The theft, dubbed "Climategate" by some, caught researchers at the University of East Anglia's Climatic Research Unit discussing ways to dodge right-to-know requests, keep opponents' research out of peer-reviewed journals, and destroy data. The unguarded and occasionally unprofessional messages dented the reputation of several researchers and provided ammunition to skeptics of mainstream climate science, many of whom seized on the documents to claim that the threat of global warming was being hyped.
Several overlapping inquiries have since vindicated the researchers' science -- if not their attitude -- but the furor over Climategate dominated debate in the run-up to the crucial 2009 U.N. climate talks in Copenhagen, Denmark. Those talks ended in failure, and world leaders are still struggling to agree a plan to impose caps on the emission of greenhouse gasses blamed for rising temperatures and melting ice caps. A second leak, published to the Internet in 2011, came a week before similar climate talks in Durban, South Africa.
The local British police force investigating the breach said Wednesday that its officers had been caught out by the complexity of the attack and the three-year-long statute of limitations on Britain's Computer Misuse Act.
Det. Chief Supt. Julian Gregory of the Norfolk Constabulary said in a statement that his officers "do not have a realistic prospect of identifying the offender or offenders and launching criminal proceedings within the time constraints imposed by law."
Gregory's force, which has come under criticism from some quarters for its failure to find the culprits, said that it had sought help from counter-terrorism and cybercrime investigators at Scotland Yard, Britain's domestic extremism task force, as well as outside Internet security consultants. It noted that the perpetrator or perpetrators had masked their activity using "methods common in unlawful internet activity," but didn't go into any further detail.
The force added that the breach -- which led to the publication of several thousand emails when both leaks are taken into account -- was the result of an attack by a malicious hacker, not the actions of a whistleblower as some had speculated.
"We can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the (Climatic Research Unit's) data files, carried out remotely via the Internet," the statement said. "There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime."
The University of East Anglia said it was disappointed that no one had been caught but expressed gratitude for police's help.
"Clearly, the perpetrators were highly sophisticated and covered their tracks extremely carefully," university Vice-Chancellor Edward Acton said. "The misinformation and conspiracy theories circulating following the publication of the stolen emails -- including the theory that the hacker was a disgruntled UEA employee -- did real harm to public perceptions about the dangers of climate change."
He said he hoped Wednesday's announcement would "draw a line under the stressful events of the last two and half years."