Climategate investigation closed – statute limit looms, cops impotent

Bishop Hill has the press release from from Norfolk Constabulary (H/T Leo H)

Norfolk Constabulary has made the decision to formally close its investigation into the hacking of online data from the Climate Research Centre (CRU) at the University of East Anglia (UEA) in Norwich.

The decision follows a comprehensive investigation by the force’s Major Investigation Team, supported by a number of national specialist services, and is informed by a statutory deadline on criminal proceedings.

While no criminal proceedings will be instigated, the investigation has concluded that the data breach was the result of a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.

Senior Investigating Officer, Detective Chief Superintendant Julian Gregory, said: “Despite detailed and comprehensive enquiries, supported by experts in this field, the complex nature of this investigation means that we do not have a realistic prospect of identifying the offender or offenders and launching criminal proceedings within the time constraints imposed by law.

“The international dimension of investigating the World Wide Web especially has proved extremely challenging.

“However, as a result of our enquiries, we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet. The offenders used methods common in unlawful internet activity to obstruct enquiries.

“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

The security breach was reported to Norfolk Constabulary on 20 November 2009, following publication of CRU data on the internet from 17 November onwards.

An investigation was launched by the joint Norfolk and Suffolk Major Investigation Team, led by Det Chief Supt Gregory, with some support from the The Met’s Counter Terrorism Command, the National Domestic Extremism Team and the Police Central e-crime Unit, along with consultants in online security and investigation.

The investigation, code-named Operation Cabin, focused on unauthorised access to computer material, an offence under the Computer Misuse Act 1990, which has a three year limit on proceedings from the commission of the original offence. It has been concluded by Norfolk Constabulary, in consultation with The Met, that due to outstanding enquiries this is now an unrealistic prospect.

Norfolk Assistant Chief Constable Charlie Hall, Protective Services lead, said: “Online crime is a global issue. While law enforcement agencies continue to develop our response to emerging threats, it falls upon individuals and organisations to be alert to this and and take steps to mitigate risk as far as is practicable.”

About these ads
This entry was posted in Climategate and tagged , , , , , , , . Bookmark the permalink.

123 Responses to Climategate investigation closed – statute limit looms, cops impotent

  1. stephen richards says:

    It would be nice to see the evidence for a remote hack.

  2. For irony’s sake, I say someone submit a FOIA request for access to the investigation’s records just to see what their evidence is of “a sophisticated and carefully orchestrated attack on the CRU’s data files”. Quite convenient to say they know it was a horrible, heinous, and sophisticated crime, but not a clue who did it. Plays too easily into the tin foil hat brigade’s tendency to see Big! Oil! behind everything.

  3. Big D in TX says:

    Well, I posted this in tips and notes over a half hour ago. Related article.

    http://www.bbc.co.uk/news/science-environment-18885500

    REPLY: I saw that, and thank you, but I’d already seen Bishop Hills post and the press release…and I try not to cite Richard Black/BBC due to their spin. – Anthony

  4. elftone says:

    nuclearcannoli says:
    July 18, 2012 at 9:02 am

    For irony’s sake, I say someone submit a FOIA request for access to the investigation’s records just to see what their evidence is of “a sophisticated and carefully orchestrated attack on the CRU’s data files”.

    Seconded!

    I suspect there isn’t any evidence, and they’ve just given up, uttering something they believe people will swallow.

  5. sceptical says:

    To bad the investigation into the unlawful hacking will not be completed. Several investigations have been completed as to the scientists and their work involved in this unlawful hacking and these investigations have shown the scientists to abide by the highest ethical standards. This stands in stark contrast to those who unlawfully steal and misquote emails. The distinction is astounding and shows the difference between those involved in scientific inquiry and those who are not.

    REPLY: LOL! Investigations? you mean whitewashes conducted without any difficult questions being asked by unbiased investigators, don’t you Mr. Flesch? – Anthony

  6. Big D in TX says:

    ” I try not to cite Richard Black/BBC due to their spin.”
    Absolutely understandable!

  7. Bill says:

    Someone from the inside who was smart enough not to get caught could have done it from the outside since they would already know the passwords and security setup.

    That way it would look like it was not an inside job. Basically, no one knows who did it. It had to be someone who did not believe the CAGW hard sell AND/OR someone who does not like liars, the politicization of science, and the wanton disregard of FOI requests.

  8. Jimmy Haigh. says:

    Bring on Climategate 3.

  9. Bill Tuttle says:

    “Despite detailed and comprehensive enquiries, supported by experts in this field, the complex nature of this investigation means that we do not have a realistic prospect of identifying the offender or offenders and launching criminal proceedings within the time constraints imposed by law.”

    Hmmmmm — three years, with expert support, and they couldn’t track down a hacker? A bud who works for a Three-Letter Organization told me last year the longest it had ever taken him to trace a hack to the originating computer was a week.

    Something’s not ringing true in the Official Statement…

  10. wobble says:

    “There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

    Was there any attempt to gather such evidence, or is there no evidence of this because no such evidence was sought?

  11. gator69 says:

    “This stands in stark contrast to those who unlawfully steal and misquote emails.”

    You mean Peter Gleick? ;)

  12. John V. Wright says:

    Like your style Big D in TX. I work in media and communications in the UK and I can tell you that the journalistic reputation of the BBC has never been so low in the last 50 years. Richard Black and his editors are an embarrassment to British journalism – even the flagship Today programme on Radio 4 has lost its way on global warming. Simple example: Christopher Monckton is one of the world’s leading authorities on CAGW – and he has never appeared on the BBC and definitely NOT on the Today programme. They would not dare.

  13. Gary says:

    “Miracles” don’t leave much evidence.

  14. temp says:

    Agree with others… what proof do they have it was a remote hack and/or wasn’t done by someone inside CRU…

    “Technically” they could call someone using a laptop on wireless inside CRU a “remote hack”. Will be interesting to see if any real facts come out.

  15. Sean says:

    I would like to hear any of the evidence from which the Norfolk Constabulary are basing their unsupported propaganda claim. Not once in the last three years have they released any information to validate this position or their hunt for a boogeyman. I also second the FOI request. The police should be held accountable for their actions and if they have no evidence then they are derelict in their duties to the public with their irresponsible statements on this case.

  16. daveR says:

    A – mazing. There are no lengths to which the truth will be denied. Shame on UK and it’s whole so-called practised investigative processes.

  17. SanityP says:

    It’s a twap I tell you ! They don’t really know anything, granted, they are just hoping, waiting for that pending release of the password for that last stack of damning emails.

