Buy

Books
Click images for more details

Twitter
Support

 

Recent posts
Recent comments
Currently discussing
Links

A few sites I've stumbled across recently....

Powered by Squarespace
« Mann interview at philly.com | Main | ++++Statement from Norfolk Police++++ »
Saturday
Jan092010

Parsing the police

Here's my reading of the situation.

I first contacted Norfolk constabulary a week ago and was told by a very helpful press officer that there was no further statement at that time, but that I should keep getting in touch for further information. When I asked yesterday if they had at least ascertained if there was a leak or a hacking of the UEA servers, I was sent the statement which has caused so much interest. In the comments that thread, Jeff Id states that he has heard from Norfolk police too.

My reading of this is that the investigation has barely got off the ground, and some action was perhaps prompted by my questions. Six weeks on from the breaking of Climategate, it might be seen as slightly embarrassing for the police that they had yet to determine what it is they are investigating, so they have now leapt into action. Jeff appears to be the only prominent climate blogger contacted directly. As the person who first received the link to the leaked information, he is an obvious first port of call for the police to get some evidence to point them to the answer to the leak/hack question.

The involvement of the Domestic Extremism Police is probably actually predictable. As watchers of the deteriorating civil liberties situation in the UK all know, powers granted to the police in the wake of 9/11 in order to fight terrorism are routinely used in the UK for minor crimes. By bringing in these specialists, Norfolk Police will be able to monitor emails, demand passwords and cryptographic keys and so on. That these powers are out of all proportion to the alleged crime is of course of no concern to law enforcement officers.

Meanwhile, the involvement  of the Information Commissioner is interesting too. The ICO's inquiry probably has two distinct focuses. Firstly they will  be investigating if UEA staff were involved in withholding information subject to requests under the Freedom of Information Act and the Data Protection Act. For the benefit of overseas readers, the latter relates to the maintenance of personal information.

But while there are obvious concerns over the conduct of UEA staff, it is likely that the ICO will also be looking at whether the hack/leak itself also breached the DPA. While the vast majority of the emails are not personal in nature, there are odd snippets of personal information among all the talk of hiding declines and nobbling journals. It is likely that these would concern the ICO.

I wonder how long it will be before we get a determination on the hack/leak question? Perhaps some of my IT-savvy readers can suggest how difficult it is to determine if one's server has been hacked?

 

PrintView Printer Friendly Version

Reader Comments (40)

My view is that no matter what they find - it will be a hacker.
If it is a whistleblower, then the person(s) receiving the information will be charged for hacking (theft). Information theft can be done via keystrokes, or it can be done having the aid of someone inside. The result is the same: illegal access to information.
If I were Jeff Id, I'd get good legal council just in case. Poor guy had the misfortune of breaking the big news.
I would have done the same though.

Jan 9, 2010 at 10:21 AM | Unregistered CommenterP Gosselin

It depends on the IT setup CRU has. I've been a network speciallst for 20 years, and done a fair amount of IT security, although it's not my speciality outside of secure network design. Assuming CRU had standard firewalls and system logging in place and know the timings of the hack/leak, log analysis could be fairly quick. It may be complicated by CRU being academia and requiring more remote access and temporary accounts to visiting academics, students etc. Although that means it may have been more open than many networks, comprehensive logging policies for network and file access should help the investigation.

If the hack was more complex, like key loggers or systems being compromised, then that could take longer to investigate, mainly because there's a 1yr+ backlog on some IT forensics unless the case is prioritised.

I suspect the biggest problem will be with CRU's IT infrastructure. We know they've been casual with their FTP sites before and the Harry comments point out the lack of data management, so I suspect the investigators don't have as much to work with as they'd like.

Jan 9, 2010 at 10:38 AM | Unregistered CommenterAtomic Hairdryer

@ P Gosselin
"If I were Jeff Id, I'd get good legal council just in case. Poor guy had the misfortune of breaking the big news.
I would have done the same though."

I think you will find that Jeff is based in the US, beyond the reach of plod here...

