Seen elsewhere
The calendar

Click to buy!

Support

 

Twitter
Buy

Click images for more details

Recent comments
Recent posts
Currently discussing
Links

A few sites I've stumbled across recently....

Powered by Squarespace
« Operation Cabin Q&As | Main | Unequal and opposite reaction »
Thursday
Jul192012

More from Norfolk Constabulary

This is a briefing document that was issued to journalists at a press conference earlier today. It contains background information on the Climategate inquiry and the decision to close it down.

Operation Cabin

Background Information

Introduction

Operation Cabin is the name of Norfolk Constabulary’s investigation into the unauthorised data breach at the Climate Research Unit (CRU) at the University of East Anglia (UEA) in Norwich and the subsequent publication of some of this data on the internet.

The publication of the data in close proximity to the COP 15 and COP17 climate change conferences in Copenhagen and Durban appears to have been done in order to influence global debate around anthropogenic climate change.

The investigation has been undertaken by Norfolk Constabulary, with some support from SO15 (Metropolitan Police Counter Terrorism Command), the National Domestic Extremism Team (NDET) and the Police Central e-Crime Unit (PCeU). Technical support was provided by online security and investigation experts,   QinetiQ.

The investigation

The security breach was reported to Norfolk Constabulary by the UEA on 20 November 2009, following publication of CRU data on the internet from 17 November onwards.

An investigation was launched by the joint Norfolk and Suffolk Major Investigation Team (MIT), led by Senior Investigating Officer (SIO) Detective Superintendent Julian Gregory, supported by Detective Inspector Andy Guy as Deputy SIO. Strategic oversight was provided by Gold Group, initially chaired by then ACC Simon Bailey and latterly by ACC Charlie Hall.

Strategy and Parameters

The primary offence under investigation was the unauthorised access to computer material under s.1 Computer Misuse Act 1990.

The aim was to conduct an efficient, effective and proportionate investigation into the circumstances surrounding the unauthorised access with a view to:

  • Establishing what data was accessed and/or taken and published
  • Establishing who was responsible
  • Securing sufficient evidence to mount a successful prosecution if appropriate

Lines of enquiry

At the outset it was not known if there had been a physical breach of security at the UEA or whether the data had been taken as a result of an external attack via the Internet. It was also not known if the offender(s) had connections with or was assisted by members of staff from the UEA and, as a consequence, a number of lines of enquiry were pursued to cater for these eventualities.

 

Summary of findings

  • That the data was taken between September 2009 and November 2009 during a series of remote attacks via the Internet, which accessed an internal back-up server.
  • That a large amount of data was taken and subsequently published on the Internet in two separate files in 2009 and 2011. The first was entitled FOIA 2009 and contained 3480 documents, 1000 e-mails and 1073 text files. The second was entitled FOIA 2011 and contained 23 documents, 5292 e-mails and 220,000 files. Much of the data published in FOIA 2011 was protected by an unknown password.
  • That the data was not obtained via physical access of the CRU back-up server.
  • That there is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.
  • The offender (s) had used methods common in unlawful internet activity to obstruct enquiries, by planting a false trail and utilising a series of proxy servers located around the world.
  • That the attack was highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity. 

Limitation on proceedings

The Computer Misuse Act 1990 provides a limitation on commencing criminal proceedings in that criminal proceedings must be brought within six months from the date on which evidence sufficient to bring a prosecution comes to light, and that no such proceedings will be brought more than three years following the commission of the original offence

In relation to Operation Cabin, this means that proceedings would need to be commenced in the autumn of this year. This means that the police investigation would need to have been concluded by late summer in order to prepare a case for prosecution within this time constraint. It has been determined that this is an unrealistic prospect.

Resource and costs

The Constabulary carried out a proportionate investigation led by officers from the joint Norfolk and Suffolk Major Investigation Team, with some additional support internally and some assistance also provided by national and external agencies and services.

Officers assigned to this case worked on a number of other investigations simultaneously and, while specific activities relating to this and other investigations may be recorded in their pocket note books, the exact time spent on each activity is not recorded. It is therefore not possible to isolate accurately the overall hours worked by officers and staff on this investigation nor the total salary cost for this.

Over and above this, the cost for over-time and expenses in relation to this enquiry alone has been recorded against a specific cost-code. For the period December 2009 to March 2012 inclusive, this figure stands at £84,871.77.

Further information

Further information in relation to this enquiry has been published by the Constabulary under the Freedom of Information Act.

