Norfolk Police speak
Climate Change Dispatch has extracted a statement on the progress of Norfolk Constabulary's investigation into the Climategate:
Following the publication of e-mails and other data prior to the COP15 Climate Change Conference in Copenhagen in December 2009, the Norfolk Constabulary investigation into the data breach at the University of East Anglia continues.
With the many different lines of enquiry that officers identified, the workload has varied with specialist investigators/law enforcement partners used when needed.
Commenting on the investigation, Senior Investigating Officer (SIO), Detective Superintendent Julian Gregory said:
“This has been a complex investigation, undertaken in a global context and requiring detailed and time consuming lines of enquiry. Due to the sensitivity of the investigation it has not been possible to share details of enquiries with the media and the public and it would be inappropriate for us to comment any further at this time.”
Note to Editors:
It is acknowledged that interest in this case continues, given that the enquiry has now been running for approximately a year and that there is a desire for us to publish further detail. However, the circumstances of the case do not lend themselves to public comment at this time due to the sensitivities of the investigation and this is unlikely to change in the near future.”
Reader Comments (137)
Deep Midwinter?
Deep Ordure?
Deep Six?
IIRC someone at the BBC said he was given a link to the CRUmails about a month before the rest of the world. The BBC did nothing with the info. Did he later identify the link? Was it the same as the later link? Or is this just an irrelevance? My instinct is that the prior offer of an exclusive to the BBC suggests an inside source not a random hack.
oldtimer - you are referring to the Paul Hudson myth.
http://www.bbc.co.uk/blogs/paulhudson/2009/11/climategate-cru-hacked-into-an.shtml
http://www.bbc.co.uk/blogs/paulhudson/2009/11/climategate-what-next.shtml
Paul Hudson was provided with a copy of one email chain by one of the people involved. Paul used that to verify that at least for that one email chain the Climategate compilation appeared to be legitimate.
Pauls first blog post was miscontrued by many people as him saying he had received a copy of all the Climategate emails before they were released on the internet. This has generated an internet myth that the BBC were sitting on the emails and that myth has been much used by BBC haters.
@Nial
"The conclusion was it was almost impossible for an outside hacker to have broken into all the systems involved, then found and accumulated the relevant data.
Unfortunately I didn't bookmark the site, has anyone else got a link?"
You are probably referring to this one ... (it has been updated since 2009) ...
http://www.smalldeadanimals.com/FOIA_Leaked/
If people look at item 6 in this CRU report then they will see there is reference to 3 unnamed researchers and it looks that the Climategate compilation was probably from those 3 only plus anything else of interest found on the server.
http://www.cce-review.org/evidence/Report%20on%20email%20extraction.pdf
The use of thematic inboxes by 2 of the researchers is a clear indication of how the leaker/hacker would have been able to compile emails of interest relatively quickly whist avoiding content of no interest.
Because the server was acting as an email backup for the 3 researchers then we know it was networked which still means an external hack may have been possible. We dont know the physical mode of transport off the server ie did the person have direct physical access or only via the network. I still favour an internal leak myself for other logistical reasons but cant rule out a hack.
I still remain highly amused that one side of the debate are determined that it be a leak and the other side a hack.
So the BBC was still sitting on emails - but just one 'chain' (which one?), not all of them ?
Punkista - the email chain that involved Paul Hudsons blog post in October 2009 that upset a lot of the main Climategate players. Some of the other BBC correspondents were involved in the fallout and apparently Paul Hudson was provided a blind copy by one of those correspondents
BBD
I am suggesting that Jones is the most obvious suspect, that's all. Especially after blowing the whistle to Roger Harrabin.
Let's be clear who is really involved in these investigations. David Kelly thought he was too public a figure to be in danger, and believed that repeating the warning about being 'found dead in the woods' to a friend, would at least let us know who was responsible. He was wrong. He committed suicide. We all know that, just like we know that nothing suspicious came out of the climategate emails.
Jones (or whoever was responsible) will do what he is told from now on. Jones was suicidal for a while, but he's fine now.
Shub - I believe the hack into Realclimate was real as demonstrated by the attempt to link to the file at RC from Climateaudit. Whoever made this post knew in advance what was going on.
http://climateaudit.org/2009/11/16/luckman-at-the-canadian-society-for-petroleum-geologists/#comment-201848
This predated the actual widespread breaking of Climategate by Steve Mosher at Lucia's and the Airvent.
I dont buy into the conspiracy theory that Realclimate invented the story for purposes of misinformation. I do buy into the theory that whoever did attempt to load the file at RC has a sense of humour!
P.S.
I don't believe a British intelligence officer killed David Kelly.
