Bishop Hill Climategate police inquiry closes
Jul 18, 2012 Climate: CRU This just in from Norfolk Constabulary (H/T Leo H)
Norfolk Constabulary has made the decision to formally close its investigation into the hacking of online data from the Climate Research Centre (CRU) at the University of East Anglia (UEA) in Norwich.
The decision follows a comprehensive investigation by the force’s Major Investigation Team, supported by a number of national specialist services, and is informed by a statutory deadline on criminal proceedings.
While no criminal proceedings will be instigated, the investigation has concluded that the data breach was the result of a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.
Senior Investigating Officer, Detective Chief Superintendant Julian Gregory, said: “Despite detailed and comprehensive enquiries, supported by experts in this field, the complex nature of this investigation means that we do not have a realistic prospect of identifying the offender or offenders and launching criminal proceedings within the time constraints imposed by law.
“The international dimension of investigating the World Wide Web especially has proved extremely challenging.
“However, as a result of our enquiries, we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet. The offenders used methods common in unlawful internet activity to obstruct enquiries.
“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”
The security breach was reported to Norfolk Constabulary on 20 November 2009, following publication of CRU data on the internet from 17 November onwards.
An investigation was launched by the joint Norfolk and Suffolk Major Investigation Team, led by Det Chief Supt Gregory, with some support from the The Met’s Counter Terrorism Command, the National Domestic Extremism Team and the Police Central e-crime Unit, along with consultants in online security and investigation.
The investigation, code-named Operation Cabin, focused on unauthorised access to computer material, an offence under the Computer Misuse Act 1990, which has a three year limit on proceedings from the commission of the original offence. It has been concluded by Norfolk Constabulary, in consultation with The Met, that due to outstanding enquiries this is now an unrealistic prospect.
Norfolk Assistant Chief Constable Charlie Hall, Protective Services lead, said: “Online crime is a global issue. While law enforcement agencies continue to develop our response to emerging threats, it falls upon individuals and organisations to be alert to this and and take steps to mitigate risk as far as is practicable.”
Reader Comments (101)
Will they be giving the server back? Can we FOIA the 'context' we all took things out of?
"the joint Norfolk and Suffolk Major Investigation Team, led by Det Chief Supt Gregory, with some support from the The Met’s Counter Terrorism Command, the National Domestic Extremism Team and the Police Central e-crime Unit, along with consultants in online security and investigation"
An impressive array of entities. I'm sure they'll do better next time. ;)
Andrew
Oh, and we'd like to set up a rather large bureaucracy with a focus on cybercrime, um, outside of normal public scrutiny. We might add that we really didn't look very hard, because it might have caused some discomfort to the wonderful scientists at UEA and to those who participated in the various Inquiries undertaken by paid hacks. Like what did we expect from them? Jeez.....
"a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet"
???
On what basis? It seems they couldn't find anything from within CRU, so they opted for "via the internet". But "carefully orchestrated"? How would they know?
OK, leaker, it's official: they can't work out how you did it. Time for Climategate 3 ...
haha!!!!
The guy's still around and they can't find who he is? (good for him though). Frickin' hilarious.
The release goes on to say:
"At Professor Acton's suggestion, we shipped all e-waste (email servers, thumb drives, etc.) associated with the investigation to Wang's cadmium smelters in Beijing several months ago,..."
"the joint Norfolk and Suffolk Major Investigation Team, led by Det Chief Supt Gregory, with some support from the The Met’s Counter Terrorism Command, the National Domestic Extremism Team and the Police Central e-crime Unit, along with consultants in online security and investigation"
That seems like a lot of man power and effort to investigate the leak of some emails from an academic institution. If I was a UK taxpayer, I'd ask what the justification was for this expense.
How is this even related to "Counter Terrorism" or "Domestic Extremism"?
And exactly what is the price tag?
Well, that took care of that.
We asked the CRU if it was them wot done it and they said they never.
So much for Harry 'Snapper' Organs of the Yard.
This is outrageous and unacceptable.
They are effectively saying:
It was a hacker. We can't prove it. But we know. We can't show you how we know. You can't see the evidence. We're not going to answer any questions. But it was a hack. Honest. Trust us, we're in charge.
Remind you of anyone?
It's a positive parody of the climate scientists and warmist lobby.
There are so many dimensions to this, all of which stink so it is hard to know where to start.
Were it to be proved that it was an outside attack (I dont believe that for a minute) then when does "seeking the truth" become terrorism?
When journalists reveal truth about politicians as in the expenses shambles, this is considered a good thing.
When the hero of Climategate revealed the corruption at the UEA which is part of a multi billion pound scandal, it is terrorism??
Did they really find nothing or are we merely seeing the politically correct explanation?
