Thursday, 16 Jul 2026
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA
logo logo
  • World
  • Politics
  • Crime
  • Economy
  • Tech & Science
  • Sports
  • Entertainment
  • More
    • Education
    • Celebrities
    • Culture and Arts
    • Environment
    • Health and Wellness
    • Lifestyle
  • 🔥
  • Trump
  • House
  • White
  • ScienceAlert
  • VIDEO
  • man
  • Trumps
  • Season
  • star
  • Years
Font ResizerAa
American FocusAmerican Focus
Search
  • World
  • Politics
  • Crime
  • Economy
  • Tech & Science
  • Sports
  • Entertainment
  • More
    • Education
    • Celebrities
    • Culture and Arts
    • Environment
    • Health and Wellness
    • Lifestyle
Follow US
© 2024 americanfocus.online – All Rights Reserved.
American Focus > Blog > Environment > They wanted to hold Exxon accountable. Then they got hacked.
Environment

They wanted to hold Exxon accountable. Then they got hacked.

Last updated: July 16, 2026 12:02 am
Share
They wanted to hold Exxon accountable. Then they got hacked.
SHARE

A decade after climate activists’ emails were breached, a court case is shedding new light on who allegedly orchestrated the hacking.

This story is published in partnership with the Guardian.​

On a chilly January morning in 2016, Kert Davies met with climate advocates and lawyers at the Rockefeller Family Fund’s office in Upper Manhattan. Their ambitious aim was to hold Exxon Mobil, a leading fossil fuel company, accountable for its role in climate change. A few months prior, explosive media reports had uncovered that Exxon’s scientists had recognized the climate impact of fossil fuels as early as 1982, yet the company funded climate denial campaigns.

For Exxon, these revelations were a public relations nightmare with significant legal implications. Davies, who founded the Climate Investigations Center to scrutinize the fossil fuel sector, collaborated with other climate advocates to ensure these repercussions were felt, employing the hashtag #ExxonKnew to boost public awareness.

A month following the Manhattan meeting, Davies received a suspicious email, seemingly from Facebook, stating, “Kert, you have 5 poke.” Similar messages followed, resembling notifications from Facebook, Twitter, and LinkedIn.

Unaware of the phishing attempt, Davies clicked links in these odd messages. But a sense of unease grew. By early March, he inquired on a climate activist listserv if anyone else had received strange emails. Others confirmed they had, with some even entering their passwords.

Swamped with ominous emails, the group’s communication felt increasingly threatened. The next month, a Wall Street Journal reporter contacted Davies about a detailed agenda from the January meeting, which she had acquired. In April 2016, the Wall Street Journal and the Washington Free Beacon, a conservative news outlet, published details from the email, alleging “secret coordination” by climate activists against Exxon.

See also  Marco Ebben, One Of Europe's Most Wanted Criminals, Shot Dead In Mexico

Davies didn’t see the meeting as unusual, believing environmental advocates often strategized against significant polluters. However, Exxon used the media reports to counter lawsuits and subpoenas from 17 attorneys general. In its legal filings, Exxon referenced the meeting agenda, claiming activists conspired against the company.

A criminal investigation later revealed that the email obtained by the publications had been hacked. The identity of the perpetrator remained unknown, but court documents now allege the hacking was commissioned by a firm representing Exxon—those Davies and others sought to hold accountable for climate deception.

A gas refinery seen at sunset
An Exxon Mobil gas refinery, as seen in March 2006 in Baytown, Texas. Benjamin Lowy / Getty Images

The possible connection to Exxon emerged last year when the U.S. government issued an arrest warrant and sought to extradite Israeli private investigator Amit Forlit from the U.K. Forlit faced charges of hacking and wire fraud, potentially leading to a 45-year sentence. The indictment from the U.S. attorney’s office in New York, unsealed earlier this year, claimed a public affairs firm representing an oil giant resembling Exxon hired Forlit for a hacking project targeting climate activists. In court documents, Forlit alleged that DCI Group, a public affairs firm with longstanding ties to Exxon, commissioned the hacking. Additionally, Reuters reported that the FBI investigated DCI Group concerning the hacking operation.

