Bishop Hill has the press release from from Norfolk Constabulary (H/T Leo H)
Norfolk Constabulary has made the decision to formally close its investigation into the hacking of online data from the Climate Research Centre (CRU) at the University of East Anglia (UEA) in Norwich.
The decision follows a comprehensive investigation by the force’s Major Investigation Team, supported by a number of national specialist services, and is informed by a statutory deadline on criminal proceedings.
While no criminal proceedings will be instigated, the investigation has concluded that the data breach was the result of a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.
Senior Investigating Officer, Detective Chief Superintendant Julian Gregory, said: “Despite detailed and comprehensive enquiries, supported by experts in this field, the complex nature of this investigation means that we do not have a realistic prospect of identifying the offender or offenders and launching criminal proceedings within the time constraints imposed by law.
“The international dimension of investigating the World Wide Web especially has proved extremely challenging.
“However, as a result of our enquiries, we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet. The offenders used methods common in unlawful internet activity to obstruct enquiries.
“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”
The security breach was reported to Norfolk Constabulary on 20 November 2009, following publication of CRU data on the internet from 17 November onwards.
An investigation was launched by the joint Norfolk and Suffolk Major Investigation Team, led by Det Chief Supt Gregory, with some support from the The Met’s Counter Terrorism Command, the National Domestic Extremism Team and the Police Central e-crime Unit, along with consultants in online security and investigation.
The investigation, code-named Operation Cabin, focused on unauthorised access to computer material, an offence under the Computer Misuse Act 1990, which has a three year limit on proceedings from the commission of the original offence. It has been concluded by Norfolk Constabulary, in consultation with The Met, that due to outstanding enquiries this is now an unrealistic prospect.
Norfolk Assistant Chief Constable Charlie Hall, Protective Services lead, said: “Online crime is a global issue. While law enforcement agencies continue to develop our response to emerging threats, it falls upon individuals and organisations to be alert to this and and take steps to mitigate risk as far as is practicable.”
This is just sad. When is this whole global warming thing going to end? I know money talks. But can’t at least someone, somewhere along the concatenation of this comedy say, “Hey, wait a minute, WTF!”
‘Why do some people here apparently suspect the Norfolk police being in support of a particular narrative – in effect part of a coverup?’
Agree with your question, timg56; I strongly feel that the Norfolk police have done as well as the cards they were dealt could not have been played any better.
‘To me it soundsc like they couldn’t find s___t.’
Think you’re wrong there; They would be more than competent at finding ordure but ’tis harder to prove it!
‘The reference to an outside hack ould still hold true even if the person responsible worked there or was familiar with the system’
Agree but that, in no way, weakens their argument that they followed procedure within the remit they were involved with
‘All this changes is the sideshow argument regarding Climategate and Glieckgate comparisons. It does nothing with regard to the content of the emails and what they reveal’
Agree, again, and that is why the police have washed their hands on the politics and let loose the hounds!
re: “who wants to misdirect the blame”
mm… someone very close to the center of all the action??
a distant hacker would not seem to have any reason or need for such misdirection
(well unless it were some added layer of misdirection, to make it seem to the most observant that it was an insider trying to misdirect to an outsider who …. nah, too much subtlety for any “outside” hacker to care about, I would guess)
Steven Mosher says:
July 18, 2012 at 6:05 pm
Ian
“The climategate emails are not a simple mail server dump. They are a selection of that appear to match the FOIA requests that CRU repeatedly refused to comply with.”
they are not a human made selection.
They are not mails selected in response to FOIA
You may well be proven right, moshpit, but please point out the relevance of your post vis a vis the integrity exhibited by CRU compared with the ‘publish and be (slightly) damned by the circumspection of Madame FOIA (of whatever gender)
Some claim that you know the identity of FOI but I’m with you on this. You know nowt! Keep up the good work
Comment by Steve McIntyre on his blog:
Too bad that they didn’t provide any evidence to actually dispel the theory that RC/FOIA “was a disgruntled UEA employee”. Nor do I believe anything that Acton says on this matter without corroborating evidence – which has notably not been provided here.
If they’d resisted the temptation to embellish – “carefully orchestrated” for example – they’d have had a better chance of people accepting a statement. But such embellishments make it impossible to accept this without corroboration (bold added by me)
And I agree with the bolds.
link to his comment
http://climateaudit.org/2012/07/18/norfolk-police-inquiry-at-east-anglia-ends/#comment-343379
If the mail server is using a mirrored RAID, would one hard in the array have all the emails, thus replace one hard drive in the array walk out with the goods??? Sort out the hard drive at some other location.
Climategate 3 will probably happen short before the the next UNEP/IPCC(UNEPFCCC) “report” ?
It must be very undermining for the The Team’s members morale to know that short before their policy based propaganda “claims” are put forward new Climategate e-mails will be made public.
