Media Questions and Answers from the Norfolk Police regarding the closing of Climategate

Operation Cabin Q&As (from the Norfolk Police here PDF)

The following questions and answers are an abridged version of Norfolk Constabulary’s Operation Cabin media briefing held on Thursday 19 July 2012.

How do you know it was an external hack?

In outline terms, we know it came via the internet from a number of different IP addresses, in various countries, which may have been proxy servers.
The attack was, first of all, into the web server (CRUweb8) in the Climate Research Unit (CRU) at the UEA. From there, a link was established to a CRU back-up server (CRUback3).

It’s fair to say, the university has to draw the right balance between giving access to information – it’s an academic establishment and, as such, has a proportionate level of security which enables people to work remotely and access information to operate in that academic environment. As a consequence of the attack, the UEA has taken a number of measures and its ICT infrastructure now looks very different.

We identified that the attackers breached several password layers to get through and they got to a position where they employed different methodologies to return the data. We identified a significant quantity of data that was taken in this way, certainly in excess of that which was subsequently published in the two files in 2009 and 2011.

We’ve used the expression ‘sophisticated’ and that’s because that’s the view of our experts who conducted that side of the investigation for us. They identified that, as well as achieving the breach, they also took significant steps to conceal their tracks and lay false trails and change information available to us in order to frustrate the investigation. The conclusion was the person /s were highly competent in what they were doing.

That technical investigation was the primary line of investigation although we did cater for other possibilities, these were later ruled out.

Which specific countries were involved in the trail of proxy servers and which countries were either helpful or uncooperative in your investigations?

While we will not be confirming the names of the countries specifically, we can confirm there were a number across the majority of the continents.

We would underline that the use of a proxy server in any country is not necessarily evidence that the hack originated in that domain.

We worked with partners in these countries and the level of response and support we got varied from being excellent to being quite time consuming.

The logistics involved meant it was a complex picture with different legal jurisdictions and sovereignties. Sometimes it’s a procedural issue and sometimes it’s a political issue with a small or a big P.

Can you confirm that the US was helpful?

We will not confirm the identity of individual countries but we can say, in general terms, there is a healthy and productive relationship between law enforcement in the US and the UK.

Did you detect that any national government could be behind this?

No. The hypothesis was, and remains, that the person or persons responsible for this could be anyone on a spectrum from an individual right through to the other end of the spectrum, including commercial organisations and governments. It is obvious that some commercial organisations would have an interest in maintaining their commercial position; similarly there will be economies and governments which have an interest in protecting their position. To be clear, we did not get any indication as to who was responsible.

It is clear the person responsible has knowledge of this subject; did you interview all the bloggers that showed an interest?

We interviewed a number of people and the logistical issues involved meant that much of this work was carried out remotely because, physically travelling to countries, and the logistics involved in achieving that – for the anticipated outcome – would have not be proportionate.

Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view. Therefore, we were realistic about the prospect of them being helpful to our investigation.

Can you describe what investigations you undertook at the UEA and who you interviewed there?

The focus internally was on the IT infrastructure and working out from there. We also looked at people working at or with connections to the Climate Research Unit and, in simple terms, we were looking for anything obvious. All members of staff were interviewed. If someone had some obvious links or had an axe to grind, then that might have been a line of enquiry.

Generally speaking, it was a screening exercise which did not provide any positive lines of enquiry.

Whilst – because we have not found the perpetrators – we cannot say categorically that no-one at the UEA is involved, there is no evidence to suggest that there was. The nature and sophistication of the attack does not suggest that it was anyone at the UEA.

You say that the hacker had to go through a series of passwords; do you know that someone at the UEA would not have had access to these passwords?

Anyone with access to these passwords has been excluded as a suspect. Additionally, there was some evidence of work undertaken to break passwords.

It has been reported that the hacker accessed the server on three separate occasions, can you confirm if that’s true and if there were any further attempts to access the server after ‘climategate’ broke and have there been any recently?

The report is inaccurate. The attack was conducted over a period of time and access would have occurred on a number of occasions and certainly more than three. Of course, we only know what we know. I have already described it was a sophisticated attack; we have established a substantial amount of what happened. What I can’t say is whether we have established everything that happened.

There were no further data breaches once the story had broken in November 2009, not least because we had taken possession of Cruback3 and it wasn’t available to be accessed.
Do you know when the attacks began?

There’s a timeline of events and there has been speculation, in the media and the blogs,
that there may have been an orchestrated campaign of Freedom of Information requests to the University in the summer of 2009. It appears the attacks were undertaken late in that summer, early autumn, through to November. The first tactic that we were aware of was in September 2009.

There was news that some other institutions, including in Canada, that may have come under a similar attack at that time. Are there any other institutions that you have found that were attacked at this time?

We did have some dialogue and there were one or two that had been attacked and we did have a preliminary examination but they did not give us any indication or cause to suspect that it was in any way linked to the UEA.

What happens to Cruback3 now?

It has been returned to the University of East Anglia, having been retained as an exhibit through the course of the investigation. It was necessary to retain the actual server for this time. It contained a massive amount of data, something in the region of five terabytes.

When the second batch of e-mails was released, there was the note that came with them. Did you or your colleagues contemplate doing structural linguistics or analysis to try and trace it to a particular location in the world?

It was speculated on and it was something we did consider. Our conclusion was that it would be unlikely to take the investigation anywhere and, in fact, if you are trying to conceal your tracks it could have been constructed to mislead.

You have been restricted by the statute of limitations, would you have continued with this investigation otherwise?

The decision to close the case was a combination of the time limit and an acknowledgement that we had pursued this as far as we reasonably can.

Did you consider prosecuting people dealing in the information that was clearly stolen?

In terms of offences committed, it becomes a much greyer area. The same challenges exist in terms of identifying those individuals. An operational decision was made not to pursue this.
<Ends>

About these ads
This entry was posted in Climategate and tagged , , , , , , , . Bookmark the permalink.

108 Responses to Media Questions and Answers from the Norfolk Police regarding the closing of Climategate

  1. tgmccoy says:

    Did Tallbloke ever get this computers/ hard drives back? I still say it was an inside job…

  2. Skiphil says:

    What happens to Cruback3 now?

    It has been returned to the University of East Anglia, having been retained as an exhibit through the course of the investigation. It was necessary to retain the actual server for this time. It contained a massive amount of data, something in the region of five terabytes.

    ===============================================================
    Let’s hope relevant FOIs can still proceed unless CRU is able to get away with stalling forever and/or wiping the server.

    re: 5 terabytes, does that suggest there was a lot more docs and/or emails than what may be in the still encrypted zip file from FOIA?? I don’t know the details such as the size of the zip file still out there… just wondering if the 5 terabytes on that server suggests anything, about how much selection and culling FOIA must have done (and why)???

  3. Carl Brannen says:

    “Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view. Therefore, we were realistic about the prospect of them being helpful to our investigation.”

    He’s saying that the emails support the skeptic community. Note he didn’t say “deniers”.

  4. ken Methven says:

    “We identified a significant quantity of data that was taken in this way, certainly in excess of that which was subsequently published in the two files in 2009 and 2011.”

    WOW…more to come FOIA?

  5. Truthseeker says:

    They could have just gone to this excellent analysis and achieved a greater understanding than they seem to have arrived at on their own.

    http://thepointman.wordpress.com/2010/12/17/why-climategate-was-not-a-computer-hack/

    Pointman hits the bullseye … again.

  6. Urederra says:

    Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view.