I find it really sad that at the end of all this I dont trust the police, I dont trust the scientists at UEA and I dont trust the government. The only person who comes out smelling of roses is the hacker/whistleblower.
No evidence to suggest anyone working at UEA was involved?
That is false on its face. There is evidence to suggest that. They should have added some qualifiers to that, like no evidence on the computers, etc.
"The offenders used methods common in unlawful internet activity to obstruct enquiries."
I'd like to have some confirmation from them that this is beyond that FOIA used proxies to distribute the files. Did they find evidence of a hack as far as the theft of files?
I call BS on this one. The selection of emails and files is to refined and focused to be done remotely from outside. The data was clearly collected for FOIA responses by CRU.
How the data was copied is probably unknown, and who posted it in Russia is impossible to track.
But the data is to large and well filtered to be a random data grab. Whoever copied the data, copied the FOIA data CRU had collected, and knew it was just the FOIA data CRU was trying to hold back (for obvious reasons).
It would be nice to see the evidence they have for deciding it was "...a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet."
??? The use of the words "hack" and "unauthorized access" isn't - to my knowledge - fully justified, is it?
Please, can someone explain to me the justifiability of these unambiguous assignments, or can someone, who has good English, ask Norfolk Constabulary for an explanation why they don't write something of the kind like "probable hack"?
There is obviously no sufficient, hard evidence to suggest/claim certainty. If - and the possibility still seems to exist! - that digital material was freely available at a time it was no "hack" and nobody needed an authorization to access the material.
One would hope that UEA has learned its lesson. Clearly centralised e-mail and data storage makes too easy a target for sophisticated and well-orchestrated gangs; they should consider using a more distributed approach!
May I suggest gmail and thumb-drive storage so that individual employees can look after the data themselves?
It would be interesting to get an FOIA request for the the total cost of the investigation. I'm sure they won't be releasing details of the investigation itself, and I'm actually not sure I think that is a bad thing when considered in the broader context of police investigations generally, but the cost would be an indication of how much real investigation was done.
bob
The scientist most criticised in the wake of the e-mail release, CRU research director Prof Phil Jones, said he hoped the announcement "will draw a line under the stressful events of the last two and half years".
...as if CG3 might demonstrate their professional, self effacing, supportive, scientific behaviour.
Ho ho ho. Like my mum says: "He can't be two-faced. He wouldn't wear that one"
“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”
in the same way there is no evidence to suggest that anyone working at or associated with the University of East Anglia was NOT involved in the crime.
AJStrata's statement that the files correspond to pending FOIA requests is incorrect - a point that's been made over and over.
This statement seems to take the idea of a whitewash to a totally new level. - Despite the best efforts of the UK's supposedly elite police cybercrime/terrorism units for nearly three years, they are incapable of saying who did it, or how it was done, but they can categorically rule out any involvement of the UEA or any of its employees. The smell of bullshit is becoming overpowering.
Enough to make you believe in conspiracies ....
A not unexpected outcome. The devil, as they say, is in the detail - which in this case would be the forensic report itself.
So, as there is 'an unrealistic prospect' of prosecution, is the forensic report subject to a FOIA request? Just askin'
It was carefully orchestrated because they could find no trace of it. Well played, sophisticated Internet hackers outside of CRU, well played.
It surprises and concerns me to learn that supposedly crack British counter-terrorist cyber crime fighters are helpless in tracking down the perpetrators of a hack of this sort.
It makes me wonder what they are for.
Someone needs to FOI their receipts to see if they bought carbon credits to offset the production of the smoke they're aspirating our backsides with.
Leaving aside what they might know but aren't saying, the statement is ridiculous on its face. They want to say it was some kind of "international" hack and not an insider. Well done FOIA, whoever you may be.
Yet anyone able to do what "FOIA" could do in terms of how the emails were put out there could easily mimic a "hack" from outside in order to avoid leaving tracks from inside.
If they really have "no evidence" of who or what FOIA is then they should just say that. What they cannot reasonably assert is that it's not an insider. I know, they merely said "no evidence" it was an insider.
What they are really saying is that FOIA could be anyone in the world with the requisite skills, inside or outside of UEA.
So they should simply say that.
Astounding.
Not so much a whitewash as a bucket of the same held up over their own heads for the best part of three years before tipping it over themselves.
Do they have no sense of how they demean themselves by issuing such transparent nonsense?
It makes you ashamed to think that this is the finest the British plod can come up.
Hopeless, useless, embarrassing.
Just sharing a few tweets- Roger Harrabins (BBC) sounds a bit odd.. (climategate act of global sabotage!)
