Hackers breached password security to steal UEA climate change emails
15:32 19 July 2012
© ARCHANT NORFOLK 2010
Hackers broke into climate change emails sent by scientists at the University of East Anglia (UEA) on at least three occasions, a senior investigating officer revealed today.
Det Chief Supt Julian Gregory revealed hackers may have taken advantage of the UEA’s computer system allowing remote access to the Climate Research Unit and then breached several passworded security levels to get unauthorised access to the private emails and documents exchanged by some of the world’s leading climate scientists over a 13 year period.
The 160mb of data, leaked just weeks before a climate change summit in Copenhagen, was seized upon by climate change sceptics as proof that climatologists had been manipulating data to prove that climate change was real.
He was speaking at the end of Operation Cabin initiated by the police to investigate the hacking, but which closed without any criminal prosecutions being brought because the deadline was looming for the three year time limit allowed for legal proceedings to be taken.
He said the complex enquiry, started after the security breach was reported to police on November 20, 2009, had been international in scale and had involved officers from Norfolk police working with colleagues from around the country, as well as specialists in the private sector.
The police had also consulted “partners” in other countries across Africa, Asia and America, Det Chief Supt Gregory added, because the stolen data had been routed through proxy servers in countries around the world.
However, he said while some countries offered “excellent” help, others were more time consuming and difficult to work with, though he refused to name them.
The possibility the information could have been leaked internally had been ruled out following interviews with people from the UEA who could have had access to the hacked material and Det Chief Supt Gregory said the sophisticated nature of the breach and the steps taken by the hackers to cover their steps led him to believe access had been gained by an external source.
The whole investigation, including the cost of buying in specialist support, cost nearly £85,000 but the senior investigating officer said the decision was taken to call off the operation because it was unlikely the police would be able to take it any further.
However, he felt the expenditure was modest for an investigation of that nature, but that the enquiry was justified despite the lack of any criminal proceedings because it was in the public interest, especially as the emails had been published to try and influence the outcome of the climate change summit at Copenhagen.
UEA vice-chancellor Edward Acton said security had been improved since the breach and reflected on the effect the hacking had on staff at the institution.
He added: “I think the risks are a lot lower, but I don’t think it is impossible. I suppose everybody who has followed the story has had their awareness raised that things raised out of context can be grossly misunderstood.”
He believed the scandal had done damage to public understanding of climate change in the short term and said in the future checks would have to be made to ensure the science had been properly “challenged and corroborated” around the world.
“It was an appalling time for those involved in the storm, but it is one that we have come through,” Mr Acton added.