    So, the police is admittng that the climategate mails support the sceptic point of view.

  7. Matt C says:

    So I read it like this: “We have no legitimate suspects, so we’re gonna point the finger at the folks requesting tranparency in the science behind the CAGW scare and that information be released according to the Freedom of Information Act. And if it wasn’t them, it must have been an industry that we’re trying to make suffer.”

    Very disappointing.

    What a slanted report. Pathetic!

  8. Lancifer says:

    Translation,

    “The perps must’a been “sophisticated” because we didn’t catch ‘em.”

  9. David Ross says:

    “Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view.”

    Of course any honest person who actually read the emails would come to the same conclusion. I don’t suppose this particualr statement by an investigating police officer will receive much coverage in the mainstream media. But it should. Again, why was there no police investigation based on the content of the emails rather than their hacking?

  10. DirkH says:

    “The hypothesis was, and remains, that the person or persons responsible for this could be anyone on a spectrum from an individual right through to the other end of the spectrum, including commercial organisations and governments. ”

    Oh goody, that’s right up there with the CO2AGW hypothesis which says that any and all weather event proves CO2AGW.

    Get this anyone! Find him and make him talk!

  11. jorgekafkazar says:

    People persist in assuming that the police are stupid in this case. It’s likely that they are not at all stupid, but clever enough to see nothing would be gained by pursuing this to the bitter end and actually finding the hero…I mean, the dastardly culprit. The Norfolk police, like all the rest of us, are victims of the AGW fraud–higher taxes, higher gas, oil, petrol, electricity, and water prices. By blaming Climategate on the largest possible number of suspects, they close the investigation forever, like the Ark of the Covenant being carried on a fork truck down endless rows of a vast government warehouse, never to be seen again.

  12. Matt says:

    We have American and British officials bragging how they wrote the viruses for hacking the Iranian nuclear plant – which is an act of war, as defined by the US post 9/11 — BUT they cannot confirm whether the US helped them with a simple criminal investigation which is an OK thing to do in the first place. Sometimes it is hard to concieve a reason for something if there simply isn’t one :)

  13. Ian W says:

    Truthseeker says:
    July 19, 2012 at 10:48 pm
    They could have just gone to this excellent analysis and achieved a greater understanding than they seem to have arrived at on their own.

    http://thepointman.wordpress.com/2010/12/17/why-climategate-was-not-a-computer-hack/

    Pointman hits the bullseye … again.

    He does.

    It is an expansion of the same point I made on another thread. The work factor involved for potentially nothing of interest and definitely nothing of interest to a ‘great white’. Remember back to the first release. The total shock at the content of the emails and the dreadfully inept poor quality software (as in Harry readme). Someone had to know the dirty washing was there and understand it was dirty washing and that the world would be aghast when it was released. Would a ‘great white’ hacker with lots of computer knowledge also understand the importance of the emails and the development software?

  14. Mr Green Genes says:

    “We couldn’t find evidence for anything else* so we have decided that CO2 / an external hack / the Illuminati (delete as appropriate) MUST be to blame, despite there being no evidence for that either.”

    * I’m not saying we looked very hard though.

  15. Vieras says:

    I’ve read several comments where people still believe that Climategate was done by a whistleblowe. If you want to be sceptic, you need to be sceptic about everything. Especially about your own beliefs.

    After reading this news, it’s not likely that it was an internal leak. Before all this information I thought that an internal leak was probable. Pointman wrote in his blog good reasons for that. However, this police Q&A states a number of facts, that make is unlikely that it was an internal leak. So FOIA is probably a computer whiz who knows how to exploit vulnerablilities and crack systems without being caught. People like those are not climate scientists, who would do a lousy job like Peter Gleick did.

    So who is FOIA? It’s certainly someone who dislikes the climate science shenanigans as much as any of us. I don’t think that it’s a company (like Big Oil) or a country (like China). FOIA is an individual or at most a small group of people. And if I would have to bet, I’d put my money on FOIA being a student at the UEA. One, who does not study climate science or arts or social sciences but real science. They do have a Faculty of Science there and also teach computer science, mathematics and engineering. They do have students with necessary skills and the students would have a better chance of knowing more about UEA’s computer network.

    I don’t think it is wise to remain convinced, that it was a leak. We critisize climate scientists, that they discard unwanted information to remain convinced about AGW. How can we critisize them if we discard all this information and stubbornly claim that it was a leak? It makes no sense. It probably was a hack, but it doesn’t diminish the seriousness of the hacked material.

  16. TomRude says:

    The good news is that there is plenty of juicy bits to come out…

  17. David, UK says:

    “Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view.

    Hang on. I don’t think they’re really admitting that the emails support the sceptic view, although admittedly that would be the first obvious interpretation. However, if they really believed that then they’d be bound to investigate the real criminals (i.e. the anti-scientists at CRU) not the whistle blower. Therefore, I suspect it means something else and has just been clumsily worded. Read it again: “[sceptics would] give the appearance of welcoming-the-published-data-because-it-supports-their-view.”

    So, it looks to me like they’re meaning to say that the actual “because-it-supports-their-view” reason is meant from the sceptics’ perspective, not the police’s. And as an aside: why couldn’t they simply say that we sceptics, in the main, welcomed the published data, instead of stating that we gave the appearance of welcoming the published data? No one else find that statement quite strange?

  18. David, UK says:

    To follow from my last comment, another thought: this continuous use of the emotive word “attack”. Nothing was damaged, no one was hurt. This wasn’t an “attack”. It wasn’t even so much as a theft, since the emails were written on publicly owned servers, and written on publicly funded time. That data belongs to us, the public. Mr FOIA simply took back what was already ours. So how do the police justify describing this hack (and I’m happy to accept it was a hack, as long as the evidence supports it) as an “attack”?

  19. “Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view. Therefore, we were realistic about the prospect of them being helpful to our investigation.”

    He says the skeptical community would not be cooperative with police. What a smear! Did they even try to talk to skeptics? What a racist.

  20. Tucci78 says:

    The hypothesis was, and remains, that the person or persons responsible for this could be anyone on a spectrum from an individual right through to the other end of the spectrum, including commercial organisations and governments.

    I like the juxtaposition of the words “individual” and “right” – even if unintentional – particularly in light of a recent promulgation uttered with funding by our federal Heimatsicherheitsdienst which defines American citizens who are “reverent of liberty” (among other sentiments) as potential terrorists.

    The study referenced is titled Profiles of Perpetrators of Terrorism, published in 2011 by the National Consortium for the Study of Terrorism and Responses to Terrorism at the University of Maryland.

    Doubtless there’s a similar sentiment on the part of the government thugs in the United Kingdom.

  21. Gary Pate says:

    ” The nature and sophistication of the attack does not suggest that it was anyone at the UEA.”

    Pretty glowing endorsement of the UEA, so sophisticated.

  22. David Ross says:

    Darwin Correspondence Project
    http://www.darwinproject.ac.uk/
    “On this site you can read and search the full texts of more than 7,000 of Charles Darwin’s letters, and find information on 8,000 more. Available here are complete transcripts of all known letters Darwin wrote and received up to the year 1868.”

    The Newton Project
    http://www.newtonproject.sussex.ac.uk/prism.php?id=22
    “Many early modern scientists and mathematicians have been honoured by having their collected works published in printed editions. For example, Christiaan Huygens, Johannes Kepler, René Descartes, Galileo Galilei, Gottfried Leibniz, Robert Boyle and Leonhard Euler have all been well served by modern editions, some of which have still not reached completion after nearly a century.”