This material can be found at:

http://www.norfolk.police.uk/aboutus/yourrighttoinformation/freedomofinformation/disclosurelog

 

PrintView Printer Friendly Version

Reader Comments (55)

Operation Cabin... cabin!...cabin?... Is that where one holes up to avoid the worst of the storms?

Jul 19, 2012 at 2:12 PM | Unregistered CommenterTony Hansen

Also, for such a failed and evidence free investigation, stretching to impute motive appears a bit rich:

"The publication of the data in close proximity to the COP 15 and COP17 climate change conferences in Copenhagen and Durban appears to have been done in order to influence global debate around anthropogenic climate change."

Jul 19, 2012 at 2:28 PM | Unregistered CommenterGeckko

Bear in mind that the Association of Chief Police Officers, being a company limited by guarantee, is not subject to the FOIA.

Jul 19, 2012 at 2:42 PM | Unregistered Commenterspartacusisfree

The link at the end is from their document, but it currently goes to a missing page. I found their FOI stuff for UEA with a few clicks.

Not all the information from their document has come through the copy/paste, not sure why (eg the summary of findings is empty).

Their document is in docx format, I'm using an older version of Word and needed to download the Microsoft compatibility pack to open it properly:
http://www.microsoft.com/en-us/download/details.aspx?id=3

Jul 19, 2012 at 2:44 PM | Unregistered Commenterredc

redc - give us a clue?

Jul 19, 2012 at 2:51 PM | Registered CommenterMartin A

On the FOI requests?

The PDF file is here with the summary of the 25 FOI requests for Operation Cabin. A link to each is in the PDF.

(it downloaded without an extension for me - like their "operations" document - I had to add the .PDF extension manually)

Jul 19, 2012 at 3:00 PM | Unregistered Commenterredc

Redc, dowload LibreOffice. It handles docx with no problems.

Jul 19, 2012 at 3:03 PM | Unregistered CommenterCumbrian Lad

Ok, reading that, I guess we can all now agree, that UEA was cracked and that the material was not leaked by a whistle blower.

Nevertheless, it does not diminish the seriousness of the climategate material.

Jul 19, 2012 at 3:18 PM | Registered CommenterVieras

This document is devoid of real info, and chock full of careful wording.

That the data was taken between September 2009 and November 2009 during a series of remote attacks via the Internet, which accessed an internal back-up server.

'Remote attacks' is meaningless hyperbole. It translates as 'via the internet'. This sentence is consistent with someone finding an unprotected ftp server containing info which they helped themselves to.

That a large amount of data was taken and subsequently published on the Internet in two separate files in 2009 and 2011. The first was entitled FOIA 2009 and contained 3480 documents, 1000 e-mails and 1073 text files. The second was entitled FOIA 2011 and contained 23 documents, 5292 e-mails and 220,000 files. Much of the data published in FOIA 2011 was protected by an unknown password.

Err… We know this. Everyone knows this. This is what you're supposed to be investigating.

That the data was not obtained via physical access of the CRU back-up server.

Err… We know this. And, again, it's legal jargon. It simply means someone didn't copy the files onto a thumb drive or DVD. That's all.

That there is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.

So we'll take your word for that then.

The offender (s) had used methods common in unlawful internet activity to obstruct enquiries, by planting a false trail and utilising a series of proxy servers located around the world.

You mean like anyone protecting their IP address routinely does?

That the attack was highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity.

Translation: We have no idea what happened. This means one of three things:
1. FOIA is a world class hacker and the phenomenal resources of the MET (£84K) wasn't enough to catch them or,
2. FOIA is just careful and the plod are incompetent (or didn't try very hard to catch them) or,
3. FOIA isn't a hacker at all, and they know who he is, but it's too embarrassing to arrest them.

Jul 19, 2012 at 3:37 PM | Unregistered CommenterStuck-record

So if there is a time limit, does FOI/? just sit and wait ?

Jul 19, 2012 at 3:46 PM | Unregistered CommenterMorph

Correct URL for disclosure logs

http://www.norfolk.police.uk/aboutus/yourrighttoinformation/freedomofinformation/disclosurelog.aspx

Jul 19, 2012 at 3:50 PM | Unregistered CommenterAnthony Watts

Notice that they aren't saying how much the investigation cost, apart from £84K specific items. It beggars belief that they don't actually know how much it cost - this is obviously a formula used to make sure the public's thirst for knowledge remains unsatisfied.

