Andrew Montford has posted briefing materials handed out to the press when Norfolk Police released the decision to close the investigation yesterday. Like everything else with this investigation, the people most in the know (the bloggers) were left out of the loop while the spinners (Richard Black of BBC for example) get this info straight away.
Operation Cabin
Background Information
Introduction
Operation Cabin is the name of Norfolk Constabulary’s investigation into the unauthorised data breach at the Climate Research Unit (CRU) at the University of East Anglia (UEA) in Norwich and the subsequent publication of some of this data on the internet.
The publication of the data in close proximity to the COP 15 and COP17 climate change conferences in Copenhagen and Durban appears to have been done in order to influence global debate around anthropogenic climate change.
The investigation has been undertaken by Norfolk Constabulary, with some support from SO15 (Metropolitan Police Counter Terrorism Command), the National Domestic Extremism Team (NDET) and the Police Central e-Crime Unit (PCeU). Technical support was provided by online security and investigation experts, QinetiQ.
The investigation
The security breach was reported to Norfolk Constabulary by the UEA on 20 November 2009, following publication of CRU data on the internet from 17 November onwards.
An investigation was launched by the joint Norfolk and Suffolk Major Investigation Team (MIT), led by Senior Investigating Officer (SIO) Detective Superintendent Julian Gregory, supported by Detective Inspector Andy Guy as Deputy SIO. Strategic oversight was provided by Gold Group, initially chaired by then ACC Simon Bailey and latterly by ACC Charlie Hall.
Strategy and Parameters
The primary offence under investigation was the unauthorised access to computer material under s.1 Computer Misuse Act 1990.
The aim was to conduct an efficient, effective and proportionate investigation into the circumstances surrounding the unauthorised access with a view to:
- Establishing what data was accessed and/or taken and published
- Establishing who was responsible
- Securing sufficient evidence to mount a successful prosecution if appropriate
Lines of enquiry
At the outset it was not known if there had been a physical breach of security at the UEA or whether the data had been taken as a result of an external attack via the Internet. It was also not known if the offender(s) had connections with or was assisted by members of staff from the UEA and, as a consequence, a number of lines of enquiry were pursued to cater for these eventualities.
Summary of findings
- That the data was taken between September 2009 and November 2009 during a series of remote attacks via the Internet, which accessed an internal back-up server.
- That a large amount of data was taken and subsequently published on the Internet in two separate files in 2009 and 2011. The first was entitled FOIA 2009 and contained 3480 documents, 1000 e-mails and 1073 text files. The second was entitled FOIA 2011 and contained 23 documents, 5292 e-mails and 220,000 files. Much of the data published in FOIA 2011 was protected by an unknown password.
- That the data was not obtained via physical access of the CRU back-up server.
- That there is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.
- The offender (s) had used methods common in unlawful internet activity to obstruct enquiries, by planting a false trail and utilising a series of proxy servers located around the world.
- That the attack was highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity.
Limitation on proceedings
The Computer Misuse Act 1990 provides a limitation on commencing criminal proceedings in that criminal proceedings must be brought within six months from the date on which evidence sufficient to bring a prosecution comes to light, and that no such proceedings will be brought more than three years following the commission of the original offence
In relation to Operation Cabin, this means that proceedings would need to be commenced in the autumn of this year. This means that the police investigation would need to have been concluded by late summer in order to prepare a case for prosecution within this time constraint. It has been determined that this is an unrealistic prospect.
Resource and costs
The Constabulary carried out a proportionate investigation led by officers from the joint Norfolk and Suffolk Major Investigation Team, with some additional support internally and some assistance also provided by national and external agencies and services.
Officers assigned to this case worked on a number of other investigations simultaneously and, while specific activities relating to this and other investigations may be recorded in their pocket note books, the exact time spent on each activity is not recorded. It is therefore not possible to isolate accurately the overall hours worked by officers and staff on this investigation nor the total salary cost for this.
Over and above this, the cost for over-time and expenses in relation to this enquiry alone has been recorded against a specific cost-code. For the period December 2009 to March 2012 inclusive, this figure stands at £84,871.77.
Further information
Further information in relation to this enquiry has been published by the Constabulary under the Freedom of Information Act.