  18. Pat Frank says:

    There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.

    This is the only positive statement in the whole release. They could find no evidence for an inside source. That could merely mean no one at UEA admitted it, and they could find no traces of unauthorized access at UEA. That allows them to absolve UEA staff.

    Then, as they could find no evidence inside UEA, they conclude the culprit was outside the University.

    As they could find no evidence of an unauthorized access from outside UEA either, then that must mean the external culprit used v-e-e-r-r-r-y sophisticated methods to get in. Methods so sophisticated, they left no trace.

    Hence, they can conclude, “the data breach was the result of a sophisticated and carefully orchestrated attack … carried out remotely via the internet

    Short version: We couldn’t find any evidence at all. As no one in the University confessed, we are relieved to note that UEA staff are all innocent (and Phil Jones is a put-upon saint). Therefore, the attacker must have been a malign outsider. One so extremely clever that he left behind no trace of his crime..

    It’s perfect grist for the big-oil-right-wing-despoilers conspiracy mill.

    The Norfolk result will climb the eNGO proof charts to take its high place with the three inquiries that proved no decline-hiding wrong-doing by Phil Jones & co., and the Penn State inquiry that proved Michael Mann is driven-snow innocent.

  19. Billy says:

    Translation: The real origin of the leak is too embarassing. We are droping the investigation and sticking with our cover story.

  20. Green Sand says:

    Jimmy Haigh. says:
    July 18, 2012 at 9:21 am

    “Bring on Climategate 3.”

    =========================
    This could well do so!

  21. DEEBEE says:

    sceptical, your tongue seems to be lodged firmly in the cheek at the wrong height.

  22. LOL in Oregon says:

    Haaa, Haaaa, Haaa,
    Mr. “sceptical” at July 18, 2012 at 9:13 am notes:
        “The distinction is astounding and shows the difference between those
        involved in scientific inquiry and those who are not.”

    Yep, well Mr. Sceptical sure appears to gleick folk!
    Defining “gleick” as to lie, deceive, bully, etc, so as to advance a delusional, noble cause, quixotic quests and receive bigger and fatter grants from cronies filling the goberment trough.
    ♪♫ ♪♫ Have you been gliecked today? ♫♪ ♫♪

    LOL in Oregon

  23. Jimbo says:

    sceptical says:
    July 18, 2012 at 9:13 am

    To bad the investigation into the unlawful hacking will not be completed. Several investigations have been completed as to the scientists and their work involved in this unlawful hacking and these investigations have shown the scientists to abide by the highest ethical standards….

    Bwahhhhahahahah! You mean like Dr. Phil Jones who was also saved by the statute of limitations after breaking the law???

  24. Bloke down the pub says:

    As Norfolk plod couldn’t find their arse with both hands, it was always going to be a long-shot that they would turn up anything. As the commission of the act for climategate 1,2 & 3 was done at the same time presumably, I suppose Foia will soon be off the hook for the rest of the e-mails. I’d better get some popcorn in.

  25. There was no desire to identify the culprit(s) for to do so would have resulted in some kind of charges and a likely show trial. This would have reopened all the issues that Climategate revealed, a result that the UK government does not want.

    So there never was a chance that the perpetrators would be identified and caught.

  26. MarkW says:

    sceptical says:
    July 18, 2012 at 9:13 am
    ====
    Ethical and climate science do not belong in the same sentence.

  27. mojo says:

    I too would like to see some evidence for an external attack. As a professional in the area, I find that rather implausible, and consider an “inside man” job a much more likely scenario.

    As for “sophisticated”, well, it’s usually not necessary to be awfully sophisticated to get into a University file server. Sorry, but it just isn’t. Too many tenured idiots complaining about “difficulty of access” to their ultra-important data sets and whatnot.

    Computer security is a balancing act at the bet of times, and University environments tend to have lots of big thumbs on one pan.

  28. jorgekafkazar says:

    temp says: “Will be interesting to see if any real facts come out.”

    The facts have been carefully buried. What do you think they spent those three years doing?

  29. Matthew W says:

    I wouldn’t call the cops “impotent”.
    I go with incompetent and complicit.

  30. Jens Bagh says:

    There is none so blind as he who will not see, there is none so deaf as he who will not hear!

  31. _Jim says:

    sceptical says:
    July 18, 2012 at 9:13 am

    This stands in stark contrast to those who unlawfully steal and misquote emails.

    The first part is probably a mindless first-pass guess on your part and can be forgiven; the second part however is either willful ignorance or stupidity since the “e-mails” are available for inspection, and since there is no cure for stupidity if that is the reason you can be forgiven for that as well …

    .

  32. P.F. says:

    Because the information was distributed via foreign Internet servers, they assume the acquisition of the information was done from outside the CRU via the Internet. Is that about it? As I recall, there was a hard drive involved that contained the emails and was part of the McKitrick FOI request. If correct, there would have been no trace of activity on the Internet indicating access to the internal servers from the outside. It could have been a simple copy of the hard drive used to distribute the information from an outside access to the Internet. The investigations were looking for something that wasn’t there.

  33. dfbaskwill says:

    “Bring on Climategate 3.”

    I think it is a safe bet that something is coming soon. I’ll bet whoever is behind it is waiting for something profound to be put out by the Hockey Team or its supporters.

  34. tadchem says:

    “There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”
    There is also no evidence to suggest that anyone NOT working at or associated with the University of East Anglia was involved in the crime.
    Conclusion: The Norfolk Constabulary is utterly unprepared to deal with such events.

  35. George E. Smith; says:

    It’s like the Higgs Boson; they are slowly narrowing down the range, where that rascally hacker could be hiding. S/he is now believed to be somewhere between 170 deg West and 170 degrees East; so far they have managed to eliminate that large area around the dateline, where New Zealand can often be found, when they bother to draw whole maps.

  36. Eric Barnes says:

    Any guesses on when another release of the emails will be? My guess. October 2012.

  37. Taphonomic says:

    “There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

    Truly a semantic delight.

    If someone working at or associated with the University of East Anglia was involved would it be a crime? Is the copying and release of e-mails that should be subject to FOI by someone working at or associated with the University of East Anglia a crime?

    Is there any evidence to suggest that everyone working at or associated with the University of East Anglia was NOT involved in the release of the information? (Absence of evidence is not evidence of absence.)

    I look forward to seeing their evidence that the aquisition of the files was “…carried out remotely via the internet”.

  38. David, UK says:

    @ nuclearcannoli: +1!

    Firstly they say that “the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet” which means one thing: they have proof (apparently) that this was a hack, and not an inside “whistle blower” job.