Jan 9, 2010 at 11:19 AM | Unregistered CommenterJabba the Cat

Also a commenter on his site linked to the data. Is that a crime?

Jan 9, 2010 at 11:34 AM | Registered CommenterBishop Hill

As Jabba has pointed out, fingering JeffID would be messy, if possible at all. But it's hard to think of any possible "hacker" scenario whose unravelling by plod would not entail at least as much pain for the Hockey Team as for the fingeree. Whatever was or wasn't revealed in court, the court of public opinion would acquit the defendant and convict the Team. My guess is the Team will be praying the police get nowhere on the "hacker" case and quietly drop it.

Jan 9, 2010 at 11:51 AM | Unregistered CommenterTom Forrester-Paton

I think this is completely over the top. Jeff Id wasn't the hacker, someone left a link on his blog. That's all. How could anyone "finger" him?

Jan 9, 2010 at 12:03 PM | Registered CommenterBishop Hill

In the more plausible scenario where this was an inside job, copying a collection of data already prepared for FOI, there's little chance of tracking the leak. It would take about 30 seconds to copy the data to removable media. Most operating systems are unlikely to log the copy. If I were doing this, I'd use an MP3 player which I was "charging" to deflect suspicion.

Jan 9, 2010 at 12:06 PM | Unregistered CommenterDr Slop

I've no doubt that the "Domestic Extremism" boys will have a look to see if there is anyone in the UK skeptics community that they can finger for this.

Otherwise, I doubt if their brief covers revealing what actually happened (it has already been decided and announced that it was nasty Russian Hackers) any more than they will be genuinely looking to see what Phil Jones & his cronies have been up to. Or whether the 'science is settled', for that matter.

But if they can pin it on us pesky skeptics then we can get ready. I'm sure our beloved leaders get much less upset about those who campaign to turn the UK into an extreme Islamist state than they do about those who threaten their Carbon Trading scam.

Jan 9, 2010 at 12:06 PM | Unregistered CommenterMartin Brumby

The nature of the files, the backlog of ten years worth of specific email would probably have required access to the CRU backup tape library to compile; this itself would have required physical access to their archive tapes and the ability to load the tapes to complete the data restores you can't do that with remote access. The emails had to have already been compiled by someone on the inside, it's already been said that this might have been gathered for an FOI release. I'd also point out that email servers could be hacked, getting on to file servers is another story never mind finding the exact files.

Jan 9, 2010 at 12:33 PM | Unregistered CommenterJasonF

"...Jeff is based in the US, beyond the reach of plod here.."

As they say, "not so fast". You forget that Obama has signed an Executive Order allowing Interpol broad powers in the US including taking people into custody. That, along with the highly likely event that the DOJ under Holder and the State Dept under Hillary would likely not object. Thus, Jeff Id could be arrested on an international warrant by an Interpol agent and removed from the country. Never forget Obama and his party are farther Left than any EU nation. As they entertainment business likes to say "there are ways."

"..Also a commenter on his site linked to the data. Is that a crime?"

A quick scan of the DPA would seem that someone could conclude you fit the bill of being a “data controller" and then subject to the Act, even if it is a stretch. Then it depends what the personal data really is and whether it's protected under the Act. The prosecutors, even if wrong in their interpretation, could charge you unless there is case law to the contrary. All Western legal systems allow prosecutors broad powers to charge someone and let the judges decide it the prosecutors interpretations are correct.

Simply put, I wouldn't bet the farm on being safe from an aroused Government. After all, they wrote the laws and the UK seems to have quite a number of AGW believers in Government. Checking with an expert on DPA might be a good idea if it would help you sleep well at night.

Jan 9, 2010 at 12:35 PM | Unregistered Commentercedarhill

Having criticised the tenor of the good bishop's report yesterday, I am not only obliged but delighted to note that, IMHO, today's homily is spot on - measured, helpful and credible. Many thanks, especially for:

"As watchers of the deteriorating civil liberties situation in the UK all know, powers granted to the police in the wake of 9/11 in order to fight terrorism are routinely used in the UK for minor crimes."

Quite.