This material can be found at:
http://www.norfolk.police.uk/aboutus/yourrighttoinformation/freedomofinformation/disclosurelog.aspx
============================================================
One of the things I find most interesting in that disclosure log page is that for all the caterwauling that went on about “death threats” sent to Phil Jones, and the news repeated worldwide by the spinners that he was “depressed and suicidal”, the Norfolk police provided this statement which tells the real story Bold is mine:
| 69/12/13 (PDF) | Threats to life or threats of bodily harm reported to Norfolk Constabulary by members of the Climatic Research Unit at the University of East Anglia. | No information held |
The PDF reads:
June 2012
Dear whatdotheyknow.com
Freedom of Information Request Reference No: FOI 69/12/13
I write in connection with your request for information received by the Norfolk Constabulary on the 14th May 2012 in which you sought access to the following information:
Please provide a breakdown per month, the number of:
A threats to life
B threats of bodily harm
which were reported to Norfolk Constabulary by members of the University of East Anglia Climatic Research Unit in the period 1st November 2009 to 30th April 2012, inclusive.
Response to your Request
Norfolk Constabulary were made aware of emails that had been received by a member of the staff at the University of East Anglia Climatic Research Unit. No specific complaint or report was made to the Constabulary and no crimes were recorded detailing threats to life or threats of bodily harm.
This response will be published on the Norfolk Constabulary’s web-site www.norfolk.police.uk under the Freedom of Information pages at Publication Scheme – Disclosure Logs.
================================================================
Bottom line- Phil Jones and UEA weren’t concerned enough with these “death threats” to bother filing a police report or complaint, but they sure talked it up in the press, just like the whiners at ANU and those supposed “death threats” that never materialized.
But when the police say:
No specific complaint or report was made to the Constabulary and no crimes were recorded detailing threats to life or threats of bodily harm.
It rather deflates the whole episode.
I’m sure David Appell will get right on this to prove otherwise.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
The best comment I’ve seen is by jferguson @ur momisugly The Bish’s: ‘Iplod battery ran down?’
===================================
LOL, I think that they have a problem with their findings
That the attack was highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity.
That there is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.
These two ‘findings’ mean that, if there was an ‘insider’, that they were ‘highly sophisticated, highly competent and knew how to conceal their identity’.
I’m also curious about the meaning of this finding – “That the data was not obtained via physical access of the CRU back-up server.” If the finding ‘That the attack was highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity.’ is true, then how do the police know that the data was not obtained by physical access?
Ooooh, “Operation Cabin”…
Very James Bondish.
By the way, many of the people (and newspapers) angry about this leak were only too happy to publish the WikiLeaks documents from all over the world.
I guess this means the way is clear for the trilogy of climategate emails to leak out?
Next round, come on down …
@MrV I expect that if “FOIA” is going to release the remainder, he/she will do so right around November 19th, 2012, and perhaps even reveal him/herself since the statute of limitations will have expired. – Anthony
I notice that plod specifies and concentrates on the CRU back-up server, could this information have come from any of the other computers in the CRU?
Let’s just say, if I WAS to pursue a life of cyber-crime, I’d be wise to set up shop where any investigations would be handled by the Norfolk Constabulary. I’d mention the Keystone Cops, but… oh, someone needs to make a modern day equivalent.
dccowboy hit the exact lines that jumped out at me. “Highly Sophisticated” appears to be a phrase that means “anything we can’t figure out”. I’m wondering if their electric razors and iPods also rate as “highly sophisticated”.
So yeah, do tell: how are the concepts of “we can’t figure out who did it” and “it wasn’t anyone local” anything other than mutually exclusive? It’s one or the other, NOT both.
Dccowboy basically took the words out of my mouth. Funny how, in announcing their ‘findings’ they seem to know more than their findings should have revealed. I think they need to hire a spin doctor. Sorry, Dr. Phil, for your abject failure at squeezing a bit of sympathy from CNN.
I may be part of the identity concealment. I bought a T-Shirt saying “I’m FOIA.” Highly sophisticated, indeed.
“FOIA” release in november, yes perhaps, but revealing him/herself? I doubt that very much. Not in a few more years at least.
So Anthony, does this mean that these documents, after all, were simply a fake?
http://wattsupwiththat.com/2012/06/13/foi-reveals-nasty-hateful-emails-sent-to-phil-jones-right-after-climategate/
REPLY:
Please don’t put words in my mouth…I simply said they were “deflated” in importance when they don’t even bother to file a police report. – Anthony
I would think someone considering suicide is mentally ill. If I were his employer I would put him on sick leave and make sure he gets psychiatric help!