    But then they say: “The offenders used methods common in unlawful internet activity to obstruct enquiries” which suggests they probably don’t have much evidence of anything at all.

    So I agree with nuclearcannoli 100%: we need to ask specifically what this “evidence” is. I somehow suspect that police investigations will fall outside of the remit of the FOIA. This investigation is clearly firmly in the pocket of the establishment running the show. More whitewash bullshit. (Mods: Pardon my French, but it has to be said.)

  39. Mickey Reno says:

    We can’t think of another explanation, ergo, IT MUST BE CO2 from human burning of fossil fuels!

    We have no evidence, ergo, it’s a HACK!

    See how easy forensic science is when it copies the rule of climate science?

    ;-)

  40. AnonyMoose says:

    Does this mean that the police-held hard drive will soon be again available for FOI searches?

  41. Steve in SC says:

    Did Tallbloke ever get his equipment returned?

  42. Kelvin Vaughan says:

    The Government has cut their budget. They can’t afford to investigate trivia.

  43. Bill Tuttle says:

    sceptical says:
    July 18, 2012 at 9:13 am
    This stands in stark contrast to those who unlawfully steal and misquote emails.

    Since when is publishing an e-mail chain in its entirety, unedited and without commentary, misquoting those e-mails — particularly since Phil Jones confirmed the several chains as authentic?

  44. pyeatte says:

    Well, whomever hacked, released or disseminated the database should get a freedom medal for exposing the rot and corruption in the climate change community.

  45. wobble says:

    Pat Frank says:
    July 18, 2012 at 9:49 am

    “There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

    This is the only positive statement in the whole release. They could find no evidence for an inside source. That could merely mean no one at UEA admitted it, and they could find no traces of unauthorized access at UEA. That allows them to absolve UEA staff.

    We don’t even know if they asked anyone at UEA, and we don’t know if they even looked for traces of internal actions.

    I think it’s telling that their report didn’t state that any of the “…detailed and comprehensive enquiries, supported by experts in this field…” were directed at anyone associated with the University of East Anglia.

  46. George says:

    A bud who works for a Three-Letter Organization told me last year the longest it had ever taken him to trace a hack to the originating computer was a week.

    There are ways of making it nearly impossible unless you happen to catch the traffic happening in real time, and there are ways of even making that less useful.

  47. Anthony Scalzi says:

    “The offenders used methods common in unlawful internet activity to obstruct enquiries.”

    They must have used 7 proxies then.

    http://knowyourmeme.com/memes/good-luck-im-behind-7-proxies

  48. Pat says:

    Ha!… Computers and network security are part of what I do for a living.
    I am very convinced that the format, location and content of the files as well as the way the files were made public make it extremely unlikely that this was a “hacking” incident, “…carried out remotely via the internet”. Sorry… I didn’t buy it then… I buy it even less now.

  49. Gunga Din says:

    sceptical says:
    July 18, 2012 at 9:13 am
    To bad the investigation into the unlawful hacking will not be completed. Several investigations have been completed as to the scientists and their work involved in this unlawful hacking and these investigations have shown the scientists to abide by the highest ethical standards. This stands in stark contrast to those who unlawfully steal and misquote emails. The distinction is astounding and shows the difference between those involved in scientific inquiry and those who are not.
    ===============================================================
    We know that “the powers that were” at Penn State were willing to cover for a serial pedophile to protect the Univerity’s reputation. Those same authorities were the ones who investigated Mann.
    Now what were you saying about “investigations have shown the scientists to abide by the highest ethical standards”? What were the ethical standards of the investigators?

  50. Ken Harvey says:

    Does that time bar free the “perpetrator” from prosecution I wonder? This story could have a long, long way to run.

  51. TinyCO2 says:

    Sadly for our information liberator there is no statute of limitations in the UK.

  52. John in L du B says:

    got the sense from the getgo that the Norfolk Constabulary would just rather it all would go away. Calling in the counter terrorism command, the national domestic terrorism team and the e-Crime people got it off their blotter. Impounding Tallbloke’s computers for a time made it look to their political masters like something was being done. They could probably blame that on e-Crimes. It all served nicely to run out the time limitations so it does in fact, go away.

    It’s out of their hair with a minimum of political fallout. Aside from inconveniencing Tallbloke, which wasn’t very nice, I can’t say I blame them.

  53. Tony B (another one) says:

    There was never a chance of this getting anywhere near a court of law. Evidence given under a sworn oath, with severe penalties for perjury?
    No way would they risk that, because that would mean game over for the global warming scam.

    This lack of prosecution, or even any confirmation of what they did manage to find, is about as damning as it gets, to the veracity of the “evidence” provided by the high priests of AGW.

    Yes….November 2012…. a time to look forward to Climategate 3. …..bring it on!

  54. Duster says:

    What this means is that if the “hackers” were remotely based, they had effectively free access to the CRU and UEA computer system and could wander where they felt like. That kind of data mass is not simply grabbed. Organizing it alone would have taken some serious work time. Looking at the first release, since it included practically up to the moment emails, it sounds more like absence of evidence than evidence of absence regarding insiders, continuous accumulation and organization of the data, right up to the moment of release.

  55. Nomen Nescio says:

    They had the assistance of the Met Counter Terrorism Command? Really? E-mail is now a WMD?

  56. Doug Proctor says:

    It has been concluded by Norfolk Constabulary, in consultation with The Met, that due to outstanding enquiries this is now an unrealistic prospect.

    “… due to outstanding enquiries …”: Is this the key phrase? That there have been requests for critical information that has not been provided, and will in not be provided (in the time-frame at least) that allow the investigation to go forward?

    If UEA is not providing the required responses, then the investigation would be dead, wouldn’t it? As in “the victims are not cooperating with the police”.

  57. Brian H says:

    Cross-commented from Bishop Hill:

    “a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.”

    False on its face.
    1. Not “data files”, but the email server. Totally different thing. And not an attack; nothing was disturbed, garbled, or deleted. (Not that CRU has any data files, anyway. Philbert lost ‘em all in his terminally messy office. And mind.)
    2. FOIA carefully purged the email addresses of both senders and receivers throughout. A dastardly criminul international hacker did that? Pull my finger …
    3. FOIA explains his purpose, to force some ethics and transparency where little or none exists. And warns of far larger releases (via password for existing widely disseminated files) if things don’t shape up. This is an insider’s motivation, not an external hacker’s.

    The Constabulary have laid an ostrich-sized but dead and putrid egg.

