Hit the title to a link for a full read...and I suggest that you read "the whole thing" as Glenn Reynolds would say.
An often cited statistic above is "80% of hacks are from insiders". True, but it does depend on what manner of hack to stay within that statistic. Further, many hacks are simply not reported.Will's conclusion is that the hack was conducted by someone on the inside who is angry that at FOIA request was denied. He concludes this from the date/time of some of the last emails, etc.:
Additionally, he concludes that, I am, personally still not ruling out the possibility of an outside, foreign intelligence agency being behind the hack. This is because of the monetary motive, the sophistication of the release, the history of intelligence based hacking against even human rights organizations, and the history of such attacks being generally something which comes "from the outside" when the logs are posted publicly. It should be noted that this would be an extremely dangerous, diplomatically attack to perform. So, in this case, the FOIA angle would be cover, or as they say, "plausible deniability". A red herring.
Update: I found the following report from Steve McIntyre's blog (a prominent climate change critic) pointing out further evidence it may have been an insider, based partly on a very recent FOIA refusal from CRU.
For me, this simply raises the probability this hack was performed "from the inside".