Andrew Montford has posted briefing materials handed out to the press when Norfolk Police released the decision to close the investigation yesterday. Like everything else with this investigation, the people most in the know (the bloggers) were left out of the loop while the spinners (Richard Black of BBC for example) get this info straight away.
Operation Cabin
Background Information
Introduction
Operation Cabin is the name of Norfolk Constabulary’s investigation into the unauthorised data breach at the Climate Research Unit (CRU) at the University of East Anglia (UEA) in Norwich and the subsequent publication of some of this data on the internet.
The publication of the data in close proximity to the COP 15 and COP17 climate change conferences in Copenhagen and Durban appears to have been done in order to influence global debate around anthropogenic climate change.
The investigation has been undertaken by Norfolk Constabulary, with some support from SO15 (Metropolitan Police Counter Terrorism Command), the National Domestic Extremism Team (NDET) and the Police Central e-Crime Unit (PCeU). Technical support was provided by online security and investigation experts, QinetiQ.
The investigation
The security breach was reported to Norfolk Constabulary by the UEA on 20 November 2009, following publication of CRU data on the internet from 17 November onwards.
An investigation was launched by the joint Norfolk and Suffolk Major Investigation Team (MIT), led by Senior Investigating Officer (SIO) Detective Superintendent Julian Gregory, supported by Detective Inspector Andy Guy as Deputy SIO. Strategic oversight was provided by Gold Group, initially chaired by then ACC Simon Bailey and latterly by ACC Charlie Hall.
Strategy and Parameters
The primary offence under investigation was the unauthorised access to computer material under s.1 Computer Misuse Act 1990.
The aim was to conduct an efficient, effective and proportionate investigation into the circumstances surrounding the unauthorised access with a view to:
- Establishing what data was accessed and/or taken and published
- Establishing who was responsible
- Securing sufficient evidence to mount a successful prosecution if appropriate
Lines of enquiry
At the outset it was not known if there had been a physical breach of security at the UEA or whether the data had been taken as a result of an external attack via the Internet. It was also not known if the offender(s) had connections with or was assisted by members of staff from the UEA and, as a consequence, a number of lines of enquiry were pursued to cater for these eventualities.
Summary of findings
- That the data was taken between September 2009 and November 2009 during a series of remote attacks via the Internet, which accessed an internal back-up server.
- That a large amount of data was taken and subsequently published on the Internet in two separate files in 2009 and 2011. The first was entitled FOIA 2009 and contained 3480 documents, 1000 e-mails and 1073 text files. The second was entitled FOIA 2011 and contained 23 documents, 5292 e-mails and 220,000 files. Much of the data published in FOIA 2011 was protected by an unknown password.
- That the data was not obtained via physical access of the CRU back-up server.
- That there is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.
- The offender (s) had used methods common in unlawful internet activity to obstruct enquiries, by planting a false trail and utilising a series of proxy servers located around the world.
- That the attack was highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity.
Limitation on proceedings
The Computer Misuse Act 1990 provides a limitation on commencing criminal proceedings in that criminal proceedings must be brought within six months from the date on which evidence sufficient to bring a prosecution comes to light, and that no such proceedings will be brought more than three years following the commission of the original offence
In relation to Operation Cabin, this means that proceedings would need to be commenced in the autumn of this year. This means that the police investigation would need to have been concluded by late summer in order to prepare a case for prosecution within this time constraint. It has been determined that this is an unrealistic prospect.
Resource and costs
The Constabulary carried out a proportionate investigation led by officers from the joint Norfolk and Suffolk Major Investigation Team, with some additional support internally and some assistance also provided by national and external agencies and services.
Officers assigned to this case worked on a number of other investigations simultaneously and, while specific activities relating to this and other investigations may be recorded in their pocket note books, the exact time spent on each activity is not recorded. It is therefore not possible to isolate accurately the overall hours worked by officers and staff on this investigation nor the total salary cost for this.
Over and above this, the cost for over-time and expenses in relation to this enquiry alone has been recorded against a specific cost-code. For the period December 2009 to March 2012 inclusive, this figure stands at £84,871.77.
Further information
Further information in relation to this enquiry has been published by the Constabulary under the Freedom of Information Act.
This material can be found at:
http://www.norfolk.police.uk/aboutus/yourrighttoinformation/freedomofinformation/disclosurelog.aspx
============================================================
One of the things I find most interesting in that disclosure log page is that for all the caterwauling that went on about “death threats” sent to Phil Jones, and the news repeated worldwide by the spinners that he was “depressed and suicidal”, the Norfolk police provided this statement which tells the real story Bold is mine:
| 69/12/13 (PDF) | Threats to life or threats of bodily harm reported to Norfolk Constabulary by members of the Climatic Research Unit at the University of East Anglia. | No information held |
The PDF reads:
June 2012
Dear whatdotheyknow.com
Freedom of Information Request Reference No: FOI 69/12/13
I write in connection with your request for information received by the Norfolk Constabulary on the 14th May 2012 in which you sought access to the following information:
Please provide a breakdown per month, the number of:
A threats to life
B threats of bodily harm
which were reported to Norfolk Constabulary by members of the University of East Anglia Climatic Research Unit in the period 1st November 2009 to 30th April 2012, inclusive.