  58. R.S.Brown says:

    Consider this:

    If the police/bug hunters had identified someone within
    the UK or the Commonwealth as being responsible for the initial Climategate
    “release” that November:

    Then they would have to use that sequested server and its contents in evidence
    … and the defence would have to be given access to it.

    No criminal = no defendent = no e-mails submitted as evidence (and
    therefore none open to public scrutiny) .

    Besides, “closed” cases can always be reopened depending on information
    or political pressure received.

  59. Morph says:

    What is the “statute limit” you refer to ? The UK is not (yet) part of the US so there isn’t one – there is for FOI breaches but that is due to Blair being an idiot.

  60. CodeTech says:

    I wonder if the Norfolk Constabulary are aware that they are not just a local joke, but an international joke. If I’m ever in that area I will be sure to keep a firm grip on my wallet and property, since there appears to be no effective policing whatsoever.

  61. Gail Combs says:

    After the last three days of runaround with various government authorities on a different criminal matter, all I have to say is I have yet to find a government official who could find his own A$$ with both hands unless there was a payoff involved.

    WHO needs to send out an emergency Epidemic and Pandemic Alert It would seem we have a world wide epidemic of this problem in the public sector.

  62. Kip Hansen says:

    John Broder, at the NY Times, at least uses the term “Climate change doubters”. He incorrectly states “The police put to rest speculation that the release was the work of a mischievous or disgruntled insider at the university’s Climatic Research Unit.” whereas in truth they stated “There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.” (If they had had such evidence, they would have been an eventual arrest, I suppose).

    http://green.blogs.nytimes.com/2012/07/18/climate-center-hacking-investigation-closed-with-mystery-unsolved/

  63. P. Solar says:

    AnonyMoose says:
    July 18, 2012 at 11:20 am

    >> Does this mean that the police-held hard drive will soon be again available for FOI searches?

    Ah! My very first thought on reading this. UEA got out of releasing thier records on the technicality that they did not “possess” the said documents because the police had impounded the computer.

    Now the police have decided to officially close the investigation, they will be returning the property to its rightful, legal owner. That means UEA will, once again, be “in possession” of the documents and will have no further grounds not to produce them.

    A new FOIA request to UEA would seem to be in order, just in case they have forgotten the previous request and lest they should (ahem) lose the disk or something silly.

    As for Norfolk Constabulary, thier silence over the past two years has pretty clearly been spent watching the clock tick on this one. You can bet if the perps were four young muslims they would have had no difficulty in finding where the “attack” came from.

  64. Dan in California says:

    sceptical says: July 18, 2012 at 9:13 am
    To bad the investigation into the unlawful hacking will not be completed. Several investigations have been completed as to the scientists and their work involved in this unlawful hacking and these investigations have shown the scientists to abide by the highest ethical standards. This stands in stark contrast to those who unlawfully steal and misquote emails. The distinction is astounding and shows the difference between those involved in scientific inquiry and those who are not.
    ———————————————-
    I suggest you read the emails themselves instead of taking the word from someone who has a conflict of interest.
    http://www.assassinationscience.com/climategate/
    There is *obvious* misconduct from the “scientists” in which they game the peer review process, and incite the firing of a magazine editor who didn’t sufficiently toe the alarmist party line. etc.

  65. George says:

    “Not “data files”, but the email server. Totally different thing.”

    Actually, it looks to me like the files came from the server used as a repository for backups of the mail server and other computers which is why many of the actual data files are available. Someone apparently swiped the files that were deposited on a different system in the course of some regularly scheduled backups.

  66. more soylent green! says:

    The investigation never determined there was a crime committed.

    Here’s the scenario we’re supposed to believe: One or more hackers illegally broke into the UAE systems, compiled all those emails and then left a file on an open FTP site on one of the UAE servers.

    Sure, sounds really plausible.

  67. Richards in Vancouver says:

    Mickey Reno says:

    “We can’t think of another explanation, ergo, IT MUST BE CO2 from human burning of fossil fuels!
    We have no evidence, ergo, it’s a HACK!”

    My thought exactly.

    Similarly, I’d like to know who “Harryreadme” is. I want to send him flowers. Or a box of chocolates. Or a big freakin’ solid gold medal!

  68. Bob Kutz says:

    So . . . a government agency reports a crime. ( I am presuming that EAU qualifies as governmental, since they are subject to ‘FOI’ requests.

    The constabulary begins an investigation but in the end drops it when those in charge of said government agency fail to respond to certain enquiries.

    How is that not gross misconduct of a public official? If you are able to make the complaint of a crime, as a public servant, then you are in fact required by law to assist law enforcement in their investigation. That’s not conjecture, that is the law. No public official is allowed to disregard a reasonable request from law enforcement in the conduct of their investigation. The bobbies need to tell us what was not produced.

    Something is terribly rotten here. I suspect the cops know this was an inside job, have just about proven as much and are giving up out of frustration with Phil & co. They have, no doubt, conducted a forensic investigation into the file itself. This has certainly brought to their attention the idea that it took someone who knew a lot about the inner workings of EAU quite a while to compile all of emails and data files. And then to redact the email addresses before releasing it? Oh yeah, it’s got the Russian mop written all over it. You know, with their reputation for etiquette and so forth hanging in the balance.

    That simple statement in the press release; ‘outstanding enquiries’ about says it all. At some point the citizens need to demand answers instead of one public official protecting another.

    It is sad that Scotland Yard would put up with this. They wouldn’t have to.

  69. Phil Ford says:

    This is a ridiculous charade – Plod knows more than it’s saying and I strongly suspect that what it isn’t saying is merely to spare some blushes at CRU. Nothing like an apolitical police force, eh? This is the same police force, incidentally, that regularly crows very publicly (all the time) about it’s increasingly ‘sophisticated’ online tech for catching international online child pornographers – but, somehow, they just can’t find a regular hacker…? Really? Pull the other one.

    Climategate was, of course, an inside job – a whistleblower, in other words (although I prefer the term ‘hero’). The police won’t tell us that – instead they make themselves look foolish by deciding they’re not up to the job at hand and just close the case file. God forbid the actual facts should ever get into the public domain. Another dreary whitewash. How many is that, now..?

  70. meemoe_uk says:

    Get the evidence of a sophisticated hack from the Norfolk police…. via a FOIA request?
    No chance, they won’t give it to you.
    You’ll have to wait for an anonymous insider with access to police files to release the data. This will be against the wishes of the police, but the insider will argue moral principles as justification of his actions.
    This event will be called ‘ Police Gate ‘.
    Some of the data will be police emails.
    e.g.
    ” I’d rather burn our evidence of a sophisticated attack than go public with it! ”
    what are they afraid of? That the public might see it to be a made up travesty?