Climategate is definitely a matter of British national security (trillions of dollars in carbon trading revenue for the City of London) and I know from the (separate) experiences of a couple of friends that the security services (Special Branch) are much more active than you might think.
They make it crystal clear there is no one who can protect you. That's when I gave up political activism !
@clivere
Thanks for the links to the Hudson blog.
Dec 26, 2010 at 2:11 PM | Unregistered Commentere smith
Interesting thoughts, made me think what would have happened if there was no leak. How many FOIR were outstanding, and how much of the information that was leaked, would have to have been released anyway, with zero "plausible deniability".
In other words, from a PR, and message management perspective, how much easier was it to handle a "hack" than to face the FOIR music?
enquiring minds want to know!
@Frosty
Interesting idea. One slight flaw: do you believe that Trevor Davies or Acton are capable of such a cunning plan?
clivere,
I am aware of the timeline, thanks anyway.
Google "realclimate hack" and you will find this storyline repeated many times:
This is what Phil Jones said after the leak:
There is simply a mismatch there. Add this to Gavin's duplicate email sending to Jeff Id,...it does not add up too.
That said, I am not in favor of any RC-originating disinformation on this account as well - too complicated and conspiratorial.
Secondly, it is hard to imagine a skeptic, knowledgeable in networks, knowledgeable in some rudimentary form of hacking enough to carry out the supposed RC hack, and, enough of a CRU insider and big enough, for the police to not sacrifice him or her in the establishment's interests.
Shub
The fact that Paul Hudson of the BBC wrote "I was forwarded the chain of e-mails on the 12th October" suggests to me that the Realclimate hack was an attempt to cover up the reality of an inside job.
http://www.bbc.co.uk/blogs/paulhudson/2009/11/climategate-cru-hacked-into-an.shtml
It was seriously suggested in the British corporate media that it was the Russians who were behind Climategate.
http://www.telegraph.co.uk/earth/copenhagen-climate-change-confe/6746370/Climategate-was-Russian-secret-service-behind-email-hacking-plot.html
http://www.timesonline.co.uk/tol/news/environment/article6946385.ece
That has the hallmarks of an intelligence operation. which fell on its face when Paul Hudson revealed the fact that the information had actually been released a month before and not through an single evil hacking operation.
Shub - not sure why you believe there is a mismatch in those statements you quoted. Gavin may have simply neglected to email a 60meg zip file to CRU.
The message was posted at CA using a proxy with an expectation the file would be on the RC website and in advance of anyone else having knowledge of what was going on.
Unless we go into conspiracy theories of RC misdirection by them posting the message at CA themselves then for me it remains confirmation that someone got sufficient access to RC to place a file there.
If Norfolk Constabulary PR department are reading this - hello!
This isn't going to go away you know, there's too much at stake -really- , and one of the things that is at stake here is the reputation of your force.
At a time when police forces across the UK are struggling to maintain the respect and co--operation of the communities they operate in I'd suggest that your present stance on the CRU email release isn't tenable or consistent with your duty.
This matter relates to a fraud of epic proportions and your organisation is a participant in the exposing and dismantling of that.
The perception that colluding with wrongdoers for reasons of "sensitivity" does nothing, nothing at all to enhance public confidence in your organisation - chew on that a bit...
Mactheknife wrote:
"Just a thought....it would be interesting to see if any employees had left the CRU in the months after climategate ? That might provide some answers."
Even if the UEA and the Norfolk police have a fairly good idea of who it was who leaked the emails it is quite possible that he or she has kept their job. When Lyndon Johnson was the president of the United States he would have liked to have fired J. Edgar Hoover, the boss of the FBI, but decided not and expressed his reason in very colourful language:
"It's probably better to have him inside the tent pissing out, than outside the tent pissing in."
Perhaps the UEA and the CRU know that there are other equally embarrassing emails that have not yet been released and therefore they are wary of sending the culprit "outside the tent" in case he turns and starts pissing in!
@Roy
Or has anybody on their employ received recent favourable treatment..a promotion to light duties perhaps? Back in the summer the oleaginous Davies made much of the employer's duty of care to its employees as a reason for UEA's inaction. Perhaps what he meant was just keeping them sweet.
clivere,
If Gavin informed CRU right away,what more did Jones need? What did he wait for? How come he did not go to the cops immediately? Did Gavin go to the cops immediately?
In other words, the official Realclimate account - of immediate discovery and deletion - does not ring true; - we don't have the whole picture. The parts we have could be true, but it appears that is not the whole picture.