Response to your Request
Norfolk Constabulary were made aware of emails that had been received by a member of the staff at the University of East Anglia Climatic Research Unit. No specific complaint or report was made to the Constabulary and no crimes were recorded detailing threats to life or threats of bodily harm.
This response will be published on the Norfolk Constabulary’s web-site www.norfolk.police.uk under the Freedom of Information pages at Publication Scheme – Disclosure Logs.
================================================================
Bottom line- Phil Jones and UEA weren’t concerned enough with these “death threats” to bother filing a police report or complaint, but they sure talked it up in the press, just like the whiners at ANU and those supposed “death threats” that never materialized.
But when the police say:
No specific complaint or report was made to the Constabulary and no crimes were recorded detailing threats to life or threats of bodily harm.
It rather deflates the whole episode.
I’m sure David Appell will get right on this to prove otherwise.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
“Officers assigned to this case worked on a number of other investigations simultaneously and, while specific activities relating to this and other investigations may be recorded in their pocket note books, the exact time spent on each activity is not recorded. It is therefore not possible to isolate accurately the overall hours worked by officers and staff on this investigation nor the total salary cost for this.
Over and above this, the cost for over-time and expenses in relation to this enquiry alone has been recorded against a specific cost-code. For the period December 2009 to March 2012 inclusive, this figure stands at £84,871.77.”
—————————————-
If I were in charge I believe I would assign my overtme charges to cases that were solved or at least some level of headway acheived. The taxpayers/voters might like to see their money better spent.
But, maybe that’s just me.
I see the police did not rule out the possibility of multiple perpetrators. The communications from the releaser(s) used the pronoun”we” . . . thus I still consider it reasonable that there were multiple participants and spectulate it is reasonable that at least one was inside UEA/CRU.
John
It’s ‘Normal for Norfolk’ (an alleged medical term for illnesses caused by inbreeding).
Hmm. Norfolk Constabulary, the Metropolitan Police Counter Terrorism Command (SO15), the National Domestic Extremism Team (NDET), the Police Central e-Crime Unit (PCeU), QinetiQ [utterly stupid way of spelling kinetic], the joint Norfolk and Suffolk Major Investigation Team (MIT) and Gold Group. And still deliciously clueless.
I think pickpockets at the Olympics will be fairly safe.
Is it usual at UEA to have “internal backup servers” accessible via the internet? If so, no wonder they got their panties stolen.
Apparently, they’ve never heard of an internal-only, non-routable network segment.
That there is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.
Would it then have been a crime if it was a whistle blower? Where is Sherlock Holmes when they need him?
“■That the attack was highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity.”
China??
somebody real smart on the inside.
who is smart enough to use proxy servers so it looks like it comes from the outside.
Hmm. That was my number 1 suspect on day 1.
still is.
“That there is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”
“Again, they provide no indication that they even looked for evidence to suggest that someone working at or associated with the UEA was involved with the crime.”
The evidence of inside working has been destroyed, thus “no evidence.” The rest is all smoke and mirrors that it was sophisticated and remote.
mojo: “Apparently, they’ve never heard of an internal-only, non-routable network segment.”
Where I live and used to work (university / k12) , the IT people had heard of such things, but were forbidden to implement them until a major hack compromised all the servers. After that, and without permission, some of us spent an exhausting week implementing a firewall and rebuilding all the servers. Weeks later we got permission to make a firewall a permanent part of our infrastructure.
Note how there was no apparent effort to investigate the extent if any to which Jones and others breached their fiduciary and/or custodial duties and obligations with respect to their destructon and/or removal of data constituting the property of the taxpaers and public. Although they have some degree of discretion in performing their custodial responsibilities, it must be asked how hiding the e-mail and other data on their own personal flashdrives at home and/or destruction of this data and property is not a criminal act cognizable by UEA and the police?
The police are almost certainly fishing: hoping “FOIA” will relax and make a mistake. Obtaining those files was almost certainly _not_ the only possible offence. … imho.
So we can’t rule out an internal job carried outside of the CRU buildings by someone who knew where to look?
Alan Watt, Climate Denialist Level 7 says:
July 19, 2012 at 8:16 am
Since it was a “highly sophisticated” remote intrusion by someone who knew how to conceal their identify we can rule out Peter Gleick.
———————-
Thanks Alan. Made my day.roflmao, still chuckling five minutes later.
Nice one, Skiphill.
