
A group of American climate activists are closely watching a US court case that could reveal who hired hackers to target their inboxes a decade ago.
In 2015, a set of explosive media reports revealed that ExxonMobil’s own scientists determined as early as 1982 that the extraction and burning of fossil fuels caused the climate crisis – but Exxon went on to fund climate denial campaigns anyway. The reports prompted attorneys general to investigate the company.
In 2016, as a group of climate activists sought to hold Exxon accountable for climate deception, they found themselves targeted by a wave of phishing emails. Kert Davies, the founder of the Climate Investigations Center, a group that monitors the fossil fuel industry, received more than 80 phishing emails, including one pretending to be his colleague sharing a Dropbox document titled “ExxonMobil (confidential).docx”. A Department of Justice investigation eventually confirmed the successful hacking of more than 100 victims, including the group of Exxon critics.
Details about who ordered the hacking operation have long been a mystery. But this spring, the extradition and arraignment of Israeli private investigator Amit Forlit in a US federal court in New York sent shockwaves through the American climate community. With Forlit now facing hacking and wire fraud charges, court documents allege the hack was ordered by a firm representing Exxon itself.
With Forlit potentially facing up to 45 years in prison, his lawyer referenced the then-sealed justice department indictment and named the alleged client for the first time, in a filing arguing against his extradition from the UK: “The hacking is alleged to have been commissioned by DCI Group, a lobbying firm representing ExxonMobil, one of the world’s largest fossil fuel companies.”
A newly unsealed indictment from the US attorney’s office in New York also alleges that a lobbying firm working on behalf of an oil giant matching Exxon’s description hired Forlit to execute a project that involved hacking climate activists. Separately, Reuters reported that the FBI investigated DCI Group, a lobbying firm with a longtime relationship with Exxon, regarding the hacking operation. (Public documents published by political finance tracker Open Secrets show Exxon was a major client of DCI Group, spending more than $3m on lobbying, including $320,000 in 2015, the year the hacking was allegedly commissioned.)
DCI Group and Exxon deny involvement. Neither company has been accused of wrongdoing by US authorities. ExxonMobil did not reply to a request for comment, however, the company has previously said it has not been “involved in, nor are we aware of, any hacking activities. If there was any hacking involved, we condemn it in the strongest possible terms.” The company has said it acknowledges “climate change is real, and we have an entire business dedicated to reducing emissions”.
“We do and always have directed all our employees and consultants to comply with the law,” Craig Stevens, a partner at DCI Group, wrote in an email. He added that his firm has “been told by the government that neither DCI nor any of its personnel are under investigation” and that they had “no knowledge or understanding” of the alleged hacking activity. “Any insinuation otherwise is completely false and unsubstantiated,” he wrote.
Forlit pleaded not guilty to the charges. Through his lawyer, he declined to comment to the Guardian.
Forlit’s extradition is the result of a years-long effort by the Department of Justice. In 2018, after being alerted about phishing attacks by the climate activists and others who were targeted, the justice department began gathering evidence of a coordinated scheme.
It uncovered correspondence that showed a group of unnamed co-conspirators had emailedAviram Azari, an Israeli private investigator, suggesting “we can make some money working together”, and inviting him to a business meeting in India. The group then used phishing attacks to successfully hack into the email accounts of various targets located in the US. Based on this evidence, in September 2019, federal agents arrested Azari at the John F Kennedy international airport while he was on his way to Disneyland with his family. He was charged with managing hacking projects and pleaded not guilty. (Azari’s attorney did not reply to requests for comment.)
After languishing in a New York prison for years awaiting trial, Azari pleaded guilty to the hacking charges in 2022, but denied knowledge of the client. Sentencing documents revealed that he played a critical role in executing a massive hacking campaign targeting thousands of people worldwide – stretching well beyond the hacking of Exxon critics – with clients paying him more than $4.8m over almost five years for managing intelligence-gathering and phishing campaigns. He directed hackers, including the group in India, to target specific victims’ online accounts.
The justice department investigation confirmed the successful hacking of more than 100 of Azari’s victims, including the Exxon critics. The government’s sentencing memo said some of the hacked documents stolen from climate advocates’ online accounts were leaked to the press, and articles about those hacked documents were incorporated into Exxon’s court filings as it battled state attorneys general investigations.
