By Raphael Satter and Christopher Bing
WASHINGTON (Reuters) – The FBI has been investigating a longtime Exxon Mobil (NYSE:XOM) consultant over the contractor’s alleged role in a hack-and-leak operation that targeted hundreds of the oil company’s biggest critics, according to three people familiar with the matter.
The operation involved mercenary hackers who successfully breached the email accounts of environmental activists and others, the sources told Reuters.
The scheme allegedly began in late 2015, when U.S. authorities contend that the names of the hacking targets were compiled by the DCI Group, a public affairs and lobbying company working for Exxon at the time, one of the sources said. DCI provided the names to an Israeli private detective, who then outsourced the hacking, according to the source.
In an effort to push a narrative that Exxon was the target of a political vendetta aimed at destroying its business, some of the stolen material was subsequently leaked to the media by DCI, Reuters determined. The Federal Bureau of Investigation found that DCI shared the information with Exxon before leaking it, the source said.
Some environmental activists interviewed by Reuters say the hacking operation disrupted preparations for lawsuits by cities and state attorneys general against Exxon and other energy companies. Those lawsuits were modeled on litigation against the tobacco industry in the mid-1990s, which resulted in a watershed settlement and sweeping restrictions on cigarette sales.
The stolen material continues to be used today to counter litigation claiming the oil giant misled the public and its investors about the risks of climate change. As recently as April, an industry trade group that has received funding from Exxon cited one of the hacked documents – an internal memo sketching out the proposed litigation strategy of the environmentalists – in an effort to get the Supreme Court to quash a lawsuit filed by the city of Honolulu against Exxon and other energy companies. The case is pending.
The group, the National Association of Manufacturers, said it was not aware of the allegation the material had been hacked “and will consider whether to stop using it in future briefs.”
Exxon and DCI parted ways around 2020, according to two people familiar with the matter.
In a statement, Exxon said it “has not been involved in or aware of any hacking activities,” calling allegations to the contrary “conspiracy theories.” Reuters could not determine whether Exxon itself has also been the subject of the FBI investigation.
DCI said: “We direct all our employees and consultants to comply with the law.”
The leaks “sent a shudder through the environmental community,” said Kert Davies, director of investigations for an environmental group, the Center for Climate Integrity. Davies was among those targeted by the hackers. Matt Pawa, an attorney whose strategy drove much of the anti-Exxon litigation, said the leaks fueled a legal counteroffensive that nearly knocked him out of business.
“Those documents were directly employed by Exxon to come after me with all guns blazing,” he said in a recent interview. “It turned my life upside down.”
The investigation into the hack-and-leak operation comes amid growing concern among law enforcement agencies worldwide about how such cyberespionage schemes threaten to taint judicial proceedings.
The FBI has been investigating the broader use of mercenary hackers to tamper with lawsuits since early 2018, Reuters has previously reported. The Israeli private detective hired by DCI, Amit Forlit, was arrested this year at London’s Heathrow Airport and is fighting extradition to the United States on charges of hacking and wire fraud.
U.S. law enforcement authorities declined to comment on their efforts. They have not spoken publicly about the case against Forlit, which remains under seal. But in court hearings earlier this year, British lawyers acting on behalf of the American government alleged that Forlit had carried out hack-for-hire work for a “Washington-based PR and lobbying firm” and that he worked on behalf of an oil and gas corporation which wanted to discredit individuals involved in climate change litigation. In those hearings, the energy company and the lobbying firm were not identified.
Federal prosecutors have secured a related conviction: that of Forlit’s former business associate, private investigator Aviram Azari. Azari pleaded guilty in 2022 to wire fraud, conspiracy to commit hacking and aggravated identity theft, which included targeting the environmental activists. In court files, prosecutors did not assert any link between Azari and Exxon, DCI or Forlit. But one of the sources with knowledge of the FBI investigation said Forlit outsourced the hacking of the environmental activists to Azari.
Forlit’s attorneys did not respond to messages from Reuters seeking comment. A lawyer for Azari, Barry Zone, declined to comment.
Addressing his victims after he was sentenced last year to 80 months in prison, Azari said that “there will come a day” when he could provide more information about what he had done. “You don’t know everything,” he said.
CODENAME “FOX HUNT”
The hack-and-leak operation came on the heels of a series of media reports in 2015 contending that scientists at Exxon knew for decades that fossil fuels were warming the Earth as the company’s top executives publicly said otherwise. Exxon has said that its internal research and public positions on climate change have been misinterpreted.