    If I read Darwin’s correspondence it doesn’t make me doubt the theory of evolution. If I read Newton’s letters I don’t start to doubt the laws of motion. Why should publishing scientists’ correspondence “undermine” belief in their science unless there is something wrong with it?

  23. P. Solar says:

    “Let’s hope relevant FOIs can still proceed unless CRU is able to get away with stalling forever and/or wiping the server.”

    That would be very unwise. Since this data has already been established as being subject to FIOA any attempt to delete or destroy it would be a criminal act.

    Their last ditch attempt at refusal was based on non possesion of the information. Now the police have confirmed that the server has already been returned they not longer have any legal or physical reason to refuse the FIOA requests.

    Since this was a “backup” server, they clearly would have had other copies all along, that’s what backup means. So the original refusal was probably dishonest in itself.

    Any FIOA requests should be resent. Now.

    BTW, I think Q&A responces from the police were quite clear and informative for once.

  24. A. Scott says:

    Wouldn’t the server being returned to their possession take away one of the defenses they claimed for ignoring FOI requests?

  25. ancientmariner says:

    “The nature and sophistication of the attack does not suggest that it was anyone at the UEA……..”

    but we are supposed to believe the good folks at UEA can understand the climate?????

  26. Ally E. says:

    By examining these emails, haven’t the police now EVIDENCE of AGW fraud? These email-admitted manipulations of data and the open corruption of science has led to theft of billions of dollars from taxpaers around the world, not to mention an on-going serious attempt to bring about the collapse of democracy AND civilization. Shouldn’t they be ARRESTING SOMEBODY? What the hell does it take to get the authorities moving on this?

  27. So cru backup server had 5 terrabytes of data on it. Wonder how much FOIA is sitting on….

  28. “Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view. Therefore, we were realistic about the prospect of them being helpful to our investigation.”

    I, and Anthony, offered help in their investigations but they declined it, so I find their statement surprising.

    They haven’t had the decency to contact me to tell me they had closed their investigation even though I had protested about them keeping my details on file just because I had made an FOI request.

    I have now formally asked they delete all my details under the data protection act in the UK, I am awaiting a reply.

  29. Brian H says:

    Well, much less Keystone-ish than I anticipated. Not quite up to Clouseau’s standards, maybe, but …

    The major hang-up I have with the whistleblower hypothesis is the difficulty I have with imagining FOIA wearing a consensus mask so long without slipping.

  30. kwik says:

    Ally E. says:
    July 20, 2012 at 1:05 am

    “By examining these emails, haven’t the police now EVIDENCE of AGW fraud? Shouldn’t they be ARRESTING SOMEBODY? What the hell does it take to get the authorities moving on this?”

    Would you arrest someone if they
    -Work for you, and do as they are told.
    -Makes it possible to increase your income. (taxes)
    -Makes it possible to start huge government projects.

    Would you?

  31. polistra says:

    @Ally E: “Shouldn’t they be ARRESTING somebody?”

    No, because the Carbon Cultists are doing exactly what the US/UK/EU governments want. Destroying civilization, starving the poor, and enriching the rich. Why would US/UK/EU want to arrest their most loyal footsoldiers?

  32. CodeTech says:

    Vieras:
    Even If the story told so far is accurate and this was an external hack, it seems fairly likely to me that someone “in the know” knew what was there. It’s a trivial step from there to having someone with more experience in the hacking arts do the actual deed.

    This also reminds me of someone I used to work for who refused to use a CD/DVD emulator called Daemon Tools because he once read that it used many of the same techniques as a Rootkit, therefore in his mind Daemon Tools is equal to a rootkit and thus is equal to a virus. No amount of explaining was enough to convince him otherwise.

    In the same vein, the chances of someone randomly seeking out the specific server and data to grab and make public are vanishingly small, something on the order of McKibbens’ numbers regarding 327 months of above average temperatures. EVEN IF the data was obtained via external hacking, no matter how “sophisticated” it was, it remains highly probable (to me) that there is still a whistleblower involved.

    As a proper skeptic, I remain unconvinced in either direction. But it does seem highly unlikely that random hackers knew what to get and where to get it from.

  33. Andrew30 says:

    “The nature and sophistication of the attack does not suggest that it was anyone at the UEA.”

    So you are saying the people at UEA are ….

  34. Mindert Eiting says:

    Some suggestions to the investigators: 1. Check your assumptions. These are needed to keep the problem-space small but some are simply bad. Restrict them to trivialities. 2. Check the quality of your information. Information from others, including your self, may be totally worthless as it may consist of made-up facts. 3. Don’t be proud of your hypotheses. They are rational reconstructions but reality often does not conform to your rationality (the most serious errors in police investigation have to do with this fixation). 4. Try to be serendipitous.

  35. Garry Stotel says:

    Will the end of the investigation prompt the release of the password for the Part 3 of the emails?
    Just to keep the fire burning, I suppose, unless there is something in those emails that can change the game.

  36. Patrick Davis says:

    “Adrian Kerton says:
    July 20, 2012 at 1:45 am”

    From what I know about the 1984 data protection act (UK), I would suggest you will be waiting a long while for that to happen, if at all.

  37. Jimbo says:

    OK, for now, I will take their word for it that it was a hack and that it did not involve someone in CRU.

    We identified a significant quantity of data that was taken in this way, certainly in excess of that which was subsequently published in the two files in 2009 and 2011……….

    It contained a massive amount of data, something in the region of five terabytes.

    FOIA was not lying about releasing just some of the files I see. Get ready for Climategate 3 folks.

  38. Harold Ambler says:

    There’s a timeline of events and there has been speculation, in the media and the blogs,
    that there may have been an orchestrated campaign of Freedom of Information requests to the University in the summer of 2009. It appears the attacks were undertaken late in that summer, early autumn, through to November. The first tactic that we were aware of was in September 2009.

    1. It’s an interesting police press conference in which an officer of the law points to blog speculation when answering a serious question about a serious matter.
    2. The linkage of FOI requesters with the alleged hacker appears to be a talking point that the officer received from someone at the Climatic Research Unit, perhaps Phil Jones himself. And I don’t mean that a specific conversation led to this, although it could have. Rather, the officer’s entire way of thinking about the matter has been heavily influenced by an interested party in the case. Included in the mindset: the CRU is the victim here; FOI requests come from malevolent sources; skeptic bloggers are pond-scum. These are articles of faith for Phil Jones and his closest associates.

  39. Kaboom says:

    Let’s play devil’s advocate for a minute, even though it obscures the situation. Pointman’s analysis is interesting but assumes one thing about CRU’s IT that are an unknown but important variables: competence and budget. The same argument he makes for the importance of the target goes for its resources and efforts to protect the material in question. There may have not been much in the way of intrusion detection, log analysis or password security and all of the hurdles may have been kid’s play to jump to get to the data.

    Universities are not necessarily known to attract top notch IT security staff (outside maybe research itself) or pay top dollar for the talent they do hire – no offense intended. The folks there may be more interested in job security and having time to goof off on the job or pursue pet projects during work hours from my personal experience. So in essence, getting to the data may have been much easier than the tone of the investigation report or Pointman’s mission impossible script to hack the NSA’s coffee webcam let on. A number of items from the report support this theory (i.e. knowledge that passwords may have been brute force cracked without triggering alarms).