Jul 19, 2012 at 3:57 PM | Unregistered CommenterDavid C

Am I correct in thinking that some UEA FOI requests were turned down as the police had got the server ('the dog ate my homework')? If so, is someone on top of this?

Jul 19, 2012 at 3:59 PM | Unregistered CommenterDavid C

"The publication of the data in close proximity to the COP 15 and COP17 climate change conferences in Copenhagen and Durban appears to have been done in order to influence global debate around anthropogenic climate change."

So they no nothing but are supplying a motive?

This looks like the hand of a PR agency

Jul 19, 2012 at 4:11 PM | Unregistered Commentersankara

An alternative explanation is that Norfolk's finest are trying to lull the culprit into a false sense of security, so that when FOIA 2012/3 is released, they hope to pounce.

Jul 19, 2012 at 4:23 PM | Unregistered CommenterJoe Public

Summary:

'Whoever did it was ever so clever and we couldn't find them. And nobody in UEA fessed up'

Jul 19, 2012 at 4:36 PM | Unregistered CommenterLatimer Alder

Any mention as to why officers searched Tallbloke's house and laptops with a warrant?!

Jul 19, 2012 at 4:40 PM | Unregistered CommenterZT

Summary: 'Whoever did it was ever so clever ruling out UEA inhabitants.'

Jul 19, 2012 at 4:45 PM | Unregistered CommenterZT

Any mention as to why officers searched Tallbloke's house and laptops with a warrant?!
Jul 19, 2012 at 4:40 PM ZT


No but presumably because CG2 was announced on Tallbloke's blog and they imagined that FOIA might have left evidence there.

Jul 19, 2012 at 4:46 PM | Registered CommenterMartin A

Since CRU and Plod know that its only a matter of time before CG3 hits the fan they might as well release the rest of the emails now.

Jul 19, 2012 at 5:05 PM | Unregistered CommenterAlan Reed

This is the sentence I find most interesting. Can you guess what’s missing, to make it suitably ambiguous?

“The offender (s) had used methods common in unlawful internet activity to obstruct enquiries, by planting a false trail and utilising a series of proxy servers located around the world.”

Yes, it’s a time point. Are we talking here about a hack from behind proxy servers, in a supposed frontal assault to get the data, or the dissemination of the material in CG1 and CG2? Wonderfully vague stuff but it keeps the hack meme alive and well.

http://thepointman.wordpress.com/2010/12/17/why-climategate-was-not-a-computer-hack/

Pointman

Jul 19, 2012 at 5:11 PM | Unregistered CommenterPointman

Very good spot, Pointman.

Jul 19, 2012 at 5:14 PM | Unregistered CommenterStuck-record

Clearly Inspector Knacker (alias Clouseau) was way out of his depth.

However if we accept that it was a hack and not a leak, then I am saddened that there was/is no one at CRU with a conscience - I had hoped there might have been.

Jul 19, 2012 at 5:45 PM | Unregistered Commenterphilip Foster

I would be interesting to know the detail of how they can be sure that -

A) The files weren't copied locally.
B) The hack came from the internet.

If they have the level of sophistication in their security that they can be absolutely sure of this, they would almost certainly have detected the attack / theft as it happened or shortly afterwards.

What seems more likely to me, is that they are guessing or making huge assumptions and dressing it up as certainty.

Jul 19, 2012 at 6:31 PM | Unregistered CommenterBuck

Can anyone come up with a plausible explanation of why alleged hackers of such alleged sophistication would have targetted CRU in the first place? Of all the servers in all the world, why the CRU's? To me, the chances of anyone going after these files without inside knowledge of what they contained and what they were looking for seems so remote (no pun intended) as to be incredible. The Norfolk plod have made themselves look extremely stupid.

Jul 19, 2012 at 6:45 PM | Unregistered CommenterDaveS

Cabin fever

Jul 19, 2012 at 7:15 PM | Unregistered CommenterAnoneumous

Jul 19, 2012 at 6:31 PM | Buck

"they are guessing or making huge assumptions and dressing it up as certainty".

Hmmm ... now why should that remind me of Climate "science" and the IPCC !!!

Jul 19, 2012 at 7:26 PM | Unregistered CommenterMarion

Well it seems I'm not as cynical as other posters and I would take the statement mostly at face value. I'm deducing that they must have been able to view the server logs (recording all logins/file transfers of the particular files) to say what they did about more than one proxy server. The emails in the first CG release were not very old so it's likely that the server logs (or backups) were still current enough for them to trawl through.

