This is a briefing document that was issued to journalists at a press conference earlier today. It contains background information on the Climategate inquiry and the decision to close it down.

Operation Cabin

Background Information

Introduction

Operation Cabin is the name of Norfolk Constabulary’s investigation into the unauthorised data breach at the Climate Research Unit (CRU) at the University of East Anglia (UEA) in Norwich and the subsequent publication of some of this data on the internet.

The publication of the data in close proximity to the COP 15 and COP17 climate change conferences in Copenhagen and Durban appears to have been done in order to influence global debate around anthropogenic climate change.

The investigation has been undertaken by Norfolk Constabulary, with some support from SO15 (Metropolitan Police Counter Terrorism Command), the National Domestic Extremism Team (NDET) and the Police Central e-Crime Unit (PCeU). Technical support was provided by online security and investigation experts,   QinetiQ.

The investigation

The security breach was reported to Norfolk Constabulary by the UEA on 20 November 2009, following publication of CRU data on the internet from 17 November onwards.

An investigation was launched by the joint Norfolk and Suffolk Major Investigation Team (MIT), led by Senior Investigating Officer (SIO) Detective Superintendent Julian Gregory, supported by Detective Inspector Andy Guy as Deputy SIO. Strategic oversight was provided by Gold Group, initially chaired by then ACC Simon Bailey and latterly by ACC Charlie Hall.

Strategy and Parameters

The primary offence under investigation was the unauthorised access to computer material under s.1 Computer Misuse Act 1990.

The aim was to conduct an efficient, effective and proportionate investigation into the circumstances surrounding the unauthorised access with a view to:

• Establishing what data was accessed and/or taken and published
• Establishing who was responsible
• Securing sufficient evidence to mount a successful prosecution if appropriate

Lines of enquiry

At the outset it was not known if there had been a physical breach of security at the UEA or whether the data had been taken as a result of an external attack via the Internet. It was also not known if the offender(s) had connections with or was assisted by members of staff from the UEA and, as a consequence, a number of lines of enquiry were pursued to cater for these eventualities.

Summary of findings

• That the data was taken between September 2009 and November 2009 during a series of remote attacks via the Internet, which accessed an internal back-up server.
• That a large amount of data was taken and subsequently published on the Internet in two separate files in 2009 and 2011. The first was entitled FOIA 2009 and contained 3480 documents, 1000 e-mails and 1073 text files. The second was entitled FOIA 2011 and contained 23 documents, 5292 e-mails and 220,000 files. Much of the data published in FOIA 2011 was protected by an unknown password.
• That the data was not obtained via physical access of the CRU back-up server.
• That there is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.
• The offender (s) had used methods common in unlawful internet activity to obstruct enquiries, by planting a false trail and utilising a series of proxy servers located around the world.
• That the attack was highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity. 

Limitation on proceedings

The Computer Misuse Act 1990 provides a limitation on commencing criminal proceedings in that criminal proceedings must be brought within six months from the date on which evidence sufficient to bring a prosecution comes to light, and that no such proceedings will be brought more than three years following the commission of the original offence

In relation to Operation Cabin, this means that proceedings would need to be commenced in the autumn of this year. This means that the police investigation would need to have been concluded by late summer in order to prepare a case for prosecution within this time constraint. It has been determined that this is an unrealistic prospect.

Resource and costs

The Constabulary carried out a proportionate investigation led by officers from the joint Norfolk and Suffolk Major Investigation Team, with some additional support internally and some assistance also provided by national and external agencies and services.

Officers assigned to this case worked on a number of other investigations simultaneously and, while specific activities relating to this and other investigations may be recorded in their pocket note books, the exact time spent on each activity is not recorded. It is therefore not possible to isolate accurately the overall hours worked by officers and staff on this investigation nor the total salary cost for this.

Over and above this, the cost for over-time and expenses in relation to this enquiry alone has been recorded against a specific cost-code. For the period December 2009 to March 2012 inclusive, this figure stands at £84,871.77.

Further information

Further information in relation to this enquiry has been published by the Constabulary under the Freedom of Information Act.

This material can be found at:

http://www.norfolk.police.uk/aboutus/yourrighttoinformation/freedomofinformation/disclosurelog