Bishop Hill has the press release from from Norfolk Constabulary (H/T Leo H)
Norfolk Constabulary has made the decision to formally close its investigation into the hacking of online data from the Climate Research Centre (CRU) at the University of East Anglia (UEA) in Norwich.
The decision follows a comprehensive investigation by the force’s Major Investigation Team, supported by a number of national specialist services, and is informed by a statutory deadline on criminal proceedings.
While no criminal proceedings will be instigated, the investigation has concluded that the data breach was the result of a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.
Senior Investigating Officer, Detective Chief Superintendant Julian Gregory, said: “Despite detailed and comprehensive enquiries, supported by experts in this field, the complex nature of this investigation means that we do not have a realistic prospect of identifying the offender or offenders and launching criminal proceedings within the time constraints imposed by law.
“The international dimension of investigating the World Wide Web especially has proved extremely challenging.
“However, as a result of our enquiries, we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet. The offenders used methods common in unlawful internet activity to obstruct enquiries.
“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”
The security breach was reported to Norfolk Constabulary on 20 November 2009, following publication of CRU data on the internet from 17 November onwards.
An investigation was launched by the joint Norfolk and Suffolk Major Investigation Team, led by Det Chief Supt Gregory, with some support from the The Met’s Counter Terrorism Command, the National Domestic Extremism Team and the Police Central e-crime Unit, along with consultants in online security and investigation.
The investigation, code-named Operation Cabin, focused on unauthorised access to computer material, an offence under the Computer Misuse Act 1990, which has a three year limit on proceedings from the commission of the original offence. It has been concluded by Norfolk Constabulary, in consultation with The Met, that due to outstanding enquiries this is now an unrealistic prospect.
Norfolk Assistant Chief Constable Charlie Hall, Protective Services lead, said: “Online crime is a global issue. While law enforcement agencies continue to develop our response to emerging threats, it falls upon individuals and organisations to be alert to this and and take steps to mitigate risk as far as is practicable.”
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
What a complete waste of public money this investigation was. It has been obvious from the very start that the emails were leaked from the inside but that was too embarrassing a scenario for the powers that be to contemplate so we had to have this farce of a police investigation. Even though this is Norfolk Police we are talking about I don’t believe that they are completely incompetent. As others have said nobody confessed but, also as others have said if they had any half decent IT experts working for them they must know where the leak came from – but they aren’t saying.
Cops impotent?
Limp and drooping like the global warming of the past decade or so?
>>
I trust that when UEA receive their server back, they do not promptly “wipe it”.
I reckon an FOI for all emails contained on this server is in order and quickly.
>>
That would probably be a criminal act. Deleteing or destroying information that is subject ot possible FIOA requests.
Since this information has already been the subject of such a request and the only reason that ICO tribunal allowed the non release was that UEA did not “possess” the said information, there is no question that the material is subject to such a request.
In view of the change of circumstances, a new request would probably be in order and a complaint should be registered within the three month limition period, in the (unlikely?) event that UEA should prevaricate or refuse.
dfbaskwill says:
July 18, 2012 at 10:53 am
“Bring on Climategate 3.”
I think it is a safe bet that something is coming soon. I’ll bet whoever is behind it is waiting for something profound to be put out by the Hockey Team or its supporters.
___________________________________
The US elections are in November 2012 and the Australian Election in 2013. Working Group Reports of the IPCC Fifth Assessment Report (AR5) are to be published between 2013 and 2014.
So there are lots of dates to choose from but a dribble in the fall of this year seems likely with more in the fall next year.
Maybe the police report is somewhat correct; there was no crime, it was a whistle-blower. Will the reward be 10% and where does it come from? Will there be racketeering and fraud charges eventually filed against the perpetrators of funding and scientific fraud? Will assets be seized? Will multiple charges be filed against the players or will it be consolidated into one ongoing racketeering charge for each? Will convictions and incarceration terms run concurrently or consecutively? Will they just keep playing the victim card? Will they just keep playing the appeal of authority card?
Am I just dreaming? 😉
Inside, outside … who knowns. I wouldn’t jump to conclusions. Nobody is safe against a competent hacker. Absolutely nobody. Regarding the quality of police investigations, I had a bit of experience. I asked the UK police to investigate the theft of my laptop. I thought it would be a piece of cake because it showed up online just 20 minutes after it had been stolen and kept reporting its address through DynDNS. It continued to do so for three years, after which time I needed that name and claimed it for another machine. But I gave up waiting for the police to help much earlier. It took them eight months to obtain the disclosure paperwork for the first few addresses I gave them, and sure enough, by then the traces went cold.
I even talked to the members of the internet crime unit in London about it, and they confirmed it should have been a piece of cake, but told me they would be helpless in that case because the town where my laptop was stolen was outside their jurisdiction.
So it seems like hackers are safe attacking targets in the UK; outside London for sure. Not that I ever wanted the Climategate hacker to get caught, but I suspect it was a futile endeavour from the start.
“sophisticated and carefully orchestrated” = “file, send”
Billy Liar says:
July 18, 2012 at 2:08 pm
Read the Computer Misuse Act 1990 S11(3).