Of course for RC/FOIA/Whistleblower it's trivial to do all this from the outside and remain anonymous, it could've been anything from lax security to an unpatched server vulnerability.

Obviously the plod don't want to say that they have absolutely no idea, the question of whodunnit is still just about anybody.

Jul 19, 2012 at 8:19 PM | Unregistered Commenterredc

'That the attack was highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity.'

So they have no idea who did it or how, because it was so sophisticated and he/they was/were so competent in concealing his/their activity.

Rather insulting perhaps, that they thus conclude, or at least infer, that UEA staff/associates are not involved?

Jul 19, 2012 at 8:23 PM | Registered CommenterPharos

Pharos,
Lol, anyone within CRU/UEA with any relevant skills could be relieved not to be under suspicion but also deeply insulted to be thought so utterly incapable....

Jul 19, 2012 at 8:46 PM | Unregistered CommenterSkiphil

At least all the Climategate enquiries have been "consistent".

Consistent with other masterpieces of the art, like Widgery on Bloody Sunday.

I reckon the fact that decisively nipped the "inside job" hypothesis in the bud was the obvious fact that Jones, Briffa and the rest of them were self evidently more nitwitted than even the plod.

But they don't seem to have considered by far the most likely scenario. One of the CRU geniuses stashed it all onto a computer without proper security. There for any reasonably bright 15 year old to stumble across.

Jul 19, 2012 at 9:00 PM | Unregistered CommenterMartin Brumby

Hmmm ... maybe they're not so certain after all ... from the Q&A at the press conference:

Can you describe what investigations you undertook at the UEA and who you interviewed there?

The focus internally was on the IT infrastructure and working out from there. We also looked at people working at or with connections to the Climate Research Unit and, in simple terms, we were looking for anything obvious. All members of staff were interviewed. If someone had some obvious links or had an axe to grind, then that might have been a line of enquiry.

Generally speaking, it was a screening exercise which did not provide any positive lines of enquiry.
Whilst - because we have not found the perpetrators - we cannot say categorically that no-one at the UEA is involved, there is no evidence to suggest that there was. The nature and sophistication of the attack does not suggest that it was anyone at the UEA. [emphasis added -hro]

Perhaps their "results" were affected by yet another "screening fallacy" ;-)

Jul 19, 2012 at 9:15 PM | Registered CommenterHilary Ostrov

Do we take it from

"Much of the data published in FOIA 2011 was protected by an unknown password."
that the police don't know the contents either? If that's the case, there might be far more revealing material to come.

Jul 19, 2012 at 9:36 PM | Unregistered CommenterJonathan Drake

Thanks Hilary, enough room there for anything, so content zero. I'm with Pointman and have been since the day it happened. Inside job.

Jul 19, 2012 at 9:38 PM | Unregistered CommenterRichard Drake

I've yet to see any evidence that it was an inside job.

Jul 19, 2012 at 9:57 PM | Unregistered CommenterJames Evans

This latest release does indeed tell us a lot! However it does not add up.

Qinetiq were involved, those people are seriously high end military grade freaking experts. If Qinetiq describe the 'attack' as "highly sophisticated and was undertaken by a person or persons who were highly competent and who knew how to conceal their activity." then it was a military grade job. Why on earth would those kind of people be interested in climate change? None of it makes sense.

Jul 19, 2012 at 10:10 PM | Registered CommenterDung

Following on:

The above leaves me believing that the whole statement is a cover up. It was an inside job, it would be too embarrassing for the university to admit this and name the whistleblower so we get the cover up.

Jul 19, 2012 at 10:20 PM | Registered CommenterDung

Must admit I have only had chance to skim, but just what did Qinetiq do?

"Technical support was provided by online security and investigation experts, QinetiQ."

I thought it was "email extraction":-

"Russell Inquiry: Whatever Happened To FOI2009? "

http://thegwpf.org/science-news/1258-russell-inquiry-whatever-happened-to-foi2009.html

Jul 19, 2012 at 10:42 PM | Registered CommenterGreen Sand

Not in direct reply to the troll (because it will be deleted)

I would like to say that I am open minded about it being a hack. Frankly I don't care if it was or wasn't. If they are caught I hope they are brought to justice with the same swiftness and severity that Peter Gleik was. The difference between the two cases is that in spite of the illegality of hacking the CRU something of worth was gained, truth was revealed and FOIA obviously felt that potential criminal charges were a worthwhile price to pay.

Unlike some people who had to fabricate anything interesting eh?