Under the hashtag “ExxonKnew,” groups such as Greenpeace called for legal action. So did then-presidential candidate Hillary Clinton, who said the Department of Justice should probe the firm because “there’s a lot of evidence they misled people.” In November 2015, New York’s attorney general, Eric Schneiderman, announced he was investigating Exxon. Other suits followed.
With Exxon on the defensive, DCI swung into action to protect what was then one of the firm’s most important clients. Reuters interviewed a dozen former DCI employees to piece together the firm’s relationship with Exxon.
Founded in 1996 by veterans of Republican politics, DCI has worked for a variety of tobacco, telecom, hedge fund and energy firms. On its website, DCI says it handles public relations crises, litigation support, and opposition research.
Five former DCI employees said Exxon was long one of DCI’s biggest sources of revenue. One ex-employee said the oil giant regularly steered more than $10 million in business a year to DCI. Lobbying work alone for Exxon earned DCI at least $3 million between 2005 and 2016, according to publicly available data gathered by the transparency website OpenSecrets.
DCI’s staff in Washington kept track of social media chatter around the ExxonKnew campaign as well as moves made by state attorneys general, according to two people familiar with the matter. DCI also hired the Israeli detective Forlit, who tapped Azari to hack the accounts, according to one of the sources familiar with the FBI investigation. The operation’s code name was “Fox Hunt,” the source said.
Azari was the subject of a 2022 Reuters investigation that revealed how he and other private investigators used mercenary hackers in India to help wealthy clients gain the upper hand in legal cases. The report drew on a large dataset of Indian hacking activity, which shows that the spies tried to break into more than 13,000 email addresses over a seven-year period. Among the targets were more than 500 email addresses belonging to environmentalists, their funders, their colleagues and their family members, all of whom were targeted between 2015 and 2018.
Some details of the hacking campaign previously have been made public. In 2020 the Canadian digital watchdog group Citizen Lab identified 10 organizations targeted in a sweeping cyberespionage effort, including Greenpeace, the Union of Concerned Scientists and the Rockefeller Family Fund.
Reuters has learned the identity of other prominent targets, which include former Democratic presidential candidate and billionaire environmentalist Tom Steyer, and the ex-wife of Schneiderman, New York’s then-attorney general.
Steyer’s lawyers did not respond to requests for comment. In an email, Schneiderman’s ex-wife and former political adviser, Jennifer Cunningham, said she had long suspected that Exxon was behind the hack-and-leak effort.
Beginning in April 2016, news reports appeared alleging the ExxonKnew campaign was a politicized effort pushed by wealthy benefactors. Within 24 hours of one another, two media outlets published stories based on an internal Rockefeller Family Foundation memo. The memo said activists were working to convince the public that “Exxon is a corrupt institution” and wanted to “delegitimize them as a political actor.”
The person with knowledge of the law enforcement investigation said the FBI assessed that the memo was obtained via the Forlit-led hacking operation. Separately, Reuters determined that the memo was subsequently leaked to the media by DCI.
Exxon’s lawyers repeatedly drew on the hacked documents to support the company’s litigation.
After the New York attorney general filed suit against Exxon in 2018, for instance, the energy company’s lawyers cited the stolen Rockefeller memo to argue that the case should be thrown out.
The lawyer representing Exxon, Theodore Wells, told New York’s Supreme Court in his October 2019 opening statement that Schneiderman had improperly formed “a political alignment with activists for the purpose of advancing an agenda directed at energy companies.”
New York lost the case two months later, when a judge ruled that the attorney general failed to prove that Exxon had defrauded investors by hiding the true cost of climate change regulation.
In an interview, Schneiderman said the leaked documents were used “to great effect” to bolster what he called Exxon’s “baseless claim that we were engaged in a politically motivated ‘witch hunt.’”
Wells and his law firm, Paul Weiss, did not respond to messages seeking comment.
The memo or other hacked documents were also cited in court filings by Exxon against attorneys general in Massachusetts and the U.S. Virgin Islands, as well as in the company’s 2018 effort to depose climate change attorney Pawa and other lawyers.
Much of the litigation is ongoing. On Tuesday, Maine became the ninth U.S. state to file a lawsuit accusing oil companies or allied groups of deceiving the public about climate change. Pawa said the industry has continued to invoke the hacked files in its effort to push back. “They were used over and over again,” he told Reuters. The net effect, he said, was “chilling people from exercising their constitutional rights.”
