After initially claiming that hackers broke into the heart of the UEA network to steal emails relating to climate change data, it seems that the scientists who suffered as a result are less than clear as to whether there really was a data breach or not.
There are new concerns that the university’s servers were not actively attacked, but rather that the email data was stored in a difficult to find but ultimately unsecured location that could have been found by anyone searching hard enough.
If these allegations are proven to be correct, the police investigation will have to cease, as it would not have been a crime to publicise details which were already available publicly.
Last week Sir David King caused controversy when he claimed that the hack had been initiated from abroad by an intelligence organisation. However, Sir David was forced to concede that there was no hard evidence to back up his suggestions.
Some are now suggesting that there is the possibility that either the persons who published the data obtained it using a legitimate password, or they discovered the data on a publicly accessible portion of the UEA network.
The police investigation has moved slowly ever since the so called breach was announced in November 2009 and there are few established facts to go on. It is known that a total of 4660 files were copied from backup servers at UEA and then spread via the internet.
UEA has now confirmed that the data was archived on a single identifiable backup server. Adding to the confusion is the fact that the filtering of the mass of data stored on the server has been performed with relatively simplistic search terms, resulting in a broad sweep of unorganised data rather than targeted specifics.
Since the data leaked there have been a number of conspiracy theories circulating that implicate big businesses, climate sceptics, bloggers and foreign authorities. The police investigating the breach are having to conduct most of their interviews via email or phone calls to international destinations.
One of the most compelling theories was proposed by blogger Charles Rotter late in 2009, when he suggested that the organic evolution of the network operated by UEA would lead to a lack of uniformity in the security procedures, leaving older systems unknowingly exposed.