Jul 19, 2012 at 10:47 PM | Unregistered Commenterduncan

Ray at Lucia's Blackboard made an interesting observation:

There seems to be some doubt over whether or not there really is a 3 year limit on prosecution under this act.

At JustAnswer the following question was posed and the answer that follows:

Q: What is the statute of limitations or time limit for prosecution or reporting to the police for a hacking crime under the computer misuse act that was committed in 2009 in England?
A: There is no limitation period for criminal offences. The Limitation Act applies to civil matters rather than criminal offences.
Q: In the original Computer Misuse Act 1990 the time limit was 3 years even though it was a criminal offence. When was the limitiation removed?
A: Originally it was a summary offence and therefore subject to a 6 month timeframe for prosecution. This ran from the point the prosecutors had sufficient knowledge of the evidence - this was decided in Morgans v Director of Public Prosecutions.

However s35 of the Police and Criminal Justice Act 2006 made an offence under s1 CMA an either way offence and accordingly no time limit is applicable any longer for prosecution of the offence.


I went Googling and found this:
Computer Misuse Act amendments come into force on 1st October 2008

The controversial amendments to the Computer Misuse Act 1990, which were brought onto the statute book by the Police and Justice Act 2006, are finally coming into force this Wednesday 1st October 2008.
See: SI 2008 No. 2503 The Police and Justice Act 2006 (Commencement No. 9) Order 2008
The penalties for Section 1 unauthorised computer access offence (“hacking”) is increased from 6 months to 2 years, making it eligible for Extradition from foreign countries.
The statutory limitation on this Section 1 is abolished (formerly a charge had to be brought no later than 6 months from an arrest, and nothing older than 3 years ago could be considered).


and this
The UK has NO statute of limitations with regard to criminal offences. In short, you can be arrested and taken to court for an indefinite time after the offence was committed.

I then went and located the actual legal texts. The Police and Justice act 2006 and the Computer Misuse Act 1990 as amended

From the amended Act we find (Note the brackets enclosing the entire section tagged F1)

[F1(1)F2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(2)Subject to subsection (3) below, proceedings for an offence under section 1 above may be brought within a period of six months from the date on which evidence sufficient in the opinion of the prosecutor to warrant the proceedings came to his knowledge.
(3)No such proceedings shall be brought by virtue of this section more than three years after the commission of the offence.
(4)For the purposes of this section, a certificate signed by or on behalf of the prosecutor and stating the date on which evidence sufficient in his opinion to warrant the proceedings came to his knowledge shall be conclusive evidence of that fact.
(5)A certificate stating that matter and purporting to be so signed shall be deemed to be so signed unless the contrary is proved.
F3(6). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(7)This section does not extend to Scotland.]

F1 S. 11 repealed (prosp.) by Police and Justice Act 2006 (c. 48), ss. 52, 53, Sch. 14 para. 23, Sch. 15 Pt. 4 (with s. 38(2))

You can click on the pieces I’ve bolded and you get (from page 180 of the 2006 act) this:

23Section 11 of that Act (proceedings for offences under section 1) is repealed.

IANL but the bottom line would seem to be that there is no statute of limitations that is about to expire and either the Norfolk Police screwed up big time or there are other reasons for dropping the investigation. I leave it as an exercise for the reader to imagine what those might be.

Bob

Jul 19, 2012 at 10:53 PM | Unregistered CommenterBob

Qinetiq:

Qinetiq (play /kɪˈnɛtɪk/ as in kinetic; styled as QinetiQ) is a British multinational defence technology company headquartered in Farnborough, United Kingdom. It is the world's 52nd-largest defence contractor measured by 2011 defence revenues, and the sixth-largest based in the UK.[3]

Qinetiq was formed from the greater part of the former UK government agency, Defence Evaluation and Research Agency (DERA), when it was split up in June 2001 (with the smaller part becoming Dstl). It has major sites in the UK at Farnborough, Hampshire, MoD Boscombe Down, Wiltshire, and Malvern, Worcestershire, each of which are former DERA sites. Since its formation it has made numerous acquisitions, primarily of United States-based companies.

Jul 19, 2012 at 11:27 PM | Registered CommenterDung

'The publication of the data in close proximity to the COP 15 and COP17 climate change conferences in Copenhagen and Durban appears to have been done in order to influence global debate around anthropogenic climate change.'

Sorry its hard to see how that relates to a criminal investigation , given that don't know how did it they just seem to have had a 'guess' as to motive and its far from clear that COP15 or 17 would have been gone another way if there had not been a leak .