@BarryJWoods
Is it just me? Or do the police sound like a press release the Outside Orgsnisation would have written 2 yrs ago? @leohickman @adissentient
Bishop Hill@aDissentient
@BarryJWoods No, the wording was familiar to me too – the stuff about sophisticated and carefully orchestrated. High entropy. @leohickman
@RogerHarrabin
http://bbc.in/OYGs6T @BBCRBlack Old Bill drops Climategate. If climate science is right the hack will be seen as an act of global sabotage.
Barry Woods@BarryJWoods
Really?you seriously think that? @RogerHarrabin @BBCRBlack meanwhile. Meanwhile.Guardian reports thst chinese Per CAPITA emissions = EU av
http://www.guardian.co.uk/environment/2012/jul/18/china-average-europe-carbon-footprint?INTCMP=SRCH
—–
The reactions to this news story will be fascinating
p.s. It is simply shocking (though not surprising) how placid the journalists and pols are about the use of all these "counter-terrorism" resources for this kind of investigation.
Can one imagine this happening, or all the pols and journalists being so complacent about it, if the same assets were being devoted to, say, an alleged hack-and-release of documents of the GWPF ??? No, it seems apparent that the UEA/CRU climate scientists and their govt patrons have a special status on what merits the protections of counter-terrorism investigators and the "National Domestic Extremism Team" for their computer files.
There is a huge set of issues of (1) "mission creep" as a civil liberties problem where you establish counter-terrorism entities with extraordinary powers and resources which then get applied to other kinds of cases, especially ones with political aspects, and (2) squandering the time and resources supposedly devoted to counter-terrorism (distinct from civil liberties, the issue of why counter-terrorism resources supposed to be protecting the public from bombs on planes and trains etc. are devoted to other, lesser kinds of issues).
One is only likely to think this kind of mis-application of counter-terrorism assets is appropriate if one has a "politicized" view of the matter which elevates the release of Climategate emails to some kind of immense "national security" matter rather than a tussle about academic integrity and whistle-blowing.
So it is inherently a disturbing and "politicized" investigation to utilize counter-terrorism assets in this way, imho.d
Erm - how come the police can have the inside trouser leg measurement of kiddie-fiddlers in a matter of moments from a whole invisible "shadow" web, now they are saying they can't find out who obtained files from CRU ?
And how did they explain the FOIA.ZIP file name ?
Or the message from Climategate 2 ?
Or indeed what happened to tallbloke's PCs ?
Of course you are all under the assumption the police was after the truth from the start. Fatal mistake, the end result is exactly what they wanted it to be.
Mailman
Thanks for just reporting the facts, Andrew. However, you left out a couple:
-- Climategate 1.0 and – particularly 2.0 – proved nothing other than the mendacity of those who want to discredit climate science and scientists (i.e. the security breach [singular] was not the act of an internal whistleblower).
-- Apart from some understandable frustration with FOI requests and poor housekeeping by scientists, the actual science they had done has been repeatedly vindicated (both by inquiries into the emails and ongoing events in the real world).
http://lackofenvironment.wordpress.com/2012/02/27/climategate-2-0-the-final-nail-in-the-coffin-of-climate-change-denial/
I don't get why people are so keen on the idea that it wasn't a hack. Seems like a hack to me. So what?
"a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’."
False on its face.
1. Not "data files", but the email server. Totally different thing. And not an attack; nothing was disturbed, garbled, or deleted. (Not that CRU has any data files, anyway. Philbert lost 'em all in his terminally messy office. And mind.)
2. FOIA carefully purged the email addresses of both senders and receivers throughout. A dastardly criminul international hacker did that? Pull my finger ...
3. FOIA explains his purpose, to force some ethics and transparency where little or none exists. And warns of far larger releases (via password for existing widely disseminated files) if things don't shape up. This is an insider's motivation, not an external hacker's.
The Constabulary have laid an ostrich-sized but dead and putrid egg.
Martin Lack
I almost took your comment seriously until I saw, "....the actual science they had done has been repeatedly vindicated (both by inquiries into the emails ......"
You obviously haven't read any of the inquiry reports otherwise you would know that not one of them actually looked into the actual science.
If you have an open mind then I challenge you to read this report on the Climategate Inquiries
http://www.rossmckitrick.com/uploads/4/8/0/8/4808045/rmck_climategate.pdf
Didn't the ICO say the same thing in a similar case where criminal activities became statute-barred?
Martin Lack,
"-- Climategate 1.0 and – particularly 2.0 – proved nothing other than the mendacity of those who want to discredit climate science and scientists [...]
-- Apart from some understandable frustration with FOI requests and poor housekeeping by scientists, the actual science they had done has been repeatedly vindicated..."
Oh god. Really? Why would you even bother? Is your mum going to read this, and be impressed by your input? I'm struggling to think of another reason why you would bother to come here and type those words. A drunken bet, maybe.