Jan 9, 2010 at 1:01 PM | Unregistered CommenterDaveB

I know that UEA's press office is pre-empting the results of ongoing enquiries by spinning this as a hack rather than a leak.

Jan 9, 2010 at 1:12 PM | Unregistered CommenterAndrew K

As as a journalist I have used information that has come my way, the provenance of which might have been questionable. In one case the information concerned an EU multimillion Euro scam. Following my report, a front page expose, the EU antifraud people of OLAF took over and issued a 76 page report damning the fraud. They had no problem using the information uncovered by the report even if its provenance was questionable. So the bottom line is the broader issue of public policy and the question will be if the revelations have been beneficial to the public at large.

Considering the near religious fervour of the AGW "community" the issue could go either way on this one. The question will hinge on the legality of FOI refusals by the scientists involved and the reaction of the academic community to the undermining of the peer process. Those are the hard issues in this case. The manipulation of data is too complex to be a public issue.

And do not be too surprised to see wide press reaction in case of a proesecution because such a tactic would go to the root of journalist sources. There is no need to detail the Pulitzer prizes won on the back of "illegal" data acquisition.

Nik

Jan 9, 2010 at 1:21 PM | Unregistered CommenterNik

I think it was a whistle-blower. Quite sure about it.
But that would make the CRU look really bad. No, they need to find a hacker - then you have a perpetrator-victim situation. Best way to save face and to divert attention away from CRU and Climategate. .
So what do you do? Very easy: You find a hacker who just happened to have someone inside to help. Of course this is a whistleblower siituation . But the law will just label it as a hacker who had somone inside to help out.
So it goes to court, there's nothing there to prove, blah blah blah...so what! This will be months down the road and the situation will by then be diffused. In 6 months or a year from now, everybody will be calling Climategate old news - being played over and over....time to move on blah blah blah...

Jan 9, 2010 at 1:37 PM | Unregistered CommenterP Gosselin

The question gets down to: Are we dealing with an out-of-control government and justice or not?
We’ll soon find out. Won't we?
We are going to see if they try to settle the science by using brute-force authority.
Now if that doesn't scare you...!

Jan 9, 2010 at 1:47 PM | Unregistered CommenterP Gosselin

Frankly I think it wold be enough to establish if the FOI2009 file collection already existed somewhere on a CRU machine. I sometimes think that the purpose of calling this investigation was to prevent any inquiries about this point, the investigation allows the CRU to duck answering this and other awkward questions using the excuse of "under investigation". It delayed any embarrassment during Copenhagen, and as mentioned above it may end up dragging on indefinitely without any conclusion either way - more to the relief of the CRU people if indeed it was a straightforward leak.

Jan 9, 2010 at 1:49 PM | Unregistered CommenterSteve2

@ cedarhill
"As they say, "not so fast". You forget that Obama has signed an Executive Order allowing Interpol broad powers in the US including taking people into custody. "

I think it is highly unlikely that this will get much, if any, traction at the UK end, let alone in the DOJ.

It does amuse me greatly when the ecomentalists start getting huffy and puffy that the files and data were "illegally" sourced as if this casts, in their minds by way of adverse moral tinting, great doubt on the validity of their content, even though they acknowledge that they are genuine...

Jan 9, 2010 at 1:51 PM | Unregistered CommenterJabba the Cat

"That's all. How could anyone "finger" him?"
If the government and justice are out of control, they are not going to care. An out of control government with the blesing of the mdia? What's to stop them? A lot of scientists are lamely sitting on their hands, to damn chicken to speak out.
Poor Jeff was the one who broke the news (I'd have done the same) and that's who you go after.
I notice that Jeff is not commenting on this at all at his blog. I'm SPECULATING that he may be in a lot of globally warmed hot water.
Just look at this Brown Government!

Jan 9, 2010 at 1:56 PM | Unregistered CommenterP Gosselin

"I think it is highly unlikely that this will get much, if any, traction at the UK end, let alone in the DOJ."
Ha!
We're talking billions and trillions here...and lots of regulatory might. There could not be more at stake!
God knows they've been pushing this for years and years.
Again, we are going to find out:
IS THE GOVERNMENT OUT OF CONTROL OR NOT?
Science settled by brute force?
That's how we will know.