Hmm, interesting. I suppose it would depend if there could be another type of crime considered (I won’t give them ideas). I still wouldn’t advertise myself once the deadline is up if I was FOIA. Especially as they keep trying to make scepticism a crime against humanity. The police might be fed up with it but certain people must still want revenge and they’d be backed all the way by organisations like GreenPeace or the Guardian.
It really is time for Climategate 3 because the Norfolk Police will be far too busy with their cattle rustling, swede stealing and other far more important pursuits. 😉 Time to shine a light.
The village postman knows the truth. Local accent is charming.
In a few decades, Deep Throat’s identity will be revealed.
That conclusion is quite simply beyond belief.
And such a conclusion comes in at a convenient time when the government has just finished its ‘Summer seminars’ on the forthcoming Communications Bill – which – from the seminar I attended and stuck my oar in, made clear that further screwing with the internet here in Old Blighty is most definitely in the frame and regulation of bloggers is *still* being considered.
I’ll be putting an FOI request in tomorrow.
On the good news front however, I can’t recommend to my fellow Brits enough that you go see the ‘Yes Prime Minister’ theatre show now on. I think it just created dozens of climate sceptics in the show I just attended and bodes very well indeed for the forthcoming new series. Methinks we have a couple of new allies on the sceptic side in the form of satirical writers Antony Jay and Jonathan Lynn……
What my brain says:
FOIA = A member of the house of lords or parliament – or an assistant/associate thereof providing the skills necessary to hide the obvious under direction.
When the police figured this out – and realized the whole thing was a political maneuver to counteract the blatant scam AGW is, they backed off really quick.
The bobbies, constables, investigators, solicitors, etc., appreciate being able to punch the clock, go home, eat a nice dinner and sleep in peace.
FOIA will release another batch – knowing full well that while the police can do a duck once – they can’t do it twice because a member of the house of lords or parliament that is pro-AGW will foolishly press for direct action.
Only then will it really play out – and heads roll.
However the heads that roll will not be the heads of politicians, but those of scientists – rightfully or wrongfully. Even when a political showdown becomes a farce that falls apart – a head always rolls and more often than not – it’s that of someone a step below that of the politicians in question.
=8-)
Off to the Olympics now…
noaaprogrammer says:
“In a few decades, Deep Throat’s identity will be revealed.”
Steven Mosher says he knows who it is.
REPLY: Mosher has a speculation as to who it is, not an established fact. My speculation is that the person is familiar enough with UEA’s system they fooled the cops into thinking it was an outside job…which given their plodding, probably wasn’t that hard to do. Remember, the security at UEA/CRU was dismal, and they were so dumb that they thought they were chasing a “mole” (a fun character setup by McIntyre and myself in blog postings) when in fact the “secret file” was out in the open on a public FTP server. – Anthony
Mosher knows??
Maybe after Nov. 17 he can tell us…. just whisper it to us here at WUWT…..
A much simpler and less complicated scenario would be someone with inside access. No fancy super “7337” skills really needed. A little more complicated would be lifting the data off if a cloned drive that was in for repair.
Did someone mention Occam’s razor? No? Never mind.
Yeah.. go ahead and keep thinking that.
SanityP said (July 18, 2012 at 9:45 am)
“…It’s a twap I tell you ! They don’t really know anything, granted, they are just hoping, waiting for that pending release of the password for that last stack of damning emails…”
And, since they’ve dragged their feet so long (allowing the statute of limitations to run out), the “hacker” is now free to release the remainder of the emails. Expect the final release sometime after the 17th of November.
TinyCO2 said (July 18, 2012 at 12:20 pm)
“…Sadly for our information liberator there is no statute of limitations in the UK…”
Well, according to the original post “…The investigation, code-named Operation Cabin, focused on unauthorised access to computer material, an offence under the Computer Misuse Act 1990, which has a three year limit on proceedings from the commission of the original offence…”
So, there does appear to be a statute of limitations in the UK for this offence.
Once the statute of limitations has run its course there’s nothing really that would keep the whistleblower from releasing the password .. I wonder if some folks are profusely sweating already.
The police are on a hiding to nothing here, I fear, and they had to drop this hot potato as quickly as they could.
I don’t doubt that they’ve asked the ‘correct’ questions, got the answers they’ve got and were unable to push harder as they may have been tipped the wink not to press too hard. National interest stuff old chap if you know what I mean; straight out of Yes Minister.
Let’s not underestimate the Plod. They’re nobodies fools and I wouldn’t like to cross a senior officer who has been pressuried into being a patsy especially given the comparitively young age that many retire from the force.
I find it interesting that this case has been publically closed with some months still free to fall within the three-year rule or whatever actual time applies!
Case closed, equipment needed for examination now available for return to ‘injured’ party; potato safely back in UEA’s hands.
Will they now be able to re-use that old chestnut; ‘The dog has eaten my homework, again!’
Nice one officer!
Pat Frank says:
July 18, 2012 at 9:49 am
“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”
This is the only positive statement in the whole release. They could find no evidence for an inside source. That could merely mean no one at UEA admitted it, and they could find no traces of unauthorized access at UEA. That allows them to absolve UEA staff.