  71. KnR says:

    P. Solar unless say hardware meets a ‘tragic accident’ on its way back to being used by CRU , after all it not been powered on all this time , so its to be ‘expected ‘ that when it is something ‘could go wrong ‘
    Of they could just stick in a box with some really strong magnets, which they ‘had no idea where in there too’ , and yes that one has been done before.

  72. The Old Crusader says:

    They saw nothing. They found nothing. They know nothing.

  73. Bob says:

    “‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.”

    So, I guess this means that they don’t know what they don’t know. Beautiful!

  74. Gail Combs says:

    Noblesse Oblige says:
    July 18, 2012 at 10:19 am

    There was no desire to identify the culprit(s) for to do so would have resulted in some kind of charges and a likely show trial. ….
    _________________________
    WORSE, If the release was from an insider who was upset about Jones and his evasion of the FOI requests it would become a Whistleblower case and evidence about why the release was done by the Whistleblower would have been very damning for the cause. Therefore it was always best to bury the whole investigation as deep as possible and point fingers towards a nebulous “…sophisticated and carefully orchestrated attack on the CRU’s data files….”

    I mean come on guys, a hack of Oak Ridge National Laboratory? Sure but CRU, yeah right.

    ….the founder of Cyber Defense Agency in Wisconsin Rapids, Wisconsin, said in an interview this year before the latest attacks. “There are two perpetrators that are most concerning. One is organized crime, the other is nation-states, and they are both quite serious.”

    Chinese-based hackers gained access to private Gmail accounts of senior U.S. officials and journalists this month, according of Google Inc. Defense contractor Lockheed Martin Corp. was hacked in May. Computers at Hopkinton, Massachusetts- based EMC Corp.’s RSA Security division were infiltrated in March by hackers who stole technology used to protect other U.S. government and corporate networks…..

    Some how I doubt China gives a hoot about grabbing climate data they are too busy hacking into private computer networks, likely seeking patent and technology information. And I really can not see “organized crime” hacking and releasing e-mails given the European Union’s flagship cap-and-trade carbon credit trading system is plagued by massive fraud and is effectively under the control of organized crime Even now Organized crime syndicates are eyeing the nascent forest carbon credit industry as a potentially lucrative new opportunity for fraud, an Interpol environmental crime official said on Friday.

    Big OIl? No way they are FUNDING CRU and have from the first so could get data just for asking. Heck Ged Davis was a VP of Shell, on the IPCC and in e-mail communication with Jones.

    That leaves a private skeptical scientist hacker and I really really doubt that.

  75. Billy Liar says:

    TinyCO2 says:
    July 18, 2012 at 12:20 pm

    Morph says:
    July 18, 2012 at 1:02 pm

    That’s what I thought. Read the Computer Misuse Act 1990 S11(3).

    http://www.legislation.gov.uk/ukpga/1990/18/section/11

    Three years after the plods learnt of the ‘crime’, FOIA is home free (as long as he/she/they aren’t in Scotland. (The statute of limitations does not, for some reason, apply in Scotland)

  76. ANH says:

    What a complete waste of public money this investigation was. It has been obvious from the very start that the emails were leaked from the inside but that was too embarrassing a scenario for the powers that be to contemplate so we had to have this farce of a police investigation. Even though this is Norfolk Police we are talking about I don’t believe that they are completely incompetent. As others have said nobody confessed but, also as others have said if they had any half decent IT experts working for them they must know where the leak came from – but they aren’t saying.

  77. GlynnMhor says:

    Cops impotent?

    Limp and drooping like the global warming of the past decade or so?

  78. P. Solar says:

    >>
    I trust that when UEA receive their server back, they do not promptly “wipe it”.
    I reckon an FOI for all emails contained on this server is in order and quickly.
    >>

    That would probably be a criminal act. Deleteing or destroying information that is subject ot possible FIOA requests.

    Since this information has already been the subject of such a request and the only reason that ICO tribunal allowed the non release was that UEA did not “possess” the said information, there is no question that the material is subject to such a request.

    In view of the change of circumstances, a new request would probably be in order and a complaint should be registered within the three month limition period, in the (unlikely?) event that UEA should prevaricate or refuse.

  79. Gail Combs says:

    dfbaskwill says:
    July 18, 2012 at 10:53 am

    “Bring on Climategate 3.”

    I think it is a safe bet that something is coming soon. I’ll bet whoever is behind it is waiting for something profound to be put out by the Hockey Team or its supporters.
    ___________________________________
    The US elections are in November 2012 and the Australian Election in 2013. Working Group Reports of the IPCC Fifth Assessment Report (AR5) are to be published between 2013 and 2014.

    So there are lots of dates to choose from but a dribble in the fall of this year seems likely with more in the fall next year.

  80. eyesonu says:

    Maybe the police report is somewhat correct; there was no crime, it was a whistle-blower. Will the reward be 10% and where does it come from? Will there be racketeering and fraud charges eventually filed against the perpetrators of funding and scientific fraud? Will assets be seized? Will multiple charges be filed against the players or will it be consolidated into one ongoing racketeering charge for each? Will convictions and incarceration terms run concurrently or consecutively? Will they just keep playing the victim card? Will they just keep playing the appeal of authority card?

    Am I just dreaming? ;-)

  81. Gene says:

    Inside, outside … who knowns. I wouldn’t jump to conclusions. Nobody is safe against a competent hacker. Absolutely nobody. Regarding the quality of police investigations, I had a bit of experience. I asked the UK police to investigate the theft of my laptop. I thought it would be a piece of cake because it showed up online just 20 minutes after it had been stolen and kept reporting its address through DynDNS. It continued to do so for three years, after which time I needed that name and claimed it for another machine. But I gave up waiting for the police to help much earlier. It took them eight months to obtain the disclosure paperwork for the first few addresses I gave them, and sure enough, by then the traces went cold.

    I even talked to the members of the internet crime unit in London about it, and they confirmed it should have been a piece of cake, but told me they would be helpless in that case because the town where my laptop was stolen was outside their jurisdiction.

    So it seems like hackers are safe attacking targets in the UK; outside London for sure. Not that I ever wanted the Climategate hacker to get caught, but I suspect it was a futile endeavour from the start.

  82. Mark Wagner says:

    “sophisticated and carefully orchestrated” = “file, send”

  83. TinyCO2 says:

    Billy Liar says:
    July 18, 2012 at 2:08 pm
    Read the Computer Misuse Act 1990 S11(3).