:shrugs:
It’s tempting to say that UEA is just another shambles on the IT front but it’s simply not true. Their IT department provides extensive services to 14,000 students and lecturers. That is large-scale and industrial level computing which cannot be achieved without a professional approach to the task. They’ve also had a couple of decade’s experience handling attempts by students to monkey around with their systems. They know how to pin down systems and data.
Pointman
re Pointman
But then UEA's IT people have to deal with their users. Users that 'know what they're doing' are the biggest threat to IT security as the Russell review pointed out-
http://www.cce-review.org/pdf/MR%2018%20Dec%20final%20IT%20Personnel.pdf
The best policies and practices won't have helped protect CRU, if CRU chose to do their own thing as they seem to have been allowed to do, with the inevitable consequences.
Atomic's point is a good one. CRU have their own dedicated IT Manager - Mr Mike Salmon. As one myself, I expect he has a great deal of latitude in what he does and how he looks after the CRU systems,
See http://www.cru.uea.ac.uk/cru/people/
Dec 26, 2010 at 4:57 PM | Unregistered Commenter AJC
Interesting idea. One slight flaw: do you believe that Trevor Davies or Acton are capable of such a cunning plan?
Now that's plausible deniability!
IMO Davies is capable of doing no more than following His Masters Voice. Like Nipper the Terrier, along with the slavering. Original thought is not for him.
But Acton may use his persona as a loathsome bumbling slimy bureaucrat to hide a certain ratlike cunning. Even at UEA you surely need to have some intellectual qualities to become Vice Chancellor.
Re Latimer
In a 'faculty' system, he may not though and it's a problem I've seen where there have been budget holders trusted to look after their own IT implementation. If security or IT wasn't a priority for CRU then there'd be competition for funds. So CRU may have preferred to spend admin budgets on jollies or conferences rather than a decent security or archival system. Too often IT's seen as a cost centre or business inhibitor, until an event like this happens and then it's IT's fault for not preventing it. Hopefully Mr Lockwood has previous IT plans and budget requests showing how he'd asked for funding, but been denied it. With businesses currently busily slashing budgets and outsourcing IT, it's probably happy days for hackers and industrial espionage. Lots of companies busily replacing people that know the business and networks with outsourced labour that doesn't, and doesn't have the same responsibility or duty of care. Not good for business. Or finding me a job :p
"IMO Davies is capable of doing no more than following His Masters Voice. Like Nipper the Terrier, along with the slavering. Original thought is not for him."
Its interesting to speculate on whose watch the real rot set in. I would suggest undoubtably not Lamb's, perhaps partially under Wigley (remember his why why why ... my watch e-mail to Jones) then we have Davies who seems to have quickly grabbed the passing greasy pole of administration leaving the CRU to Jones(+) and Jones. Trevor Davies is deeply embedded in this saga - and any attempted cover-up. Your description of him is probably very inaccurate.
"But Acton may use his persona as a loathsome bumbling slimy bureaucrat to hide a certain ratlike cunning. Even at UEA you surely need to have some intellectual qualities to become Vice Chancellor."
But Acton has had now direct CRU involvement - Trevor Davies is the link man to the "science". Jones appears to be too weak a character and probably a liability to .Davies and Acton.
What I don't understand is that the University Court and the Visitor don't seem to be awake - the VC is after all only an executive. The Visitor is probably Vince Cable so that might explain something!
"Leads??! Oh yeah, pal, we're wearin' out shoes tracking down the teenagers that boosted your car. (snort) Leads..."
I pot this on Pointman's blog earlier - ajc.
I guess that you are not too familiar with the development of “IT” in many universities.
For a “research” group like CRU it is almost certain that its computing effort was provided, for many years at least, internally on research funded equipment and staff possibly as a “hobby” overseen by one of the long term researchers.
Over many years centralised IT service provision would have lagged the group’s requirement. More recently the provision of IT for the masses will have been the primary focus of the IT service – not providing support for specialist research requirements
So its quite probable that CRU have been “running” their own show for most of their history
The quality of the code fragments which have leaked and the excuses about being unable to to resource even minimal change/version control with their datasets does indeed indicate that CRU “is just another shambles on the IT front”: it just shouts lack of professionalism – and I would guess that this applies more widely within UEA .
I agree entirely with your assessment, AJC. I came to the same conclusion months ago when I first read the Harry Read Me files.
I actually understand university computer systems very well. The "development of “IT” in many universities" is similar to the development of IT an any initially small organisation. When there''s ten or fewer employees or whatever, a 'talented' amateur can cope. When the numbers grow towards 50 odd and there's no standardisation, it's impossible. When it's approaching the hundreds, the thing grinds to a halt. When you get into the 14,000, the whole organization has long ago ground to a halt unless you've got professional.