    The real sticky point, imho, is the interest in the particular data obtained, the idea that it might (still) be there and accessible and the care with which it has been released so far. Those things give credence to the idea that someone on the inside at least pointed out the target and may have paved the way to extracting it (and put up red herrings to pursue in the investigation they must have known would follow). As I said before, inside and outside man might have been the same person, all it takes is a VPN from another virtual machine on the same computer to be both while sitting in the office. Funny enough that may put the person in question beyond the skill set of the IT staff around them and might just tie into Mosher’s claim of the motive being a personal one. What better way than put egg on the face of your head of IT and the buffoonish researchers that look down their noses at you and defraud the world than this little stunt if you’re a talented IT guy stuck at a university job?

  40. Bloke down the pub says:

    The nature and sophistication of the attack does not suggest that it was anyone at the UEA.
    Hahahaha

  41. Josualdo says:

    Tucci78 says: July 20, 2012 at 12:25 am
    I like the juxtaposition of the words “individual” and “right” – even if unintentional – particularly in light of a recent promulgation uttered with funding by our federal Heimatsicherheitsdienst which defines American citizens who are “reverent of liberty” (among other sentiments) as potential terrorists.

    YOf course they deny saying that right on the first page. But then, being reverent of individual liberty or against globalization is then stated as part of the profile of an extreme right-wing terrorist. So, it is the case that if you’re a right wing terrorist, then you have properties A, B, C…

    And then, although they say it is not so, if you have the properties A, B and C you fit in the profile of a right wing terrorist. Therefore you are a possible right wing terrorist. These are the simple but effective wonders of such stuff as profiling and circumstancial evidence.

  42. David A. Evans says:

    I’m with codetech. This was done with inside involvement, no doubt about it.

    5Tb a massive amount of data?

    I’ve got 2Tb on my music studio PC! This is backup server 3. What was wrong with servers 1 & 2 and I presume 4 & 5? As I say, 5Tb isn’t really a lot especially not when you consider that this is backup for the whole campus.

    I’m not buying it.

    DaveE.

  43. michaelozanne says:

    “Whilst – because we have not found the perpetrators – we cannot say categorically that no-one at the UEA is involved, there is no evidence to suggest that there was. The nature and sophistication of the attack does not suggest that it was anyone at the UEA.”

    This does imply that all the staff at UEA are pig thick (well it is in “Narchh” after all…) and they thought the sceptics were being harsh…:-)

    Seriously though. In the end there isn’t significant evidence against anyone, and so the conclusion that it is an outside job is pure conjecture.

  44. Josualdo says:

    ancientmariner says: July 20, 2012 at 12:42 am
    “The nature and sophistication of the attack does not suggest that it was anyone at the UEA……..”
    but we are supposed to believe the good folks at UEA can understand the climate?????

    Ancient, we know Phil is unable to use Excel.

  45. Josualdo says:

    Ally E. says: July 20, 2012 at 1:05 am — By examining these emails, haven’t the police now EVIDENCE of AGW fraud? These email-admitted manipulations of data and the open corruption of science has led to theft of billions of dollars from taxpaers around the world, not to mention an on-going serious attempt to bring about the collapse of democracy AND civilization. Shouldn’t they be ARRESTING SOMEBODY? What the hell does it take to get the authorities moving on this?

    They certainly don’t have an open file on these. Anyway, the destruction of western civilization is likely not to be in their jurisdiction.

  46. BOFHse says:

    Well, any internal whistleblower having a reasonable amount of technical sophistication and a survival instinct could easily fake intrusion, or even create a security deficiency and see what pops in. I sure know I could.

  47. Ron says:

    Speculating for fun. By claiming disinterest in pursuing this further and closing the file knowing full well FOIA has scads more emails to release, might the coppers have laid a little trap somewhere deep in IT-ville for a return visit? A question for you IT experts? On the other hand, and the more likely scenario in my view, is that they may know or think they know whodunnit but don’t wish to pursue, which could be the case if government agents of another land were behind it. Which countries stand to benefit if the AGW theory and scientific ‘proof’ were proven bogus, as indeed they were? All countries p’raps?

  48. more soylent green! says:

    Who is Harry? You know, of HarryReadme fame.

    Maybe that can be our “Who is John Galt” catchphrase?

  49. Alan Watt, CD (Certified Denialist), Level 7 says:

    Jimbo says:
    July 20, 2012 at 3:44 am

    OK, for now, I will take their word for it that it was a hack and that it did not involve someone in CRU.

    We identified a significant quantity of data that was taken in this way, certainly in excess of that which was subsequently published in the two files in 2009 and 2011……….

    It contained a massive amount of data, something in the region of five terabytes.

    FOIA was not lying about releasing just some of the files I see. Get ready for Climategate 3 folks.

    First of all, a backup server generally backs up more than just the email server, the vast majority of which is of no interest to anyone except those administering systems which have lost files and need to recover them. Depending on the backup software used and the retention policies defined, it most likely contains multiple copies of the same files. So that five terabytes may be less than one terabyte of unique data, most of which has nothing to do with email at all, and climate research email in particular.

    Second, the police said the backup server contained approximately five terabytes, not that the intruder actually got that much. I assume someone skilled enough to compromise the backup server would be able to use the software to index and extract exactly what was wanted. This is even more reasonable if you assume it was an inside job.

    Finally, a complete dump of one year’s worth of email (a common retention policy) from a typical institution would consist overwhealmingly of incredibly boring and trivial material. Long threads of “reply-all” wandering discussions over a series of loosely related topics. I drown under this stuff at work and I’m only dealing with what is sent to me. The thought of having to go through a bunch of other people’s email and try to figure out what they are doing on one specific topic is enough to make me want to put a bullet through my head. If you want to know the identity of FOIA, look for suicides shortly after the last release.

  50. H.R. says:

    @Andrew30 says:
    July 20, 2012 at 3:04 am

    “The nature and sophistication of the attack does not suggest that it was anyone at the UEA.”

    So you are saying the people at UEA are ….
    ======================================================================
    I saw that too but you got there first. Dang!
    That one probably qualifies as a Friday Funny, compliments of the Norfolk Police.

  51. Pamela Gray says:

    There are likely two laws to consider regarding limitations. One, the date the “purloining” happened, and two, the date the “purloiner” published the contents. My hunch is that the unpublished contents have a monetary value now attached, as well as the fact that these unpublished goods are stolen goods. Gonna be hard to release the last bunch in any form. These may very well stay unpublished and would likely be placed in the purloiner’s will.

    This speaks directly to the attempts by many to keep their data out of the hands of FOI requests. The true “purloiners” are the scientists who sit on their data and code, essentially having “purloined” it from the public tax payer who rightfully owns it. These scientists and bloggers who have whined to high heaven about this “attack” ought to look in the fricken mirror at the true perps in this entire sad affair.

  52. FerdinandAkin says:

    The downloading of the files was just routine surveillance conducted by British Intelligence. Since MI6 are professionals, nobody ever detects or even notices the intrusion – it happens all the time. In this instance a rouge agent sees the content of the files and chooses to publish them on the Internet. The British Government will never admit to monitoring closed networks, so we are seeing the Constabulary making lame excuses that they have no idea how this happened or who did it. This is an internal Government matter that will be handled out of the public view.

  53. Vieras says:

    CodeTech: “Even If the story told so far is accurate and this was an external hack, it seems fairly likely to me that someone “in the know” knew what was there. It’s a trivial step from there to having someone with more experience in the hacking arts do the actual deed.”