    Hmm, interesting. I suppose it would depend if there could be another type of crime considered (I won’t give them ideas). I still wouldn’t advertise myself once the deadline is up if I was FOIA. Especially as they keep trying to make scepticism a crime against humanity. The police might be fed up with it but certain people must still want revenge and they’d be backed all the way by organisations like GreenPeace or the Guardian.

  84. Brian Johnson uk says:

    It really is time for Climategate 3 because the Norfolk Police will be far too busy with their cattle rustling, swede stealing and other far more important pursuits. ;-) Time to shine a light.

    The village postman knows the truth. Local accent is charming.

  85. noaaprogrammer says:

    In a few decades, Deep Throat’s identity will be revealed.

  86. katabasis1 says:

    That conclusion is quite simply beyond belief.

    And such a conclusion comes in at a convenient time when the government has just finished its ‘Summer seminars’ on the forthcoming Communications Bill – which – from the seminar I attended and stuck my oar in, made clear that further screwing with the internet here in Old Blighty is most definitely in the frame and regulation of bloggers is *still* being considered.

    I’ll be putting an FOI request in tomorrow.

    On the good news front however, I can’t recommend to my fellow Brits enough that you go see the ‘Yes Prime Minister’ theatre show now on. I think it just created dozens of climate sceptics in the show I just attended and bodes very well indeed for the forthcoming new series. Methinks we have a couple of new allies on the sceptic side in the form of satirical writers Antony Jay and Jonathan Lynn……

  87. mrrabbit says:

    What my brain says:

    FOIA = A member of the house of lords or parliament – or an assistant/associate thereof providing the skills necessary to hide the obvious under direction.

    When the police figured this out – and realized the whole thing was a political maneuver to counteract the blatant scam AGW is, they backed off really quick.

    The bobbies, constables, investigators, solicitors, etc., appreciate being able to punch the clock, go home, eat a nice dinner and sleep in peace.

    FOIA will release another batch – knowing full well that while the police can do a duck once – they can’t do it twice because a member of the house of lords or parliament that is pro-AGW will foolishly press for direct action.

    Only then will it really play out – and heads roll.

    However the heads that roll will not be the heads of politicians, but those of scientists – rightfully or wrongfully. Even when a political showdown becomes a farce that falls apart – a head always rolls and more often than not – it’s that of someone a step below that of the politicians in question.

    =8-)

  88. TomRude says:

    Off to the Olympics now…

  89. Smokey says:

    noaaprogrammer says:

    “In a few decades, Deep Throat’s identity will be revealed.”

    Steven Mosher says he knows who it is.

    REPLY: Mosher has a speculation as to who it is, not an established fact. My speculation is that the person is familiar enough with UEA’s system they fooled the cops into thinking it was an outside job…which given their plodding, probably wasn’t that hard to do. Remember, the security at UEA/CRU was dismal, and they were so dumb that they thought they were chasing a “mole” (a fun character setup by McIntyre and myself in blog postings) when in fact the “secret file” was out in the open on a public FTP server. – Anthony

  90. Skiphil says:

    Mosher knows??

    Maybe after Nov. 17 he can tell us…. just whisper it to us here at WUWT…..

  91. GeoLurking says:

    “…. we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet. The offenders used methods common in unlawful internet activity to obstruct enquiries.

    A much simpler and less complicated scenario would be someone with inside access. No fancy super “7337” skills really needed. A little more complicated would be lifting the data off if a cloned drive that was in for repair.

    Did someone mention Occam’s razor? No? Never mind.

    “There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

    Yeah.. go ahead and keep thinking that.

  92. SanityP said (July 18, 2012 at 9:45 am)

    “…It’s a twap I tell you ! They don’t really know anything, granted, they are just hoping, waiting for that pending release of the password for that last stack of damning emails…”

    And, since they’ve dragged their feet so long (allowing the statute of limitations to run out), the “hacker” is now free to release the remainder of the emails. Expect the final release sometime after the 17th of November.

    TinyCO2 said (July 18, 2012 at 12:20 pm)

    “…Sadly for our information liberator there is no statute of limitations in the UK…”

    Well, according to the original post “…The investigation, code-named Operation Cabin, focused on unauthorised access to computer material, an offence under the Computer Misuse Act 1990, which has a three year limit on proceedings from the commission of the original offence…”

    So, there does appear to be a statute of limitations in the UK for this offence.

  93. Kaboom says:

    Once the statute of limitations has run its course there’s nothing really that would keep the whistleblower from releasing the password .. I wonder if some folks are profusely sweating already.

  94. RoyFOMR says:

    The police are on a hiding to nothing here, I fear, and they had to drop this hot potato as quickly as they could.
    I don’t doubt that they’ve asked the ‘correct’ questions, got the answers they’ve got and were unable to push harder as they may have been tipped the wink not to press too hard. National interest stuff old chap if you know what I mean; straight out of Yes Minister.
    Let’s not underestimate the Plod. They’re nobodies fools and I wouldn’t like to cross a senior officer who has been pressuried into being a patsy especially given the comparitively young age that many retire from the force.
    I find it interesting that this case has been publically closed with some months still free to fall within the three-year rule or whatever actual time applies!
    Case closed, equipment needed for examination now available for return to ‘injured’ party; potato safely back in UEA’s hands.
    Will they now be able to re-use that old chestnut; ‘The dog has eaten my homework, again!’
    Nice one officer!

  95. Ian W says:

    Pat Frank says:
    July 18, 2012 at 9:49 am

    “There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

    This is the only positive statement in the whole release. They could find no evidence for an inside source. That could merely mean no one at UEA admitted it, and they could find no traces of unauthorized access at UEA. That allows them to absolve UEA staff.

    And as the only positive statement – it is demonstrably false.

    The climategate emails are not a simple mail server dump. They are a selection of that appear to match the FOIA requests that CRU repeatedly refused to comply with. The mail server at CRU would have been full of emails of all sorts. But the Climategate emails were a careful selection all very apposite. Anyone that has worked with these kind of servers knows the huge amount of work involved parsing your way through a mail server, looking for those emails that are on or related to the subject and discarding those not wanted. I didn’t see any routine emails in the Climategate dump – no spam, no university business etc. But there would have been a huge amount of non-climate emails. The work-factor for an intruder even an APT would have been considerable.
    “However, as a result of our enquiries, we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet. The offenders used methods common in unlawful internet activity to obstruct enquiries.”
    It is quite rare to find a sophisticated hacker with a specific interest in climate science. This ‘rare beast would also have to know that there were incriminating emails to actually find on an unencrypted mail server. Then after downloading a HUGE mail file which would take time on its own. Then work for a long time searching for the appropriate ‘incriminating emails with a knowledge of whose emails were important and whose weren’t sometimes due to throwaway lines in the emails, and discarding the dross routine emails which would be the majority..