Further what suggest inside is not what is seen but unseen , there is little of daily talk seen in normal e-mails , nothing about the day to day boring business, in short someone has gone to a lot of effort to filter these e-mails , why would they if their a malicious hacker ?

Even if is was a hacker and these e-mails where collected for a particular purpose , and so the filtering of them , how would any external hacker know to go looking on CRU's services , is it really likely they got 'lucky' or did they know where to go and look because of their own knowledge or someone on the inside told them where it was ?

Jul 19, 2012 at 11:28 PM | Unregistered CommenterKnR

Bob

Truly jaw dropping discovery you made there !

Jul 19, 2012 at 11:30 PM | Registered CommenterDung

If university emails are not private and in fact are public property since they are publically funded. If the hacker was an insider then surely he can have committed no crime. Even if it was an outside hack, was it a crime to publicise emails that should rightly be in the public domain anyway?

Jul 19, 2012 at 11:38 PM | Registered CommenterDung

Dung

"Qinetiq:"

I know what they are, spent unproductive time there, it is what they were contracted to do that interests me.

As I understand it they were only contracted to extract emails from the server. Therefore it surprises me to see the billing as "online security and investigation experts". What online expertise are needed to extract emails from an off line server?

Jul 19, 2012 at 11:45 PM | Registered CommenterGreen Sand

Bob - well done on the legal research! There are limitations on criminal offences in the UK depending on the offence: broadly speaking statutory offences have time limits; common law crimes don't. But it gets a bit messy in the detail. However you're right to highlight the "each way" prosecution rule, which means that the time limit on such statutory matters evaporates.

To the case in point: there is a shortcut - the CPS helpfully publish advice for prosecutors (come on COPFS!), in this case it can be found here:

http://www.cps.gov.uk/legal/a_to_c/computer_misuse_act_1990/

The relevant section is this:

Section 35 of the Police and Justice Act 2006

Section 35 of the Police and Justice Act 2006 increases the penalty for section 1 CMA offence on summary conviction to a maximum of 12 months' imprisonment or / and a fine and on indictment to a maximum of 2 years' imprisonment or / and a fine. All CMA offences are either way and no longer have a time limit. The increased penalty only applies to section 1 offences committed after section 35 Police and Justice Act 2006 comes into force (see Section 38(2) Police and Justice Act 2006).

(my bold) this does appear to have been in force in 2009, when the incident occurred.

Jul 19, 2012 at 11:59 PM | Registered Commenterwoodentop

Green Sand

I have no knowledge of

what they were contracted to do
however Qinetiq could only have been of use if all the emails had been deleted from UEA servers. I have not read anywhere that either the "criminal" or the UEA had deleted them after the "crime"?
Either way I maintain my position that the Norfolk plod release does not add up.

Jul 20, 2012 at 12:37 AM | Unregistered CommenterDung

Not wishing to appear too much the pedant, but the briefing document states that they were firstly trying to establish "...what data was accessed and/or taken and published." - how hard is that?
Look at what was published and you have established the above. Money well spent...

Or, being slightly less cynical about Norfolk plod, they appear to have employed someone who either cannot properly command the English language (or someone who has excellent command thereof and meant exactly what was said) to write their briefing document.

Either way it looks somewhat shoddy.

Jul 20, 2012 at 12:56 AM | Unregistered CommenterSteveW

"a series of remote attacks via the Internet, which accessed an internal back-up server."

Really ? Wow ! The UEA must have the most insecure network ever. An internal back-up server should never, ever be accessible via the internet. It should sit behind at least two firewalls making it impossible to access (unless their firewall rules are very, very poor). And all those e-mails on the back-up server ? No way. It's standard practice within the IT industry to back data up to disk before moving it to tape within 24 hours.

Plod's explanation doesn't sound at all plausable to me.

Jul 20, 2012 at 2:48 AM | Unregistered CommenterSteveB

The UEA must have the most insecure network ever.

British university networks are usually outstandingly open - because the systems are generally run by individual academics, research teams or departments (who are far more interested in price / performance than security) rather than some central university authority. I actually had to set up a secure online purchasing system within a uni network once. Getting people even to think about securing machine was hard.

On the great conspiracy front? If the CRU didn't keep adequate logs then there was probably very little that the PCeU, QinetiQ or Norfolk plod could do.

Jul 20, 2012 at 5:44 AM | Unregistered CommenterSurreptitious Evil

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>