“highly sophisticated”! Even PC Plod indugles in weasel words every now & again, but I don’t think FOIA was this at all, more likely this is the police describing themselves! Why not just say simply “very clever” instead, pay FOIA a compliment for a change! Deja Vu, Pocket OED 1925: sophist/sophistry/sophisticated:Paid teacher willing to avail himself/herself (mustn’t leave the feminists out) of fallacies, use of sophisms, spoil the simplicity or purity or naturalness of, corrupt or adulterate or tamper with. Quite apt me thinks!
That the data was not obtained via physical access of the CRU back-up server.
###
I can’t remember the last time I access data from any type of server, let alone a backup server, via physical access. It had to have been over a decade ago. I have been tasked on several occasions with designing and implementing DRP’s, which means that I have actually “built” and configured backup servers. And I did this all from the comfort of my work-station. To tell the truth, I would have loved to have needed physical access on a few occasions because that would have required trips to Hong Kong, Seoul, and Panang.
Anthony Watts says:
July 19, 2012 at 7:35 am
@MrV I expect that if “FOIA” is going to release the remainder, he/she will do so right around November 19th, 2012, and perhaps even reveal him/herself since the statute of limitations will have expired. – Anthony
It is more likely that the release will come at a time that the data obtained will cause the most impact. Note that the statute of limitations is running from the time of the data theft not the data of data release. so the release of data could happen anytime. It is only FOIA exposing her/his identity that needs to wait till after Nov 17.
China?
Heck, China, India, SA and Brazil would be the logical ones USING the CAGW climate hysteria to destroy THEIR economic rivals for the world’s business! China in particular – at that time especially – is too smart to waste effort trying to hack false “scientific” emails and research when there are hundreds of billions of economically profitable industry and business and military databases and emails to be read!
Method. Motive. Opportunity.
All three point to an internal whistleblower (irritated by the CRU opposition to a legitimate freedom of information act resistance and hatred by the CRU staff and administrators), or morally outraged by their hypocrisies, lies, and falsely and blatantly anti-scientific “attitudes” and biases.
Still doesn’t wash. Somebody would have had to have access to those systems for a long time to gather all those documents. Perhaps I’m underestimating how sloppy the security was at UAE?
Anyhoo, I hope FOIA does come forward and let us know how it really happened. Inside job is still where my money is, no matter what this report says.
Anthony Watts says:
July 19, 2012 at 7:35 am
@MrV I expect that if “FOIA” is going to release the remainder, he/she will do so right around November 19th, 2012, and perhaps even reveal him/herself since the statute of limitations will have expired. – Anthony
Most UN-likely. Anyone who is smart enough to “orchestrate” such a “sophisticated crime” will surely know that there is a whole world of other charges they could dig and use against him. I’m sure there are a range of “terrorist” offences that could be made to fit, which do not have a sell-by date.
If it was a wistleblower he/she will probably be just as happy to keep their heads down and get on with life. They probably had far more effect that they had hoped for and will be trying to get on with honest science.
I would also go for an insider for two reasons,
1 How did they know there would be anything worth taking? That would have been a huge effort to do on spec.
2 Why did they only go for the UEA? Why not go for Mann’s and the rest of the teams mails as well?
As far as I know nowhere else reported attempted hacks which, under the circumstances, I’m sure they would have done.
Someone had mentioned in another post that maybe the investigation was shut down so that there would be no court case. A court case could prove embarrassing to government considering all their “warming” push, evidence for CAGW.
msg says: Perhaps I’m underestimating how sloppy the security was at UAE?
Quite possibly. That would not surprise me at all. My estimation is:
1. Outraged, real scientist inside the “community” thinks the world needs to know.
2. Someone browsing around in unprotected ftp space stumbles upon something interesting.
3. Somebody made a backup on a flash device and left it on a bus
4. Hack by someone outside ? Nah!
4 would require
– considerable knowledge and experience.
– motivation in relation to timing of cop15
– knowledge that there was something significant to be had and where to look.
Low probability does not exclude the latter option but I think it is unlikely.
If it was 1, UEA would probably not want the whole argument about malfeasance, data rigging and corrupt science to come out in public and certainly not with staff being called to give sworn testimony in a court of law.
The appropriately named Vice chancellor would probably indicated to the local plod that they did not wish to pursue the matter and in any case they were going to pay lots of money for an “independent” enquiry into the whole business.
The establishment figures that did not want more questions being asked about climate science than already were, would have spoken to Lords This and That, who would have had a descrete word with the Chief Constable who would have arranged for nothing to be done for the next 2 1/2 years.
@Mosher,
I completely agree with you, that’s the most likely case. The hilarious things is, that’s not all that hard to do. Something as simple as the Tor network would allow that, and that’s just one easily obtained example (I don’t think Tor was used; and it was probably something more sophisticated).
Oh, BTW before anyone starts fluffing on about conspiracy theorists, I would just point out that the official explanation is just that. So if anyone wants to pooh=pooh anything as a baseless conspiracy theory let’s start with that press release.
Cabin Fever