    And the payback? No attempt appears to have been made to make money out of the emails. They were sent to various news outlets (showing a trusting faith in the investigative journalists who only deal with cut and pastes frrom AP and Reuters). Then the sorted Climategate dump was left on a Russian server with messages to appropriate blogs such as Tallblokes Talkshop.

    This was not the work of a hacker this was the work of someone with continual access to CRU and a subject matter expert in the climate business, its wrinkles and the people involved both local and international. It could even have been someone who had been tasked with answering the FOIA and then after doing all the work was told to scrap it as we are not going to answer it. It is stretching credulity too much to accept that this was a ‘simple’ outside hack by a blackhat ‘denier’.

  96. mfo says:

    The police in the UK are being forced by the government to make savings of £2.4bn by 2015. This means a loss of 34,400 police jobs, including civilian staff, by 2015. Of these 15,000 police officers are to lose their jobs about half of whom do non-frontline work (computers for example). In addition 179 police stations are to close and of those remaining,1 in 5 will lose their front counters.

    Simon Reed, Vice Chairman of the Police Federation of England and Wales wrote, “Presumably, the public still want a police officer to turn up when they phone in, has David Cameron, Theresa May forgotten to tell them that this might no longer be the case? It simply will not be possible to provide the same level of service to the communities we serve as the cuts and reforms take hold of the 43 forces throughout England and Wales.”
    http://www.norfolk.polfed.org/index.php?option=com_content&view=article&id=370:the-true-meaning-of-independence-has-been-lost&catid=2:news&Itemid=43

    Norfolk police will lose 162 officers and 375 civilian staff to achieve budget cuts over three years of £24 million. Norfolk officers were amongst 20,000 police officers who demonstrated in London on May 10 against the government’s policies.

    To me a key statement from the Norfolk Constabulary is the concluding one:
    “While law enforcement agencies continue to develop our response to emerging threats, it falls upon individuals and organisations to be alert to this and and take steps to mitigate risk as far as is practicable.”

    In other words the UEA/CRU should have had better security which might have prevented the loss of emails in the first place in which case the Norfolk police wouldn’t have been made to look silly and had to waste their time on the digital blatherings of a bunch of academics.

  97. Methinks I smell a rat…..

    The police say they were competent enough to determine it was a sophisticated hack. But they say they can’t trace it down to an origin? My goodness, how many people in silicon valley could trace it to an origin. Pulease! If they can’t trace it then they don’t know what they’re doing in the first place. So saying it was sophisticated is euphemistic for “hey, we’re totally lost, it’s over our heads, we weren’t trained for this. Besides, it’s just not important enough to expend resources on solving it”.

    What’s the rat I smell? Maybe political paradigms make one not want to press the issue for fear real details would come out that would puncture the good ship global warming. But maybe I go to far with that.

  98. Kaboom says:
    July 18, 2012 at 4:56 pm

    Once the statute of limitations has run its course there’s nothing really that would keep the whistleblower from releasing the password .. I wonder if some folks are profusely sweating already.

    Yummmmm, that would make Thanksgiving Dinner taste even better this year. :-)

  99. timg56 says:

    Why do some people here apparently suspect the Norfolk police being in support of a particular narrative – in effect part of a coverup? While I can see the possibility of incompetence, a deliberate attempt to hew to a storyline seems rather improbable to me.

    To me it sounds like they couldn’t find s___t. The reference to an outside hack would still hold true even if the person responsible worked there or was familiar with the system.

    All this changes is the sideshow argument regarding Climategate and Glieckgate comparisons. It does nothing with regard to the content of the emails and what they reveal.

  100. Steven Mosher says:

    Ian w.

    “The climategate emails are not a simple mail server dump. They are a selection of that appear to match the FOIA requests that CRU repeatedly refused to comply with.”

    they are not a human made selection.

    They are not mails selected in response to FOIA.

    1. There are too many housekeeping mails.
    2. they cover topics far outside FOIA.
    3. In addition to emails there are other files utterly unrelated to FOIA.

    You are falling for the letter that the “hacker” released.
    That letter is a false trail. a misdirection.
    who wants to misdirect the blame.

  101. This is just sad. When is this whole global warming thing going to end? I know money talks. But can’t at least someone, somewhere along the concatenation of this comedy say, “Hey, wait a minute, WTF!”

  102. RoyFOMR says:

    ‘Why do some people here apparently suspect the Norfolk police being in support of a particular narrative – in effect part of a coverup?’
    Agree with your question, timg56; I strongly feel that the Norfolk police have done as well as the cards they were dealt could not have been played any better.
    ‘To me it soundsc like they couldn’t find s___t.’
    Think you’re wrong there; They would be more than competent at finding ordure but ’tis harder to prove it!
    ‘The reference to an outside hack ould still hold true even if the person responsible worked there or was familiar with the system’
    Agree but that, in no way, weakens their argument that they followed procedure within the remit they were involved with
    ‘All this changes is the sideshow argument regarding Climategate and Glieckgate comparisons. It does nothing with regard to the content of the emails and what they reveal’
    Agree, again, and that is why the police have washed their hands on the politics and let loose the hounds!

  103. Skiphil says:

    re: “who wants to misdirect the blame”

    mm… someone very close to the center of all the action??
    a distant hacker would not seem to have any reason or need for such misdirection
    (well unless it were some added layer of misdirection, to make it seem to the most observant that it was an insider trying to misdirect to an outsider who …. nah, too much subtlety for any “outside” hacker to care about, I would guess)

  104. RoyFOMR says:

    Steven Mosher says:
    July 18, 2012 at 6:05 pm
    Ian
    “The climategate emails are not a simple mail server dump. They are a selection of that appear to match the FOIA requests that CRU repeatedly refused to comply with.”
    they are not a human made selection.
    They are not mails selected in response to FOIA
    You may well be proven right, moshpit, but please point out the relevance of your post vis a vis the integrity exhibited by CRU compared with the ‘publish and be (slightly) damned by the circumspection of Madame FOIA (of whatever gender)
    Some claim that you know the identity of FOI but I’m with you on this. You know nowt! Keep up the good work

  105. Comment by Steve McIntyre on his blog:

    Too bad that they didn’t provide any evidence to actually dispel the theory that RC/FOIA “was a disgruntled UEA employee”. Nor do I believe anything that Acton says on this matter without corroborating evidence – which has notably not been provided here.