Jan 9, 2010 at 2:09 PM | Unregistered CommenterP Gosselin

Jeff Id's latest post:
When science loses to religion:
http://noconsensus.wordpress.com/2010/01/09/our-galileo-will-we-do-better-this-time/#comment-17479

Jan 9, 2010 at 2:16 PM | Unregistered CommenterP Gosselin

Has anyone

(i.e. a member of the public with actual knowledge of wrongdoing)

filed a formal complaint with the police about alleged FOI lawbreaking, etc. yet?

A parable: Many wives refuse to press charges against their abusive husbands for the sake of some twisted domestic "bliss".

Jan 9, 2010 at 4:52 PM | Unregistered CommenterClif C

Clif

Yes they have.

Jan 9, 2010 at 5:19 PM | Registered CommenterBishop Hill

Wouldn't an easy first step be to see if any staff (esp. programmers) at CRU are named Harry or Harold? As in HARRY_READ_ME? Would be very interesting to interview that guy (regardless of who leaked).

[BH adds: Harry is Ian Harris, a CRU scientist. There's no mystery here]

Jan 9, 2010 at 6:02 PM | Unregistered Commentermg

I have been interviewed and had a formal statement taken by the police with regard to this matter. The officer was attached to counter terrorism unit in Norfolk. They thought I might have some information on the basis that I had sent Jeff id a copy of a paper I had published on isotopes and climate at the southern end of the Antarctic Peninsula, and I had exchanged emails with Steve McIntyre over the leak/hack.

Clearly they've trawled through the UEA mail server and checked for key words (Jeffid Steve McIntyre and so on). The police left me very much with the impression that they were working on the theory that this was an outside hack and was done deliberately to disrupt Copenhagen.

Jan 9, 2010 at 6:54 PM | Unregistered CommenterPaul Dennis

Would a hacker have the abillity to select the emails he wanted, without any prior knowledege of what they contained, or is the premise that he happened on the FIOA files by mistake? In either case how could this possibly have been seen as an attempt to derail Copenhagen?

Jan 9, 2010 at 7:49 PM | Unregistered Commentermontysmum

montysmum.. I think this is why myself and others think leak rather than hack. The content of the FOIA file is just too precise. A hacker would potentially had to trawl through 10 years of emails and files to compose the zipfile. I think it's more likely that the file was assembled by CRU's FOI people in the eventuality FOI compliance was forced on them, or possibly for review. Some of the emails discuss FOI issues and meetings with the ICO, and the ICO may have asked for data under request to determine if FOI was applicable. But there's quite a wide range of topics covered in the zipfile, not all covered by FOI requests I'm aware of, ie from here, CA, Wattsup etc.

If the file had been composed as part of internal FOI work, then it's possible a hacker got in, found the zip file and thought 'bingo', nice prepackaged goldmine. Then again, it could easily have been a disgruntled insider. We'll have to wait and see what the official investigation reveals.

Linked to this may be the alleged hack of the Real Climate system, but then that may simply have been unauthorised use of an existing account given to CRU or a team member.

Jan 9, 2010 at 8:11 PM | Unregistered CommenterAtomic Hairdryer

Would it have been possible for some person within CRU to acidentally, absent-mindedly, leave the relevant bits somewhere on the CRU website such that a third party could quite innocently and/or legally upload?
Wasn't it Phil Jones who had done this previously?
Not at all suggesting that PJ is the person in this case - but could someone else have seen it as a precedent?
Especially if PJ suffered no consequences for his action - another precedent.

Jan 9, 2010 at 10:41 PM | Unregistered CommenterTony Hansen

"Meanwhile, the involvement of the Information Commissioner is interesting too. "

Yes, agree this is interesting - as highlighted by "hot and cold" on the other thread (Statement from Norfolk Police) the previous involvement of the ICO with CRU is in need of clarification: Is the IC serving the public interest or not?