P.S. Mendacity. Boy, has that word gained a new lease of life. I know it's all the flavour here in climate-comment land, but really. Can we not go back to using words like "lying"? Lots of people on either (and every) side like to sound fancy with their words. It's not impressive. It's "obfuscating". Which is another irritating word in the same category. People who try to impress by using obscure words... not impressive.
Perhaps just Google Martin Lack environment prof lindzen
I'd suggest that one should be careful not to jump to conclusions just because the release does not agree with one's own idea of what took place. Reading many of the comments here, it is pretty easy to find fodder for the argument people here are nutter conspiracy theorists. Exactly why would the police want to participate in a particular story line? It is not hard to believe they checked out the UEA servers and individuals at the organisation and determined that it did not originate internally. While that does not completely eliminate the possibility of an employee accessing from outside under a different entity, such an action can accurately be described as hacking.
MikeC I think raises the best point. Were I British taxpayer, my issue would be why something like this rates investigation when there is obviously other, more serious, cyber crime to be concerned about.
Thanks Barry.
Mr Lack:
"Education:
St Albans School, Hertfordshire, 1976-1983.
BSc (Hons) in Geology (Portsmouth), 1983-1986.
MSc in Hydrogeology (Birmingham), 1989-1990.
Postgrad. Cert. in Education (Keele), 1998-1999.
MA in Environmental Politics (Keele), 2010-2011."
It's like a recipe.
According to the logic of this PR stunt, the following statement is also true.
We have investigated the delivery of presents on 25th December. As a result of our enquiries we can say, with certainty, that the presents were delivered as part of a global conspiracy. The individual responsible is a white-bearded gentleman dressed in a red suit. We have amassed incontrovertible evidence which proves this. The evidence, however, is not enough to convict the gentleman in a court of law, or available for the general public to examine.
This clearly lays the matter to rest. Any reasonable person should now be sure that Father Christmas exists
Norfolk Police
18th July 2012
David Lilley - I have an open mind about stuff that is uncertain. ACD is not in that category.
James Evans - What does your recipe make - conspiracy cake?
I trust that when UEA receive their server back, they do not promptly "wipe it".
I reckon an FOI for all emails contained on this server is in order and quickly.
Since nobody actually wanted to catch the leaker anyway, the cover statement is largely irrelevant, though to my mind I consider it to be misleading. Unfortunately for UEA et al, there is still the password-protected archive, delivered into the public domain by CG2.
Pointman
Lack,
"James Evans - What does your recipe make - conspiracy cake?"
No, just dullness. Why would any decent conspiracy take the time to enroll you?
I had a look at Martin Lack's blog and thought his description of his MA dissertation was something that many here might find illuminating.
I think further comments from me would be superfluous.
More about my chosen MA dissertation topic:
“A Discourse Analysis of Climate Change Scepticism in the UK“
Abstract: Discourse analysis is understood in the sense proposed by John Dryzek (2005) that it involves the textual assessment of (a) basic entities recognised or constructed; (b) assumptions about natural relationships; (c) agents and their motives; and (d) key metaphors and rhetorical devices used. As a piece of social science research, no attempt is made to prove or disprove the validity of the scientific consensus view that climate change is happening and that human activity is its primary cause. However, this reality has been assumed solely in order to analyse the views of climate change sceptics that dispute it. To this end, the philosophical roots of scepticism; its possible misappropriation for ideological reasons; and the psychological causes of denial are reviewed. In this context, based on the finding of numerous researchers that conservative think-tanks (CTTs) often act as the primary driving force of campaigns to deny environmental problems, the output of such UK-based CTTs is analysed, along with that of scientists, economists, journalists, politicians and others. Whereas the majority of CTTs analysed dispute the existence of a legitimate consensus, and the majority of sceptical journalists focus on conspiracy theories, the majority of scientists and economists equate environmentalism with a new religion; whereas politicians and others analysed appear equally likely to cite denialist and/or economic arguments for inaction. However, because of the economic and political realities of the world in which we live, politicians will not take any action that will be unpopular with business interests and/or the wider electorate. If so, Peter Jacques (2009) would appear to be right to conclude that anti-environmentalism (i.e. environmental scepticism) needs to be exposed as being “in violation of the public interest”.
“I would love to see your thesis when it is complete, sounds very interesting…” (Peter Jacques, August 2011).
Martin Lack has recently started spamming the climate skeptic sites with inflammatory rhetoric on the hopes of increasing traffic at his Joe-Romm-style blog (his long-winded and bilious posts get very few comments). He has demonstrated zero interest in the actual science or in reasoned debate. The best thing to do is to ignore him.
Matt Skaggs,
"The best thing to do is to ignore him."
From my perspective, I disagree. He forms such a perfect, easy target, that the best thing to do is have a go, and have tremendous fun doing it.
When someone who isn't overly bright sticks their oar in... surely we're allowed to have a bit of fun.