    If they’d resisted the temptation to embellish – “carefully orchestrated” for example – they’d have had a better chance of people accepting a statement. But such embellishments make it impossible to accept this without corroboration (bold added by me)

    And I agree with the bolds.

    link to his comment

    http://climateaudit.org/2012/07/18/norfolk-police-inquiry-at-east-anglia-ends/#comment-343379

  106. highflight56433 says:

    If the mail server is using a mirrored RAID, would one hard in the array have all the emails, thus replace one hard drive in the array walk out with the goods??? Sort out the hard drive at some other location.

  107. Jon says:

    Climategate 3 will probably happen short before the the next UNEP/IPCC(UNEPFCCC) “report” ?
    It must be very undermining for the The Team’s members morale to know that short before their policy based propaganda “claims” are put forward new Climategate e-mails will be made public.
    E-mails that show that the IPCC reports are not scientific but instead politics to support the UNFCCC and it’s radical UNEP policy based claims to promote a radical change of society.
    And the fun part of this is that it’s going to be The Teams own written words in leaked internal e-mails that clearly show that the reports claims that they are making public is not science but policy based solely and only on the UNFCCC.
    In other words ” the things we are going to tell you now is just policy based lies”.

  108. Skiphil says:

    A much better press release would have consisted of only two sentences suitably adapted from eminent climate scientologists to describe the real state of the police investigation:

    1) “We can’t account for [this] at the moment and it is a travesty that we can’t”

    2) “we know with certainty that we know f***-all”

    You see? Climate science can help out in so many unexpected situations!

    [cross-posting myself from BH if the mods permit]

  109. ATheoK says:

    “DEEBEE says:
    July 18, 2012 at 10:10 am
    sceptical, your tongue seems to be lodged firmly in the cheek at the wrong height.”

    Excellent one! I was halfway throught the next post before I grasped what you meant by “…wrong height.”

    I had a vision of someone cramming their tongue somewhere into their facial cheek, until that phrase sunk in. You meant instead, sung to the tune of “Oh, where the sun doesn’t shine…”

  110. Steven Mosher says:

    Roy.

    I have a theory. it is supported by facts. I don’t know. But then, we dont know anything.. maybe math and logic.

    it starts with opportunity. next comes motive. after that a bizarre set of facts only a few have attended to.

    Opportunity is easy. Motive is harder to figure out. But it’s there plain as day. once you see it.

    I will tell what the motive is Not: it is not related to the cause. any cause. its personal.

  111. AntonyIndia says:

    Norfolk is a region in England that suffered “mother Nature’s” brunt recently: snow and -14 C in February, a super dry March and monsoon in April: she is having a laugh with these CRUed clowns.http://www.edp24.co.uk/news/environment/torrential_rain_in_east_anglia_could_mean_april_was_a_record_breaker_1_1363702

  112. David Jones says:

    I am not normally one to engage in conspiracy theories and I am not sure I go with the conspriacy theories propounded here. However, I notice the coincidence that UK Parliament (HoC and Lords) broke up last week for the “summer” break so MPs are not able able to raise questions in the House to get more information from Government ministers.

    Possibly a guide to Norfolk Constabulary’s timing of this announcement.

  113. Steve C says:

    Didn’t believe their “it was a hack from the internet” when they first produced it; no reason to believe it now. It sounds like the attack dogs were getting nowhere and their owner decided to call them off.

    ‘Foia’ – please can we have that password soon? :-D

  114. Ryan says:

    Remotely. OK, remotely from where? If you know that the attack came from outside you should at least be able to get an idea of where outside. Russia? China? USA? UK? Surely it would be worthwhile to know….

  115. Jimi Bostock says:

    Ha ha – might be the cue for another release of emails

  116. Eli Rabett says:

    What part of

    “While no criminal proceedings will be instigated, the investigation has concluded that the data breach was the result of a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.

    didn’t you folks understand? Sorry, the whistleblower dog whistle just failed.

    BTW, the information gathered by the Norfolk Constabulary is almost certainly not available through FOI requests as likely involving a) a criminal investigation b) information from security serives c) international implications with foreign countries and more.

  117. Kaboom says:

    Remotely may simply mean a VPN connection from inside UEA to a non-logging VPN hoster and back in through the firewall via an open port exploiting any number of vulnerabilities or bad setup.

    Grabbing a single HDD from the SAN rack won’t get anyone far. A large institution like this will have a high level RAID (i.e. RAID6) with additional data duplication and volume spanning going. Any single HDD only contains unrecoverable gibberish, getting to it requires physical access to the server room and pulling it will trigger an alert to the admin (and possibly the manufacturer to ship a replacement part and send a technician to install it by presuming hardware failure). Removing the full shelf to take home is quite inconceivable.

  118. Bill Tuttle says:

    George says:
    July 18, 2012 at 12:01 pm
    There are ways of making it nearly impossible unless you happen to catch the traffic happening in real time, and there are ways of even making that less useful.

    And people with that level of expertise are (or soon will be) working for either one of about a dozen national governments/militaries or the Russian mafia…

  119. Jenn Oates says:

    I am enjoying all of this very much, and dearly hope Mosher writes a book about it one day. Some thriller it would be, even without any bodies (Which I dearly hope never happens. Professional reputations can deservedly die, yes, but not any actual people).

    Sincerely, an American schoolteacher posting this afternoon from Yorkshire, as I’m sure any competent hacker could easily determine. :)

  120. highflight56433 says:

    I agree that the perpetrator had a personal score. Also the time to take it must have been extensive, thus maybe a small amount at a time like a clever worm.

  121. Dianne says:

    I hope that after the 3 year statute limit is past, the hero hacker will identify himself (or herself)!

  122. Eric Barnes says:

    I think you are out on a limb with those speculations Steven. Hopefully time tells sooner rather than later.

    Steven Mosher says:
    July 18, 2012 at 6:05 pm
    Ian w.

    “The climategate emails are not a simple mail server dump. They are a selection of that appear to match the FOIA requests that CRU repeatedly refused to comply with.”

    they are not a human made selection.

    You are falling for the letter that the “hacker” released.
    That letter is a false trail. a misdirection.
    who wants to misdirect the blame.

    I will tell what the motive is Not: it is not related to the cause. any cause. its personal.

  123. Jean Parisot says:

    ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.

    I’m sure the possibility exists that the flash drive used may have been purchased over the internet

Comments are closed.