And as the only positive statement – it is demonstrably false.
The climategate emails are not a simple mail server dump. They are a selection of that appear to match the FOIA requests that CRU repeatedly refused to comply with. The mail server at CRU would have been full of emails of all sorts. But the Climategate emails were a careful selection all very apposite. Anyone that has worked with these kind of servers knows the huge amount of work involved parsing your way through a mail server, looking for those emails that are on or related to the subject and discarding those not wanted. I didn’t see any routine emails in the Climategate dump – no spam, no university business etc. But there would have been a huge amount of non-climate emails. The work-factor for an intruder even an APT would have been considerable.
“However, as a result of our enquiries, we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet. The offenders used methods common in unlawful internet activity to obstruct enquiries.”
It is quite rare to find a sophisticated hacker with a specific interest in climate science. This ‘rare beast would also have to know that there were incriminating emails to actually find on an unencrypted mail server. Then after downloading a HUGE mail file which would take time on its own. Then work for a long time searching for the appropriate ‘incriminating emails with a knowledge of whose emails were important and whose weren’t sometimes due to throwaway lines in the emails, and discarding the dross routine emails which would be the majority..
And the payback? No attempt appears to have been made to make money out of the emails. They were sent to various news outlets (showing a trusting faith in the investigative journalists who only deal with cut and pastes frrom AP and Reuters). Then the sorted Climategate dump was left on a Russian server with messages to appropriate blogs such as Tallblokes Talkshop.
This was not the work of a hacker this was the work of someone with continual access to CRU and a subject matter expert in the climate business, its wrinkles and the people involved both local and international. It could even have been someone who had been tasked with answering the FOIA and then after doing all the work was told to scrap it as we are not going to answer it. It is stretching credulity too much to accept that this was a ‘simple’ outside hack by a blackhat ‘denier’.
The police in the UK are being forced by the government to make savings of £2.4bn by 2015. This means a loss of 34,400 police jobs, including civilian staff, by 2015. Of these 15,000 police officers are to lose their jobs about half of whom do non-frontline work (computers for example). In addition 179 police stations are to close and of those remaining,1 in 5 will lose their front counters.
Simon Reed, Vice Chairman of the Police Federation of England and Wales wrote, “Presumably, the public still want a police officer to turn up when they phone in, has David Cameron, Theresa May forgotten to tell them that this might no longer be the case? It simply will not be possible to provide the same level of service to the communities we serve as the cuts and reforms take hold of the 43 forces throughout England and Wales.”
http://www.norfolk.polfed.org/index.php?option=com_content&view=article&id=370:the-true-meaning-of-independence-has-been-lost&catid=2:news&Itemid=43
Norfolk police will lose 162 officers and 375 civilian staff to achieve budget cuts over three years of £24 million. Norfolk officers were amongst 20,000 police officers who demonstrated in London on May 10 against the government’s policies.
To me a key statement from the Norfolk Constabulary is the concluding one:
“While law enforcement agencies continue to develop our response to emerging threats, it falls upon individuals and organisations to be alert to this and and take steps to mitigate risk as far as is practicable.”
In other words the UEA/CRU should have had better security which might have prevented the loss of emails in the first place in which case the Norfolk police wouldn’t have been made to look silly and had to waste their time on the digital blatherings of a bunch of academics.
Methinks I smell a rat…..
The police say they were competent enough to determine it was a sophisticated hack. But they say they can’t trace it down to an origin? My goodness, how many people in silicon valley could trace it to an origin. Pulease! If they can’t trace it then they don’t know what they’re doing in the first place. So saying it was sophisticated is euphemistic for “hey, we’re totally lost, it’s over our heads, we weren’t trained for this. Besides, it’s just not important enough to expend resources on solving it”.
What’s the rat I smell? Maybe political paradigms make one not want to press the issue for fear real details would come out that would puncture the good ship global warming. But maybe I go to far with that.
Kaboom says:
July 18, 2012 at 4:56 pm
Once the statute of limitations has run its course there’s nothing really that would keep the whistleblower from releasing the password .. I wonder if some folks are profusely sweating already.
Yummmmm, that would make Thanksgiving Dinner taste even better this year. 🙂
Why do some people here apparently suspect the Norfolk police being in support of a particular narrative – in effect part of a coverup? While I can see the possibility of incompetence, a deliberate attempt to hew to a storyline seems rather improbable to me.
To me it sounds like they couldn’t find s___t. The reference to an outside hack would still hold true even if the person responsible worked there or was familiar with the system.
All this changes is the sideshow argument regarding Climategate and Glieckgate comparisons. It does nothing with regard to the content of the emails and what they reveal.
Ian w.
“The climategate emails are not a simple mail server dump. They are a selection of that appear to match the FOIA requests that CRU repeatedly refused to comply with.”
they are not a human made selection.
They are not mails selected in response to FOIA.
1. There are too many housekeeping mails.
2. they cover topics far outside FOIA.
3. In addition to emails there are other files utterly unrelated to FOIA.
You are falling for the letter that the “hacker” released.
That letter is a false trail. a misdirection.
who wants to misdirect the blame.