    Put yourself in the shoes of a whistle blower. You know all about Harry’s work and that the e-mails are full of juicy bits. How do you proceed if you want the world to know? The last thing you’d do would be to go around trying to find hackers to attack a server system you don’t know anything about. And even if you found someone, you can’t know if they are interested or even skillful enough to do the job. And they don’t do services for free. And even if they could and would, you’d never be sure that they’d not brag around and reveal you. So I think that we can rule out the possibility that someone from CRU would have contracted an expert to crack the server. FOIA is definitely someone who had the the motivation and the necessary skills. Miles away from an average computer user or an average CRU employee.

  54. NoAstronomer says:

    “Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view.”

    As others have pointed out that statement does seem to damn CRU somewhat.

    I’ll point out that just because the network logs show that the whoever took the data did so from outside the CRU network that doesn’t really tell us anything about whether they were a CRU insider or had help from inside.

    Mike.

  55. CaligulaJones says:

    So, the server is back home. Wonder if they, you know, accidently drove it past the magnet factory very slowly. Often.

  56. Lady in Red says:

    The Pointman is good! — and correct, I surmise. At the same time, I am grateful that The Great White or the Mouse-Like Insider walks free. Leave him alone.

    Watching the media and govt ugliness surrounding poor George Zimmerman these days, there’s no doubt that, if identified, big trouble would loom on the horizon for this soul. ….for the education of the others…..

    Also, one day, soon, I hope, like a bright brass key, a secret password will be dropped, somewhere, and whoosh! the floodgates will break and truth will flow. ….Lady in Red

  57. “We couldn’t find evidence for anything else* so we have decided that CO2 / an external hack / the Illuminati (delete as appropriate) MUST be to blame, despite there being no evidence for that either.”

  58. David Ball says:

    There are 2 separate investigations (or there should be). This one established that they cannot find the perpetrator of the email release. The second should now investigate the content and why this person felt the need to risk prosecution to get this information out.

  59. Pointman says:

    @David A. Evans. You’re right not to buy it. There are so many technical inconsistencies in that statement, I wouldn’t know where to start.

    Pointman

  60. more soylent green! says:

    christianpasti204747594 says:
    July 20, 2012 at 7:01 am
    “We couldn’t find evidence for anything else* so we have decided that CO2 / an external hack / the Illuminati (delete as appropriate) MUST be to blame, despite there being no evidence for that either.”

    Does that mean they didn’t find evidence of the external break-in involving several proxy servers on multiple continents. Further on, it sounds like they did. You’re implying they “couldn’t think of anything else, so it must be AGW an external hack.”

  61. Kaboom says:

    I’d like to submit that the 5 TB of data trotted out may in fact be the raw capacity of the disc shelf that held crubak3’s data, not the actual content. Also: redundancy protected highly accessible server storage space is expensive (and was even more so when this took place), so the number of way-back copies of data would necessarily be low and anything but the most two or so recent increments would be stored off-disc (most likely on a tape library, less often optical storage).

  62. theduke says:

    “The nature and sophistication of the attack does not suggest that it was anyone at the UEA.”

    A little unintentional police humor there. Also a bit of a reach. Did they check all the old employees of Hadcru? They’ve been in business for a long time. Are they certain that none of the past graduates of the computer sciences program executed the “attack.”

    If a high government official’s server had been compromised, the perpetrator would be in jail now. There was no pressure from above to solve this case, even though some high ranking bureaus and experts were apparently consulted.

    The fact remains that if the culprit had been caught, the ensuing trial and controversy would be a public relations disaster for the forces of AGW. All the powers that be had to do to make sure the case was not solved was leave it in in the hands of the local constabulary.

  63. G. Karst says:

    Since the release of data is ongoing (meaning info has been released from time to time) Isn’t this an ongoing tort. And as such, doesn’t it nullify the time limitations?? GK

  64. ferdberple says:

    David Ross says:
    July 20, 2012 at 12:30 am
    If I read Darwin’s correspondence it doesn’t make me doubt the theory of evolution. If I read Newton’s letters I don’t start to doubt the laws of motion. Why should publishing scientists’ correspondence “undermine” belief in their science unless there is something wrong with it?
    ============
    Very good point.

  65. highflight56433 says:

    “They do have students with necessary skills and the students would have a better chance of knowing more about UEA’s computer network.”

    I agree with that contention. Some IT students are technically way ahead in the world of IT professor/teacher/textbook or otherwise and their skill combined with being on campus, and being bored and have time and maybe are coincidently not be too agreeable with certain bs in the climate research are more likely to have pulled this off. I have seen first hand the skill of these youngsters. They have access to everything and left a phony trail. They were/are familiar with the the backbone of the system, the server structures, etc. Maybe an IT aid, maybe working all night in the computer lab… lots of access… surrounded by others to help conceal their activity. The investigation is a farce. The perpetrator is probably some student who’s family is a big donor or other potentate, thus this investigation is not going anywhere.

    Men mumble, money talks.

  66. Crispin in Waterloo says:

    @blackswhitewash.com

    >So cru backup server had 5 terrabytes of data on it. Wonder how much FOIA is sitting on….

    According to the police, a great deal. The large remaining file may be compressed. If the raw data is tables and numbers to may be many times larger than the pwd-locked file that is already in many hands around the world.

    Although fingers were pointing outwards, it could easily have been a UK-based intelligence group within government wanting to know for strategic reasons just how far they were being led down the garden path by the CRU outputs. They could easily cover their tracks. The strategic intelligence community is far more interested in the truth than the fluff and puff of the populist political agendas that feeds CAGW.

    Further, there is no reason for the oil companies and China to stop a gravy train that drives energy prices higher and pays offset money. Demonic Big Oil was always a red herring.

  67. Disbeliever says:

    Hasn’t the encrypted data already been “released” by FOIA? We just don’t have the code to decipher it. So once the statute of limitations runs out on the “theft” of the data no further action, criminal or otherwise, is required by FOIA to make the rest of the e-mails public. All that has to happen is someone “stumble” across the key at the appropriate time. Kind of a double shield. Seems very well thought out and I’d guess significant involvement from an insider. Furthermore I’d speculate that it was probably someone involved in the process of denying the legitimate FOIA requests. Thus their next level of protection. Very hard to come down on an employee (intern, grad student or tenured professor) if you have already conspired with them to pervert or break the law.

    Can you the defense attorney- “Why did you feel it was necessary to copy the data?” FOIA: “When Mr. X told me to hide/destroy the data I [knew] it was illegal and I didn’t want to go to jail for that but I didn’t want to lose my job either so I made a copy to protect myself…” Atty:”Why did you release it?” FOIA:”I didn’t mean to – I think someone may have stolen it from me…” That trial just ain’t happening.

    On the other hand If it was a just a hacker in China, Russia or Nigeria they wouldn’t be so worried about prosecution as to go to all these lengths.

  68. Regarding the Norfolk Police comments about their interviews of outsiders, I was among those whom they interviewed. My offense was to ask, in my capacity as editor of “The Citizen Scientist,” if the released e-mails were indeed authentic. (We did not want to publish any excerpts if they were not verifiable.) Subsequently I devoted several pages to Climategate in “Hawaii’s Mauna Loa Observatory: Fifty Years of Monitoring the Atmosphere” (University of Hawaii Press, 2012). My editors were very interested in including this material and even left post-deadline space. The Climategate section included several post-deadline lines about the police interview: “Multiple investigations were announced, and one of the first was aimed at determining who leaked the e-mails. This criminal inquiry was led by the Norfolk Constabulary with assistance from various UK agencies, including the National Domestic Extremism Unit. The author was surprised to learn that his name had been added to the list of those the police wished to interrogate. In a February 2010 e-mail that requested an interview, Norfolk police officer David Irwin explained that he wanted to discuss my request for information from the University of East Anglia regarding the improperly released e-mails. During a subsequent 20-minute interview, Officer Irwin seemed satisfied by the explanation that the information, which the university never provided, would be helpful for various writings about the affair (including this book). The police had not announced the results of their investigation when the book was being finalized in spring 2011.” (Page 394.)