The oldest rule of IT applies; the business owns the data but IT owns the systems. Anyone within a large organisation who wants to run their very own systems, no matter what their budget, becomes a board / governance problem. No IT department will provide any support to another department who insists on doing their very own IT thing and that's always the end of that idea. Let's get sensible here.
Pointman
Here is some extracts that I posted on our local blogs here in Australia and over at JeffID's the Air Vent.
I posted here in your blog about a week ago, that the whistle blower had left clues to his or her identity .
Check out the movie “Peer Review 1945”
It was posted on YouTube on the 17th November. Time and dates are important here.
I myself was on “The Air Vent” web site reading the posts on the “Open Letter On Climate Legislation” when the link from FOIA to http://ftp.tomcity.ru/incoming/free/FOI2009.zip was up, message 10. That link was posted on the 17 November at 9:57 PM.
When I tried the link it was dead. But later FOIA DATA MIRROR on the 20 November at 12:59 AM posted a new link to http://www.megaupload.com/?d=XD050VKY This link still works.
Now Andrew, you tell me, how did the poster of the movie know what was in the emails before the files were publicly available on the net ?
But there is more. Have a look at the name of the poster at YouTube, “indusieumgresium” made up of two Latin words. Indusieum and gresium” both words have references to botany and biology. Botany, trees, tree rings ??
I have found many meanings but come back to some which suggest a grey protective layer. Also a layer to protect the sorus eg “In fungi and lichens, the sorus is surrounded by an external layer” ( indusieumgresium ).
(George Soros (pronounced /sorous/) another link ??
Also the poster of “Peer Review 1945” says he / she is 29 years old.
And some more,,,
One question has always puzzled me is, How did “indusieumgresium” get to post the video clip “ Peer Review-1945.ca” on YouTube on the 17 November. Given what has been said here, there seems to me to be no time available to source the original video clip, install the sub titles, which refer directly to the goings on in the UEA-CRU, and get it posted. Unless “indusieumgresium” was the “whistleblower”.
I have asked this question many times on the blogs and have never had any interest shown, even though the word “indusieumgresium” as made up of 2 Latin words used in botany. (trees, tree rings etc.)
Remember, when it's Tuesday in Australia, it is still Monday in most parts of the world.
Some food for thought, I think it was Briffa with some help.
I think Scientific Peer Review, ca. 1945 on Youtube has nothing to do with Climategate. If only because it talks about the reviewers demanding another experiment.
Climate scientists don't do "experiments".
Dec 28, 2010 at 12:01 PM | Unregistered CommenterChris in Hervey Bay
"Check out the movie “Peer Review 1945”
It was posted on YouTube on the 17th November. Time and dates are important here."
paste from youtube: indusieumgresium | 19 November 2009 | 914 likes, 60 dislikes
seems two days is a long time in blogland...
the name connection you highlight also seems unlikely given...
http://www.mail-archive.com/tips@acsun.frostburg.edu/msg32482.html
"As a bit of trivia, I see that the author of the "peer review" spoof
signs himself as "indusieumgresium". This is one of my
favourite places in the brain [the induseum griseum], because it
sound so silly, second only to the oxymoronic "substantia
innominata".
The choice of pseudonym plus his/her reference to N.I.H.
(National Institutes of Health) suggests the author is a
neuroscientist, one with a sense of humour and one too many
rejection letters. "
HTH.
One last thought: It occurred to me yesterday that the Norfolk Constabulary may be the only UK officials who have actually read the Climategate papers. If so, their apparent lack of enthusiasm is perfectly understandable. They're expected to wade through the odious morass of the UEA CRU in search of someone with a smudge on his/her fingers.
@senter (@Pointman)
An interesting thesis that the larger the organisation the fewer mistakes!
Leaving that aside, I don't believe that the leak was the result of direct external penetration but quite possibly that sloppy practices within UAE/CRU might have exposed CRU mailboxes and code (perhaps via an unconstrained anonymous ftp server on a system with wider access).
To return to the small company analogy. Universities are rather different in their organisation. Central IT services often came rather late when computing (and computers) were deeply entrenched in departmental/faculty research (and teaching) and for quite a few years central systems were funded almost exclusively to support research. Your 14,000 users are almost certainly supported within a monoculture (which brings its own risks) set apart from research and some specialised teaching.
We know that CRU has recently had its own IT manager - what was it like before that? I would guess that little has changed till very recntly. We know that their "sciemce" was (certainly became) sloppy, their statistics amature (at best) , the quality of the code and data management pathetic so I surmise that everything indicates that CRU “is just another shambles on the IT front”.