Jan 9, 2010 at 10:47 PM | Unregistered Commenternot banned yet

The idea of Jeff from Air Vent being lead away with handcuffs seems far fetched. The Climategate papers have been around everywhere and this happening would cause certainly a global outrage.

Somehow I got the idea that Steven Mosher was involved, more than just a casual blog contributor. His comment on Patrick Courrielche's peer-to-peer review article (http://bigjournalism.com/pcourrielche/2010/01/08/peer-to-peer-review-how-climategate-marks-the-maturing-of-a-new-science-movement-part-i/#idc-cover) reads as follows:

"Patrick it looks like the police have contacted JeffId. ( domestic extremism task force or some such nonsense)

I suspect they will be contacting me, after the whole story breaks.

I do want to protect deep throat. May need legal help. "

Jan 10, 2010 at 12:06 AM | Unregistered CommenterHoi Polloi

I got the same email as Jeff Id.

Jan 10, 2010 at 3:39 AM | Unregistered CommenterSteve McIntyre

Well I'm offended that they haven't fingered me then. :-)

Jan 10, 2010 at 8:27 AM | Registered CommenterBishop Hill

Well,

I've informed Bishop Hill of some more information. This thread also contains information which helps me piece together another bit.

Jan 10, 2010 at 10:12 AM | Unregistered CommenterSteven Mosher

Having worked in IT for a while (though still rather unexperienced) my opinion is that the files got out in one of two ways: The FOIA data was assembled and left on a server, and security was lax enough for it to be found by someone snooping around (this happened before with other data at the CRU), or the files were leaked by someone working inside CRU.

It is incredibly unlikely that anyone could have hacked into all the right places to assemble such a comprehensive library of relevant documents, and if they had there would likely be mounds of other useless data leaked along with the juicy stuff. There was definitely knowledge of the significance of pretty much every bit of it, which screams that the compilation had to have been an inside job.

Jan 10, 2010 at 11:17 AM | Unregistered Commenterstansvonhorch

This rule about whistleblower for world
http://blowerwhistle.com

Jan 10, 2010 at 6:25 PM | Unregistered CommenterRedy

http://blowerwhistle.com
.A whistleblower is a person who raises a concern about wrongdoing occurring in an organization or body of people

Jan 11, 2010 at 11:40 AM | Unregistered CommenterRedy

Thanks for keeping up on this story! As I posted in my blog, the other story here is what happens when you trade away your freedoms for security. Pretty soon they are using all those fancy new groups to check on YOU!

Jan 11, 2010 at 6:15 PM | Unregistered Commenterblogassault

Thanks for staying on top of the climategate scandal. The interesting thing behind this post is what happens when you give away you freedoms in exchange for some security. Magical groups get invented to keep an eye on things they were never meant to keep their eyes on!

Jan 11, 2010 at 6:17 PM | Unregistered Commenterblogassault

How easy is it to tell whether a server has been hacked or not? Often very, very hard, sometimes ridiculously easy. Having done both professional hacking and forensic level incident response, it depends exactly how they got in and how carefully that bit of your system was set-up to keep records.

Having done security work in the academic environment, the last is likely to have been very poor. If the hack was at an application level, this makes it even more likely that there is little trace. Frankly, I suspect that if it was not an inside job, then it is most likely to have been a basic misconfiguration or poor / no passwords (cf the whole Gary McKinnon saga.) Something set up to enable international collaborators to get access to data, perhaps, forgetting that if you don't do that very carefully ...

And even if you can tell that it was a 'hack', being able then to trace the attack is less than straightforward.

Jan 12, 2010 at 8:17 AM | Unregistered CommenterSurreptitious Evil

A whistleblower is a person who raises a concern about wrong doing occurring in an organization or body of people
http://blowerwhistle.com
http://a-whistle-blower-policy.blogspot.com/

Jan 12, 2010 at 8:49 AM | Unregistered CommenterRedy

You can go with complaints about the police to the IPCC
http://www.ipcc.gov.uk/
Independent Police Complaints Commission

Feb 12, 2010 at 1:55 PM | Unregistered CommenterHans Erren

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>