  69. TomRude says:

    Assimilating FOI and the Climategate attacks is unadulterated propaganda.

  70. David Ross says:

    It is interesting to compare the media’s prevailing attitude to Climategate vs. that towards Wikileaks. I used to think Wikileaks was a noble endeavour and I gave credence to theories that the rape charges against Julian Assange were nothing but a smear, until I saw the BBC’s Panorama documentary on him (they sometimes get it right).

    David Leigh is executive editor of the Guardian (a hard left organ and one of only three media outlets chosen by Assange to receive Wikileaks files). According to Leigh, when the Guardian staff expressed concern about releasing files on Afghanistan without redacting the names of informants who had helped the U.S. (i.e. informed on the Taliban or Al-Qaeda), Assange (an informant himself) said:

    “If they get killed, they deserve it, because they’re informants and therefore they deserve to die”

    You can watch the video here

    Relevant part at 12:47

    Julian Assange is a contemptible [snip] who deserves to rot in prison.

  71. Reg Nelson says:

    If it was someone within the UEA – CRU, it would make sense for them to access and copy the data remotely during off-hours for two reasons: 1) You can’t copy 5TB’s of data to a flash drive and slip it in your pocket. 2) You can’t spend hours upon hours during the work day going through the data without the risk of someone noticing what you are doing. The fact there was an external hack doesn’t necessarily point to some outside party doing this.

  72. davidmhoffer says:

    Pointman’s article (link upthread) is bang on. I’d recommend that those asking questions read that first. This is a tremendously complex discussion, and one has to have at least a broad understanding of that complexity for the answers to even simple questions to be relevant.

    I’d add these comments to Pointman’s excellent article. When asked why he robbed banks, Jesse James supposedly replied “because that’s where the money is”. A hacker attacking technical infrastructures at random is akin to a thief breaking into every building in town with no idea of what it is he wants to steal. Sort of “let’s break into all of them and see if any of them have anything interesting in them.” Jesse James had a specific thing he wanted (money) and built a profile of a specific building he could attack in any given town that was virtually gauranteed to have what he was after (bank).

    In this case, the notion that an outside hacker randomly chose CRU as a target and stumbled upon a treasure load of climate emails is silly. Read Pointman’s article. This would be the equivelant of a common thief checking the back door of every building he came across to see if it was unlocked, and winding up inside Fort Knox. Possible. Highly unlikely.

    For this kind of a break in to occur, there must first be motivation. Since the data in question had no direct financial value, we can rule out a modern Jesse James. Someone had to know that the embarrasing emails existed to spend the time and effort to obtain them. It matters not if they obtained them by brazenly walking up to the server and copying all the data in broad daylight, or if they did so by a sophisticated security attack initiated from outside the organization.

    We still have to logically surmise that there was someone who knew the information existed which implies an insider.

  73. Jeremy says:

    “Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view. Therefore, we were realistic about the prospect of them being helpful to our investigation.”

    This statement clearly implies that the ‘climate skeptic community” are unethical. This statement is completely false and unsupported. The “climate skeptic community” may be no angels but they are, on the whole, far more ethical than CAGW hoaxers.

  74. George E. Smith; says:

    Well it seemed like at the bottom of all that gobbledegook is the conclusion that they have no idea who did it. An obvious corollary is that they have no idea whether it was inside or outside. It would appear that not every person inside CRUhas access to ALL of the password levels of passwords. Ergo, evidence of password cracking attempts is also not evidence of an outside hack. Clearly ANYONE who is knowledgeable of ANY of the passwords, is in a much better position to pursue other passwords. For example, I would not have the foggiest idea what even the general nature of any of their passwords might be. I barely can keep track of the passwords, I use just for my e-mail, and even my simplest password, has far more characters than the total number of passwords, I have in use.

    I am pleasantly surprised by the degree to which the police appear to have pursued this . I certainly wouldn’t call them laggards.

  75. Kaboom says:

    @Reg Nelson
    You also can’t siphon 5 TB of data of a system specifically set aside to only generate internal traffic (the vast majority to, not from it) through the external connection without raising flags. Someone spent considerable time on an open connection examining what was on that box and then took what was useful for their purpose. Or they knew to the point what was and got in and out quickly.

  76. Disbeliever says:

    “Jeremy says:
    July 20, 2012 at 10:33 am

    “Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view. Therefore, we were realistic about the prospect of them being helpful to our investigation.”

    This statement clearly implies that the ‘climate skeptic community” are unethical. This statement is completely false and unsupported. The “climate skeptic community” may be no angels but they are, on the whole, far more ethical than CAGW hoaxers.

    I think they probably interviewed more than one person who told them the e-mails couldn’t have been stolen because they were already public property. And furthermore they should be investigating CRU because no hacking would have occurred if CRU hadn’t broken the law in the first place. Being “Realistic” means recognizing that a person who feels you are investigating the wrong crime is not likely to be helpful.

  77. davidmhoffer says:

    George E. Smith; says:
    July 20, 2012 at 10:57 am
    Well it seemed like at the bottom of all that gobbledegook is the conclusion that they have no idea who did it. An obvious corollary is that they have no idea whether it was inside or outside.
    >>>>>>>>>>>>>>>>

    I’d agree with that. Logic says that there were one or more insiders involved, it would be highly improbable that this could have happened otherwise. On the other hand, the investigation seems to have been thorough, they know quite a lot about the “how” though not the “who” but their conclusion that the evidence does not point to anyone inside is, technically, 100% accurate.

  78. more soylent green! says:

    Things just don’t really add up here. The answers to these questions imply that the police asked the folks at CRU “who would want to do this” and then simply followed that line of reasoning without investigating much further.

    But as to the multiple proxy assertion, I can only assume they have actual evidence of that, as well as actual evidence that the backup server wasn’t physically accessed, presumably meaning, nobody with a key to the server room logged onto the console and started browsing through huge quantities of data.

    So unless there was an insider, how did some hacker go through all that data and compile it for easy access? Did they create a bot or other virus to do the work? Use Google search?

  79. rogerknights says:

    Disbeliever says:
    July 20, 2012 at 8:10 am
    Furthermore I’d speculate that it was probably someone involved in the process of denying the legitimate FOIA requests.

    We STILL don’t know if CRU had prepared a collection of e-mails to respond to a foia request. Curious the police didn’t mention if this had been done. Someone should ask them and/or CRU.

  80. Alan Watt, Climate Denialist Level 7 says:

    davidmhoffer says:
    July 20, 2012 at 10:14 am

    I’d add these comments to Pointman’s excellent article. When asked why he robbed banks, Jesse James supposedly replied “because that’s where the money is”.

    Jesse James robbed trains. The quote is commonly attributed to John Dillinger, who robbed plenty of banks.

  81. Crispin in Waterloo says:

    It is more important that they do not create a talking, walking hero than to reveal which insider cooperated and punish them. Who would want it revealed that the grants were misspent, data faked, FOIA laws flouted and security haphazard?