Both DCI Group and Exxon deny involvement. Exxon Mobil did not respond to a request for comment, but the company has stated it was not “involved in, nor aware of, any hacking activities,” condemning any hacking in the strongest terms. The company acknowledges that “climate change is real, and we have a business dedicated to reducing emissions.”

Craig Stevens, a partner at DCI Group, wrote in an email that the firm has “been told by the government that neither DCI nor any of its personnel are under investigation” and that they had “no knowledge or understanding” of the alleged hacking activity. “Any insinuation otherwise is completely false and unsubstantiated,” he added.

Through his lawyer, Forlit declined to comment. He has pleaded not guilty.

Read Next


Standing Rock was an Indigenous-led movement. Why did Greenpeace take the fall?

Currently, as a consequence of the revelations about what Exxon knew and when, the company and others in the fossil fuel industry face lawsuits from states and cities that could result in damages amounting to hundreds of billions of dollars. Over the past decade, threats to climate advocates have intensified, with fossil fuel companies collaborating with security firms or police to monitor activists opposing pipeline projects like the Dakota Access Pipeline and Line 3. Cybercrime has advanced, and the global hack-for-hire industry has largely evaded consequences.

Davies, still tracking Exxon, hopes the Forlit case will determine if the oil giant was involved in the hack. “None of that has been proven yet. So any furtherance of that story and that proof is really important to me, personally, and to a lot of the people who were attacked by this operation 10 years ago,” he said. “It’s personal because I really don’t like bullies or liars or cheaters.”


Roughly a year after Davies first received those peculiar messages, an investigative reporter covering financial fraud in Germany began receiving similar emails and reported them to the University of Toronto’s Citizen Lab, which examines surveillance efforts on civil society. John Scott-Railton, a senior researcher at the lab, swiftly identified them as phishing attacks. Citizen Lab researchers noted that the links in the emails used a custom URL shortener. They devised a method to reveal the full, unshortened URLs containing target email addresses, thus compiling a comprehensive list of those targeted.

Many victims were from environmental groups and advocates opposing Exxon, but Scott-Railton and his colleagues found that hundreds of targets also included activists’ families and friends. Non-environmental entities, such as hedge funds, short sellers, and financial journalists, were targeted as well.

“We began toying with the idea that perhaps this was a mercenary group and they were taking commissions,” Scott-Railton said.

Scott-Railton reached out to Davies in the fall of 2017. By then, Davies was experiencing another wave of phishing attacks. This time, several emails mentioned Exxon, including one that impersonated a colleague sharing a Dropbox document titled “ExxonMobil (confidential).docx”.

Davies was still unaware of the source of these messages. When he met with Scott-Railton, the researcher showed Davies that he was among a long list of targets—one that extended beyond his circle of Exxon critics.

“It was really a relief to know that I wasn’t imagining that we were being targeted,” Davies recalled.

While investigating the hacking group, Scott-Railton assisted Davies and other potential targets in searching their inboxes for evidence that the unusual messages were phishing attempts linked to a single hacking group. Davies alone had received more than 80 such emails. With this evidence, several targets shared Citizen Lab’s findings with the Department of Justice, or DOJ, which began collecting evidence of a coordinated scheme.

The Justice Department uncovered correspondence indicating that a group of unnamed co-conspirators had emailed Israeli private investigator Aviram Azari, proposing “we can make some money working together” and inviting him to a business meeting in India. The group then launched phishing attacks that successfully hacked into the email accounts of various U.S. targets. Based on this evidence, in September 2019, federal agents arrested Azari at John F. Kennedy International Airport while he was en route to Disneyland with his family. He was charged with managing hacking projects and pleaded not guilty. (Azari’s attorney did not respond to requests for comment.)

