but this isn’t Stuxnet. This is something that any reasonably computer-literate person can do in a few hours. The difficult part is getting into the system in the first place. Hiding your tracks is kiddy stuff.
Re: ChE (Jul 20 11:02),
during the mole incident in late July, lots of people parsed the UEA website. They did some sort of rearrangement to take a lot of information off the internet onto private network in its wake. I’m told that at least one UEA employee left his password on an open webpage. I don’t know how far into the system that would have led.
The fact that the intrusions began relatively soon after the Mole incident suggests a connection to me. Not through FOIA but something else.
The other aspect of the affair that is not discussed is the connection to Yamal. RC/FOIA was very interested in Yamal and began accumulating Yamal documents right after my Yamal posts. This hardly seems like the activity of “cyber-terrorists”, a hysterical notion that Revkin has given oxygen to once again.
And not just “oxygen” but (IMHO) post-to-post “resuscitation”. His narratives draw only from the July 18 “News Release” and he succeeded in highlighting both instances of the plods’ “sophisticated and carefully coordinated attack” – one of which he planted as an “update” to a post of July 6, 2010, and the other he featured in a post of July 19, 2012.
For details, pls see:
Revkin screens out cops’ Climategate screening exercises
Sorry, my “…carefully coordinated …” above should read:
“…carefully orchestrated …”
One of which was http://seventhproxy.org no doubt
Would the conclusion of the inquiry have been announced publicly so they could highlight the 3 year statute of limitations? Perhaps they are hoping that on Nov 18, someone will reveal themselves to the public, and then they can arrest them because there is no statute of limitations after all? Very clever gambit.
The Guardian has a telephonic inteview with Detective chief superintendent Julian Gregory.
Here is a pearl from that interview: “We’ve found no evidence to implicate anyone from UEA and the nature of the attack – the level of sophistication – leads me to a hypothesis that it was very unlikely to be someone from UEA” 🙂
Funny. Very British comedy.
Another quote from Gregory:”I think it was Steven Mosher who said he knew who it was, or had a theory, at least. Maybe he does. Maybe he doesn’t. Where does that take you? And is he likely to tell the police? The difference between the police and, say, journalists, is that we won’t embark on a number of lines of enquiry because, ultimately, you can see that in terms of getting to where we need to get to – which is beyond reasonable doubt – it’s not going to get you there.”
Steve McIntyre, how did you orchestrate the FOI requests to UEA? I thought I was following ClimateAudit at the time, and never noticed anything.
Were Tallbloke’s computers ever returned? Is he now exonerated?
Tallbloke’s highly sophisticated equipment (an ancient laptop, I believe) was returned, following an intimidatory drive cloning.
It will be very interesting to see what Acton comes up with to dispose of the UEA’s server and thumbdrives. I expect that the good professor is urgently consulting with the best and brightest in the world of e-waste recycling at News International, Blair’s 10 Downing Street, and the Nixon White House…
Yes, Roger Tattersall aka Tallbloke’s computers were returned – and in his article on his interview with “Detective chief superintendent Julian Gregory, the senior investigating officer”, even Leo Hickman (who had done much to promulgate an inaccuracy-riddled initial story of the seizure) thought fit to parenthetically note that “The police later confirmed that Tattersall was not a suspect and returned his computers following a forensic inspection”.
Which reminds me … during this interview with Gregory, Hickman had asked:
To which Gregory replied:
Setting aside the fact that this has a somewhat familiar echo of the IPCC’s new, improved rules regarding (i.e. specifically excluding) blogposts as suitable material for citation in their reports – not to mention that one wonders how he might have arrived at such conclusions without “investigating” …
One has to wonder what it was about Tallbloke’s blog that led Gregory & Co. to … uh …break the rule that “you can’t investigate what’s said online.”
Who knows, perhaps a noble climate scientist™ had discovered and alerted Gregory & Co. to the comment dropped by The Saint (my preferred name for RC/FOIA) on Tallbloke’s blog. Ergo, because a climate scientist said so, might well have elevated the comment to being worthy of “investigation”.
But, in the absence of any follow-up from Hickman regarding this glaring inconsistency on Gregory’s part, it would seem that consistency at the constabulary – not unlike the investigation as a whole – has on occasion been abandoned … perhaps for the greater good of “the cause”.
It is odd, given the political nature of this hack, that the perp seemingly never tried to “get caught”. From the pentagon papers to wiki leaks and eventually even “Deepthroat”, people who stick their necks out for what they beleive usually want to be recognized.
Unless the hacker occupies a prestigous or powerful position in his daily life (and the board room is an unlikely breeding ground for sophisticated hacking), it would seem to me that the infamy from being revealed as the hacker would ultimately bring the hacker more glory than pain. Or, it should seem so in his/her mind, considering he already went ahead with the theft and two sets of postings. In other words, not the most risk-averse person in the first place.
This is all assuming the hacker was an outsider. If he was an insider however, meaning his occupation is basically where governmet funding/academic research meet, he become ostracized from this circle, and never allowed to work in his primary field of interest. Speculation of course, but I think the fact that the hacker has been so disciplined with his obviously valuable trove of emails suggests he’s not an lonely Anonymous-type hacker.
For a bureaucrat, any sufficiently competent person is indistinguishable from a mastermind.
Apologies to Arthur C. Clark.
If the mastermind is a whistle blower from CRU, that would certainly narrow down the field of enquiry wouldn’t it, one white sheep in a black sheep flock?
Regarding the identity of “FOIA”, I never expressed a thought I had when I first read about “redactions” by FOIA or “redacted” data.
That thought was “What does that mean?”. I grew up in England and while I claim no special linguistic talents, it was a word I could not at first recall ever having heard in my more than four decades of speaking English.
Quoting from the MacMillan dictionary website:
http://www.macmillandictionary.com/buzzword/entries/redact.html
“In the Oxford English Dictionary, redact is described as ‘rare’ and defined simply as ‘to edit’.”
And also [after the parliamentary expenses scandal]:
“In a backlash of sceptical coverage by the media, the verb redact subsequently hit the spotlight [in 2009] as a euphemism for ‘cover-up’…”
Upon further reflection I recalled that I probably had heard the word before, but only spoken, or written, by people using North American English. I wonder if the East Anglia Constabulary gave any thought to this during their investigations?
And the follow-up question: What is the English dialect of Steve Mosher’s prime suspect?
If you’re on the lookout for North Americans, look out for people who say “parse” when they mean “analyse” or “construe”.
It is a perfect Dutch word for editing. I could have made that error.
Oops, and German as well as I see now in my dictionary. Yes, we need some serendipity.
Do you have, or have you ever had, access to the servers at UEA, and if so, what access privileges did you have?
🙂
Alas Michael, I never got the opportunity to become the secretary of CRU’s managing director.
Reblogged this on Climate Ponderings.
2 Trackbacks
[…] Steve McIntyre has a post up on an interview with the Norfolk Police regarding the conclusions on the Climategate hack. Apparently, there was a sophisticated effort to break in to the mail server and access was available for an extended period of time. This document is very interesting in particular. […]
[…] https://climateaudit.org/2012/07/19/scotland-yard-interviewed/ […]