    Is this how the UEA ‘does climate’?

    http://arstechnica.com/science/2012/07/epic-fraud-how-to-succeed-in-science-without-doing-any/

    And when your favourite pet theory unravels, what would happen in real life (not Climate life)?

    http://arstechnica.com/science/2011/11/how-the-collapse-of-a-scientific-hypothesis-led-to-a-lawsuit-and-arrest/2/

    Better to keep the kid gloves handy. Move along…nothing to see here…

  82. Gail Combs says:

    Kaboom says:
    July 20, 2012 at 4:45 am

    Let’s play devil’s advocate for a minute…

    The real sticky point, imho, is the interest in the particular data obtained, the idea that it might (still) be there and accessible and the care with which it has been released so far. Those things give credence to the idea that someone on the inside at least pointed out the target and may have paved the way to extracting it…
    _____________________________
    If the cops are correct the extracting may have been made by an outside expert who was connected to a student close to CRU.

    Given Phil Jones irritation about the FOI requests, I would not be surprised if he was shooting his mouth off about methods of ducking the FOI (think out loud) in the hearing of grad students and other staff.

    Grad students party, they have best buddies/significant others from other majors and above all else they are often idealistic. This ducking of FOI coupled with the grad student’s knowledge of the shoddy methods used (Harry Readme) could have easily been the topic of conversation and passed on to others including a computer type who got curious. The computer type did a bit of hacking to see if there was anything in the gossip. That person hit pay dirt and with Copenhagen coming up dug up as much dirt as possible.

    If I recall the first release was to newspapers (Guardian?) and when that failed the information was released to the Bloggers. This again seems to indicate a younger person who still thought journalists and newspapers are honest and not propaganda outlets.

    There are some very brilliant kids out there. I know of a twenty year old with just a high school education who routinely hacked into a military computer as a hobby. (He also informed his commanding officer of the breaches so they could fix the weaknesses.)

  83. Reg Nelson says:

    Gail Combs says:

    “Given Phil Jones irritation about the FOI requests, I would not be surprised if he was shooting his mouth off about methods of ducking the FOI (think out loud) in the hearing of grad students and other staff.”

    It could have been more than one person involved. Perhaps one of them was a low level system admin that got tired of Jones berating him because his (Jones’) Excel program wasn’t working right — it kept showing cooling instead of warming.

  84. mfo says:

    My money’s on the FSB acting in conjunction with one or more insiders. Anybody at UEA bought a surprisingly expensive car lately? The Russian’s are not happy with the way their data was used by the CRU.

    http://www.independent.co.uk/news/world/europe/was-russian-secret-service-behind-leak-of-climatechange-emails-1835502.html
    “The leaked emails, which claimed to provide evidence that the unit’s head, Professor Phil Jones, colluded with colleagues to manipulate data and hide “unhelpful” research from critics of climate change science, were originally posted on a server in the Siberian city of Tomsk, at a firm called Tomcity, an internet security business.”

    As Andrei Illarionov said in 2009-
    “IEA analysts point out that Russian meteorological stations cover most of the country’s territory, while the HadCRUT used data from only 25% of such stations in their calculations. Over 40% of Russian territory was not included in their global temperature calculations even though there was no lack of meteorological stations and observations. The data of stations located in areas not listed in the HadCRUT survey often shows slight cooling or no substantial warming in the second part of the 20th century and the early 21st century.” (cherry picking)
    http://www.cato-at-liberty.org/new-study-hadley-center-and-cru-apparently-cherry-picked-russias-climate-data/

    http://foia2011.org/index.php?id=623
    “A political hurricane blew through an international scientific meeting on
    climate change held in Moscow last week, sparking a major row between top
    advisers to the British and Russian governments. U.K. scientists complained
    that the meeting had been “hijacked” by opponents of the Kyoto Protocol,
    while Russian officials accused the British delegation, led by Chief
    Scientific Adviser David King, of trying to suppress dissenting views.

    War cry. Russia’s Andrey Illarionov says Kyoto would trigger “undeclared
    war.”

    Just a guess.

  85. Pointman says:

    It was actually Willie Sutton. Over a career of 40 years, being chased all over the US by the FBI, they think he stole about 2 million dollars A rather innocent agent, after his arrest, asked him why he only ever robbed banks. He looked at him and replied “That’s where the money is.” Doh! Folklore now.

    Pointman.

  86. Pointman says:

    He’s sorta one of my guilty heroes. Never hurt anyone but a great thief …

    Pointman

  87. John Whitman says:

    CONCLUSION:    Based on the Norfolk Constabulary’s Operation Cabin media briefing held on Thursday 19 July 2012, to me it is reasonable to conclude that neither the possibility of UEA/CRU insider involvement nor the the possibility of multiple perpetrators are excluded from either the CG1 or the CG2 unauthorized releases of the UEA/CRU information.  

    Nothing specific wrt concrete detailed facts has been released by the Norfolk Constabulary’s briefing in support of their briefing statements.  Until such info is released to the public there is room for a lot of reasonable doubt about their investigation.

    John

  88. Kev-in-Uk says:

    “”Of course, the climate sceptic community would, in the main, give the appearance of welcoming the published data because it supports their view…..””
    It’s quite strange that the police would consider that the data should support the sceptic view!! Surely, the data should only support the CAGW view? Do they know something we don’t?

  89. Crispin in Waterloo says:

    @Alan and Others

    “Jesse James robbed trains. The quote is commonly attributed to John Dillinger, who robbed plenty of banks.

    Actually it was said by one of the Newton brothers who dynamited so many banks in the 1920’s using nitroglycerine. Their story was featured in a movie The Newton Boys.

    http://en.wikipedia.org/wiki/Newton_Gang
    “According to Willis Newton, the brothers “took in more money than the Dalton Gang, Butch Cassidy’s Wild Bunch and the James-Younger Gang “

  90. davidmhoffer says:

    OK, OK, OK!
    I got the source of the quote wrong…. prompting a correction and a correction of the correction and another correction….I think that’s what happened, correct me if I am incorrect.

  91. Tony Mach says:

    Additionally, there was some evidence of work undertaken to break passwords.

    What was that evidence? Did they use exploits. If yes, which ones? Or did they brute-force? Usually, after an hack this kind of information is released to inform other admins what went wrong (so everybody can take measures to protect their infrastructure). For example, you get all kind of information what exploits were used by Stuxnet/Flame/etc. (if you want to look the video up, people from Microsoft talk extensively about their findings on Stuxent at the 27C3 conference, it’s really comprehensive), but we are not meant to know what this mindermast did?

  92. Lightrain says:

    So when does, or why hasn’t Mr. FOIA retrieved the U.V. Mann emails? They’ve been written, created and protected using our taxes.

  93. davidmhoffer says:

    Tony Mach says:
    July 20, 2012 at 11:32 pm
    Additionally, there was some evidence of work undertaken to break passwords.
    What was that evidence? Did they use exploits. If yes, which ones? Or did they brute-force? Usually, after an hack this kind of information is released to inform other admins what went wrong
    >>>>>>>>>>>>>>>>>

    Yes, true, but as a matter of security policy, once would want to keep those details confidential. Making them public would provide anyone and everyone with an interest in hacking the organization again the nature of the security tools now in place for perimeter defense. No sense handing the hacker community a map of your defense systems.