After Azari’s sentencing, the climate activists were left wondering who ordered the hacking operation. Then the US indictment was unsealed in April, offering tantalizing new details. It alleged Forlit was “a leader of a sprawling cybercriminal enterprise” via Israel-based intelligence-gathering firms and that his actions involved co-conspirators in the US, UK, Israel and India. The indictment says the operation targeting climate activists was carried out on behalf of a client that is “one of the world’s largest oil and gas corporations, with headquarters in Irving, Texas”. (When the indictment was first filed in 2022, ExxonMobil was the only major global oil company with headquarters in Irving, Texas.)
The indictment described allegations using ciphers instead of specific names of people and companies, but the names were clear to anyone who had read the UK court filings that led to Forlit’s extradition. The indictment laid out a chain of events connecting Forlit and Azari to a “lobbying firm” – which the UK filings allege was DCI Group – and in turn the lobbying firm’s “client”, which the UK filings allege was ExxonMobil. The indictment alleged that in October 2015, the client asked the lobbying firm for help responding to civil investigations it was facing related to climate change.
According to the indictment, a principal at the lobbying firm contacted Forlit about a project that would target people working on climate and environmental issues. In a memo to Forlit, the principal laid out a plan for how they “would operationalize the research on the bad guys”. The principal sent the memo to Forlit with a cover email that said: “This is what I gave the client yesterday.” The memo referenced “recent attacks” on the client – the oil and gas company in Irving, Texas – “over climate change by groups on the left” and the “opportunity to go ‘on offense’.”
Prosecutors alleged Forlit then emailed the principal a proposal for the climate change project, with a $125,000 monthly budget, outlining how his firms would gather intelligence for the client’s use in lobbying and legal proceedings. Forlit then allegedly contracted Azari and others who, in turn, hired hackers.
The indictment alleges the hackers successfully breached the accounts of climate advocates in 2016 and 2017. The indictment alleges that stolen materials were funneled through Azari and Forlit to the principal at the lobbying firm and ultimately used in lobbying work and climate litigation filings for the client. Between 2014 and 2017, Forlit’s firms allegedly earned $7m, including for work on the climate hack.
A decade after they received a flood of phishing attempts, the targets are now poring over the unsealed indictment, trying to piece together the identity and motivations of those who attacked them. Although the government investigation confirmed the successful hacking of 100 victims, the Forlit indictment focuses on five unnamed victims.
In 2016, Jennifer Cunningham was a partner with SKDKnickerbocker, a public affairs firm, and a policy consultant to the New York attorney general. She was involved in the climate litigation work and recalled receiving phishing emails, which she believes were attempts to obtain information about the litigation strategy.
In an interview with the Guardian, she initially said the hackers were not successful. “I remember there were a couple that I really narrowly avoided, because [they appeared to be] from a colleague,” she said. Her office turned over the phishing emails to federal prosecutors.
But after reviewing the Forlit indictment, she was fairly certain she recognized herself in it. “Wait – I must be Victim 3?” she wrote in text messages. “If so, I guess they were successful in hacking in, which I never knew.” She hopes the court case will reveal more details, including the communication between the companies and the hackers.
Lee Wasserman, director and secretary of the Rockefeller Family Foundation, has reason to believe he is “Victim 5”. He and others received letters from the justice department stating they were victims of the scheme, although the government never confirmed to them whether they were successfully hacked.
Wasserman believes he was targeted because he supported a Columbia Journalism School investigation into what Exxon knew about climate change that was published in the Los Angeles Times. He also met with the New York attorney general to talk about Exxon. “We think Exxon and their allies’ conduct was the most consequential corporate deception of all time,” Wasserman said.
But the phishing attempts had a chilling effect on their accountability efforts, he added. They switched from email to phone calls, and at times, Wasserman found himself whispering because he wondered if someone had bugged his office or home. He pondered whether cars could be lurking outside to follow him or his colleagues.
Wasserman hopes the court process will reveal how the idea was hatched, who directed the operation, and who paid for it. “We’re all sitting on the edge of our seats waiting to see if we hear that at trial,” he said.
Kert Davies, who is still monitoring Exxon, hopes the Forlit case will reveal whether the oil giant was involved in the hack. “None of that has been proven yet. So any furtherance of that story and that proof is really important to me, personally, and to a lot of the people who were attacked by this operation 10 years ago,” he said. “It’s personal, because I really don’t like bullies or liars or cheaters.”
This story is published in partnership with Grist. Read the longer version here
View original source — The Guardian ↗