Access from the outside to the backup server via the Internet suggest a lack of a skilled firewall setup and intrusion detection or a deliberate gap. It also means such an attack would have had to trace the backup regime of the email system to the backup servers, which means that multiple servers had to be intruded into at administrator level to obtain the information. That suggests gross incompetence on behalf of the UEA IT staff or an inside man that knew where to look and how to get in from an external IP past the network’s defense.
1. The anti-terrorist mob seem to be very competent when it comes to anticipating, thwarting and prosecuting crimes in their baileywick so had they been truly involved in this affair, they’d have solved the crime.
2. I have no doubt that they did succeed, at least to the point of balancing the embarrassment of failure against the further embarrassment of UEA/CRU and their apologists, including Lord whatshis name. So what did we expect?
“The security breach was reported to Norfolk Constabulary by the UEA on 20 November 2009, following publication of CRU data on the internet from 17 November onwards.”
HMMMmmmm I smell a pack of madly scurrying of rats as they dump all the data related to the climate temperatures that Steve M’s FOIA was aimed at BEFORE calling in the cops three days later. Makes for an interesting timeline for The Dog Ate Global Warming and explains why Phil Jones said he even considered suicide over the “climategate” scandal. Also explains why CRU was not exactly cooperative.
All they are telling the public is that anyone in the world, inside or outside of UEA, could have pulled it off if they had the requisite skills. What they should say if they want to be candid and open with the public is:
“It could be anyone skilled enough to leave no clues that we could pick up on. Therefore, we cannot speculate about the location of ‘FOIA’ or the meaning of these events, beyond that someone wanted these documents released and found a way to release them.”
It’s a pity the plods didn’t succeed in their aim of “Establishing who was responsible” – when it comes to the New Year’s Honours List, Sir or Dame FOIA won’t carry the same cachet as a proper identity.
Still, all in all, I think they played a blinder.
Since it was a “highly sophisticated” remote intrusion by someone who knew how to conceal their identify we can rule out Peter Gleick.
I’ve said it before, I’ll say it again. Given the information the Climategate leaks exposed about how Jones, Mann and company operated, and given the tremendous economic and human damage done by these so called “scientists”, I find it miraculous there have been no death threats.
Jay Davis
Why don’t they try a much better press release which needs only two sentences suitably adapted from eminent climate scientists to describe the real state of the police investigation:
1) “We can’t account for [this] at the moment and it is a travesty that we can’t”
2) “we know with certainty that we know f***-all”
You see? Climate science can help out in so many unexpected situations!
“The offender (s) had used methods common in unlawful internet activity to obstruct enquiries, by planting a false trail and utilising a series of proxy servers located around the world. ”
This should answer Mike and Dccowboy. I’m pretty sure the server logged all activity, and it would note whether the activity was local or remote access. It was a back up server, so probably not a lot of activity, which would make the investigators job easier than if it had been the main server.
Sometime theives are just smarter than police.
Jones’ claim that “People said I should go and kill myself. They said they knew where I lived. They were coming from all over the world.” is officially indistinguishable from a paranoid delusion.
Would revealing too much to the press give up techniques they used during the investigation. Techniques that they don’t want criminals knowing about?
Again, they provide no indication that they even looked for evidence to suggest that someone working at or associated with the UEA was involved with the crime.
This is the sentence I find most interesting. Can you guess what’s missing, to make it suitably ambiguous?
“The offender (s) had used methods common in unlawful internet activity to obstruct enquiries, by planting a false trail and utilising a series of proxy servers located around the world.”
Yes, it’s a time point. Are we talking here about a frontal assault from behind proxy servers in a supposed frontal assault to get the data, or the dissemination of the material in CG1 and CG2? Wonderfully vague stuff.
http://thepointman.wordpress.com/2010/12/17/why-climategate-was-not-a-computer-hack/
Pointman
The language of the summary is appalling; ‘data taken’? Who ‘takes’ data, most people would just copy it. If you copy it and delete it the source could claim you made it up.
Maybe UEA is covering for all the data it has ‘lost’ in the past?
… there is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime …
Equally, there is no evidence that anyone working at or associated with UEA was not involved in the crime since they don’t have a clue who did it.
I’m betting the VC wanted that statement in the police report (you all know why).