  94. davidmhoffer says:

    Lightrain says:
    July 20, 2012 at 11:49 pm
    So when does, or why hasn’t Mr. FOIA retrieved the U.V. Mann emails?
    >>>>>>>>>>>>>>>

    Interesting point. One would think that if this was exclusively a sophisticated hack, the geniuses behind it would have been able to go after at least one other target out of the dozens available. Inside all those emails is the information required to know exactly who was corresponding with who, at what institutions and organizations around the world. Not a single second breach?

    Circumstancial evidence of course, but IMHO, further evidence to support the notion that one or more insiders were involved.

  95. Crispin in Waterloo says:

    @davidmhoffer

    Don’t worry about the quote! You inspired us to think and share in a friendly and exploring environment. That is all part of creating a Good Day.

    Thanks

    ++++

    “So when does, or why hasn’t Mr. FOIA retrieved the U.V. Mann emails?”

    Perhaps because they are already contained in the gated file already sealed and released. No need. If FOIA is caught secretly, he may be pressured into trading silence and no-release of the pwd for immunity but if I were the IPCC I wouldn’t bank on it. Better to start doing real science than take a chance that the whole sorry saga will be opened to scrutiny. CG3 will probably be a release of the ‘first level’ of the large file, maybe containing a sequentially locked series of chapters. It does not all have to be released at once.

    Does anyone doubt that there is much more to tell about the organisers and funders of this massive fraud? Clearly the climate noise is in service of a larger agenda – perhaps even a beneficial one (who knows?) Can’t pre-judge.

  96. Pointman says:

    @Crispin.

    Agreed, CG2 is probably a cluster bomb with several passwords, which can release CG3, CG4 etc.

    http://thepointman.wordpress.com/2011/11/24/some-thoughts-and-some-questions-about-the-climategate-2-0-release/

    I don’t think CG2 contains anything from UV, because I still think FOIA is a leaker, rather than a hacker. I’ll stick my reasons for saying so on the next blog.

    Pointman

  97. Alan Watt, CD (Certified Denialist), Level 7 says:

    Crispin in Waterloo says:
    July 20, 2012 at 7:04 pm

    Crispin in Waterloo says:
    July 20, 2012 at 7:04 pm

    “Jesse James robbed trains. The quote is commonly attributed to John Dillinger, who robbed plenty of banks.

    Actually it was said by one of the Newton brothers who dynamited so many banks in the 1920′s using nitroglycerine. Their story was featured in a movie The Newton Boys.

    http://en.wikipedia.org/wiki/Newton_Gang
    “According to Willis Newton, the brothers “took in more money than the Dalton Gang, Butch Cassidy’s Wild Bunch and the James-Younger Gang “

    Completely and uselessly OT, but I think we all got it wrong. DavidMHoffer mis-remembered it being said by Jesse James. I knew that was wrong because as I said James robbed trains not banks. I mis-remembered it being attributed to John Dillinger, who certainly did rob banks.

    If the question is “to whom is this quote commonly attributed?”, the answer is certainly Willie Sutton, who also robbed plenty of banks but apparently without the same prediliction for violence as Dillinger. The attribution is repeated by the FBI, see their write-up here .

    However if the question is “who actually said it”, the correct answer at this point is I don’t think anyone knows. According to Snopes , Sutton denied ever saying that. Since the Newton gang was operating earlier than Sutton, it’s possible one of them did say something like that which was later mis-attributed to Sutton. But it’s equally likely the quote was made up by a reporter, as suggested by Sutton himself in his autobiography published in 1976 following his 1969 release from Attica. Snopes notes the first print appearance of this quote is March 1952, at which point Willie was awaiting trial after his final capture in February of that year and probably very much in the news. The speculation that some writer/reporter with a flair for color just made it up seems quite reasonable in the circumstances.

    Crispin’s refernce to the Newton brothers may come from a report of the movie dialog here.

    Look how hard it is to just establish who actually said some well-known phrase — and people think Climate Science is settled?

    Now who said “It’s not what you don’t know that gets you; it’s what you know that just isn’t true”?

  98. Smokey says:

    Will Rogers?

  99. Alan Watt, CD (Certified Denialist), Level 7 says:

    Now who said “It’s not what you don’t know that gets you; it’s what you know that just isn’t true”?

    Smokey says:
    July 22, 2012 at 12:25 pm

    Will Rogers

    There is probably a name for this disease (obsessive chasing of irrelevant quote attributions), but the vast majority of references I find on this one are to Mark Twain:

    It aint what you don’t know that gets you in trouble. It’s what you know for sure that just aint so.

    Will Rogers would quite likely have said something very similiar if Twain hadn’t said it first.

  100. Smokey says:

    Alan Watt,

    It’s not a ‘disease’. It was just an incorrect answer.

    Here is a broader quiz to test one’s general knowledge of America.

    [ My score: "You answered 32 out of 33 correctly — 96.97 %" ]

    Unfortunately, Civics is a lost subject that is no longer taught in Government schools. This is the result.

  101. woodNfish says:

    “jorgekafkazar says: July 19, 2012 at 11:30 pm
    People persist in assuming that the police are stupid in this case.”

    I not only assume they are stupid, but corrupt as well. They have given the crooks a pass by ignoring the real crimes.

  102. Brian H says:

    Smokey says:
    July 22, 2012 at 1:54 pm

    Alan Watt,

    It’s not a ‘disease’. It was just an incorrect answer.

    Here is a broader quiz to test one’s general knowledge of America.

    [ My score: "You answered 32 out of 33 correctly — 96.97 %" ]

    Unfortunately, Civics is a lost subject that is no longer taught in Government schools. This is the result.

    Smokey;

    Quiz Information

    Full Civic Literacy Exam (from our 2008 survey)

    Are you more knowledgeable than the average citizen? The average score for all 2,508 Americans taking the following test was 49%; college educators scored 55%. Can you do better? Questions were drawn from past ISI surveys, as well as other nationally recognized exams.

    Results

    You answered 33 out of 33 correctly — 100.00 %

    And I’m a Canadian.

  103. Brian H says:

    P.S.
    Their table of surver results is depressing. http://www.americancivicliteracy.org/2008/additional_finding.html
    On 29 of the 33 questions, random citizens scored better than elected politicians.

  104. Brian H says:

    typo: survey, not ‘server’.

  105. Entropic man says:

    Follow the money. Who benefitted from the hack?Who coordinated the release of the e-mails for maximum influence on the Copenhagen conference? Who benefitted financially from the outcome?

  106. Tucci78 says:

    At 9:26 AM on 24 July, Entropic man had posted in response to this thread:

    Follow the money. Who benefitted from the hack?Who coordinated the release of the e-mails for maximum influence on the Copenhagen conference? Who benefitted financially from the outcome?

    For a “Who” numbering in the vicinity of 7.028 billion – as in those who have “benefitted from the hack” which so precipitously overturned the warmista pork barrel on 17 November 2009 – that surely doesn’t do much to narrow things down, does it?

    Might as well ask “Who” are among the approximately two million people annually benefiting from the defensive use of handguns and other firearms in these United States, this also being a bit of information conscientiously not headlined in the leftie-luser lamestream media.

  107. woodNfish says:

    Tucci78 says: July 25, 2012 at 5:11 am “overturned the warmista pork barrel”

    That pork barrel has not been overturned at all, Tucci78. If you think it has then how do you explain the continuing grants, Solyndra and all the other “green energy” scams that our crimiinal government is putting our money into, California cap & trade, etc. Nothing has slowed down and it won’t until the senate and the white house change parties, and even then it won’t last long because many republicans and Romney are rinos, and they are so stupid they believe the AGW BS.

Comments are closed.