E-mails that show that the IPCC reports are not scientific but instead politics to support the UNFCCC and it’s radical UNEP policy based claims to promote a radical change of society.
And the fun part of this is that it’s going to be The Teams own written words in leaked internal e-mails that clearly show that the reports claims that they are making public is not science but policy based solely and only on the UNFCCC.
In other words ” the things we are going to tell you now is just policy based lies”.
A much better press release would have consisted of only two sentences suitably adapted from eminent climate scientologists to describe the real state of the police investigation:
1) “We can’t account for [this] at the moment and it is a travesty that we can’t”
2) “we know with certainty that we know f***-all”
You see? Climate science can help out in so many unexpected situations!
[cross-posting myself from BH if the mods permit]
Excellent one! I was halfway throught the next post before I grasped what you meant by “…wrong height.”
I had a vision of someone cramming their tongue somewhere into their facial cheek, until that phrase sunk in. You meant instead, sung to the tune of “Oh, where the sun doesn’t shine…”
Roy.
I have a theory. it is supported by facts. I don’t know. But then, we dont know anything.. maybe math and logic.
it starts with opportunity. next comes motive. after that a bizarre set of facts only a few have attended to.
Opportunity is easy. Motive is harder to figure out. But it’s there plain as day. once you see it.
I will tell what the motive is Not: it is not related to the cause. any cause. its personal.
Norfolk is a region in England that suffered “mother Nature’s” brunt recently: snow and -14 C in February, a super dry March and monsoon in April: she is having a laugh with these CRUed clowns.http://www.edp24.co.uk/news/environment/torrential_rain_in_east_anglia_could_mean_april_was_a_record_breaker_1_1363702
I am not normally one to engage in conspiracy theories and I am not sure I go with the conspriacy theories propounded here. However, I notice the coincidence that UK Parliament (HoC and Lords) broke up last week for the “summer” break so MPs are not able able to raise questions in the House to get more information from Government ministers.
Possibly a guide to Norfolk Constabulary’s timing of this announcement.
Didn’t believe their “it was a hack from the internet” when they first produced it; no reason to believe it now. It sounds like the attack dogs were getting nowhere and their owner decided to call them off.
‘Foia’ – please can we have that password soon? 😀
Remotely. OK, remotely from where? If you know that the attack came from outside you should at least be able to get an idea of where outside. Russia? China? USA? UK? Surely it would be worthwhile to know….
Ha ha – might be the cue for another release of emails
What part of
“While no criminal proceedings will be instigated, the investigation has concluded that the data breach was the result of a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.
didn’t you folks understand? Sorry, the whistleblower dog whistle just failed.
BTW, the information gathered by the Norfolk Constabulary is almost certainly not available through FOI requests as likely involving a) a criminal investigation b) information from security serives c) international implications with foreign countries and more.
Remotely may simply mean a VPN connection from inside UEA to a non-logging VPN hoster and back in through the firewall via an open port exploiting any number of vulnerabilities or bad setup.
Grabbing a single HDD from the SAN rack won’t get anyone far. A large institution like this will have a high level RAID (i.e. RAID6) with additional data duplication and volume spanning going. Any single HDD only contains unrecoverable gibberish, getting to it requires physical access to the server room and pulling it will trigger an alert to the admin (and possibly the manufacturer to ship a replacement part and send a technician to install it by presuming hardware failure). Removing the full shelf to take home is quite inconceivable.
George says:
July 18, 2012 at 12:01 pm
There are ways of making it nearly impossible unless you happen to catch the traffic happening in real time, and there are ways of even making that less useful.
And people with that level of expertise are (or soon will be) working for either one of about a dozen national governments/militaries or the Russian mafia…
I am enjoying all of this very much, and dearly hope Mosher writes a book about it one day. Some thriller it would be, even without any bodies (Which I dearly hope never happens. Professional reputations can deservedly die, yes, but not any actual people).
Sincerely, an American schoolteacher posting this afternoon from Yorkshire, as I’m sure any competent hacker could easily determine. 🙂
I agree that the perpetrator had a personal score. Also the time to take it must have been extensive, thus maybe a small amount at a time like a clever worm.
I hope that after the 3 year statute limit is past, the hero hacker will identify himself (or herself)!
I think you are out on a limb with those speculations Steven. Hopefully time tells sooner rather than later.
Steven Mosher says:
July 18, 2012 at 6:05 pm
Ian w.
“The climategate emails are not a simple mail server dump. They are a selection of that appear to match the FOIA requests that CRU repeatedly refused to comply with.”
they are not a human made selection.
You are falling for the letter that the “hacker” released.
That letter is a false trail. a misdirection.
who wants to misdirect the blame.
I will tell what the motive is Not: it is not related to the cause. any cause. its personal.
‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.
I’m sure the possibility exists that the flash drive used may have been purchased over the internet