As the government built its case, Davies met with DOJ investigators in early 2020 and shared everything he knew. A few months later, Citizen Lab published a groundbreaking report exposing that the phishing emails originated from Dark Basin, a hack-for-hire group based in India. The climate advocates were just one group of targets among many; the hackers had attacked thousands across six continents, including politicians, prosecutors, CEOs, journalists, and human rights defenders. The report suggested that the hackers had a deep understanding of Exxon critics and their relationships, implying they had received detailed instructions. However, the client who commissioned the hack remained unidentified.

people stand in front of the New York Supreme Court building holding a large banner that says '#ExxonKnew'
Climate activists protest on the first day of the Exxon Mobil trial outside the New York State Supreme Court building in October 2019. Angela Weiss / AFP via Getty Images

After spending years in a New York prison awaiting trial, Azari pleaded guilty to the hacking charges in 2022 but denied knowledge of the client. Sentencing documents revealed his significant role in a global hacking campaign that targeted thousands, extending beyond the #ExxonKnew campaign. Clients paid him over $4.8 million over nearly five years for managing intelligence-gathering and phishing operations. He directed hackers, including the Indian group, to target specific victims’ online accounts.

The DOJ investigation confirmed the successful hacking of more than 100 of Azari’s victims, including those in the #ExxonKnew campaign. The government’s sentencing memo stated that some hacked documents stolen from climate advocates’ online accounts were leaked to the press, and articles about these documents were used in Exxon’s court filings during state attorneys general investigations. DOJ investigators also asked Davies and others to submit victim impact statements for Azari’s sentencing. Davies wrote that the attack caused “anxiety, paranoia, depression, sleeplessness, and fear.”

Despite revelations in the Azari case, the client allegedly behind the hack was still unknown—until the DOJ issued a warrant for Amit Forlit and sought his extradition.


Forlit’s extradition case sent shockwaves through the U.S. climate community and began providing the answers Davies and others had been waiting for. Davies knew that Exxon had a long working relationship with DCI Group, a strategic communications firm based in Washington, D.C. Public documents show Exxon was a major client of DCI Group, spending more than $3 million on lobbying, including $320,000 in 2015, the year the hacking was allegedly commissioned.

In a filing arguing against his extradition last year, Forlit’s lawyer named the alleged client for the first time: “The hacking is alleged to have been commissioned by DCI Group, a lobbying firm representing ExxonMobil, one of the world’s largest fossil fuel companies.”

Read Next

A collage in the shape of a large eye with document text in the sclera and a photo of a pipeline in the iris/pupil

FBI sent several informants to Standing Rock protests, court documents show

Davies felt vindicated. What he had suspected all along was finally being revealed in court documents. “There’s been periods of time where I thought, ‘Oh, that’s over. There’s no way to ever figure it out.’ And then all of a sudden — this breakthrough,” he said.

With Forlit facing potential decades in prison if extradited to the U.S., his lawyer referenced the then-sealed DOJ indictment and named the companies in a legal filing. The lawyer argued that one of the reasons for his prosecution in the U.S. was to “advance the politically-motivated case of pursuing ExxonMobil, with Mr. Forlit a form of collateral damage in that endeavor.” However, the court didn’t find this argument convincing, and in April, Forlit was extradited to the U.S.

The U.S. indictment was unsealed in April, providing intriguing new details. It alleged Forlit was “a leader of a sprawling cybercriminal enterprise” through Israel-based intelligence-gathering firms, and that his actions involved co-conspirators in the U.S., U.K., Israel, and India. The indictment stated that the operation targeting climate activists was conducted on behalf of a client: “one of the world’s largest oil and gas corporations, with headquarters in Irving, Texas.” (At the time the indictment was first filed in 2022, Exxon Mobil was the only major global oil company headquartered in Irving, Texas.)

a mostly glass building with a few trees planted in front
The exterior of Exxon Mobil’s campus on the outskirts of Houston, Texas, where the company relocated its headquarters from Irving, photographed in February 2022. Brandon Bell / Getty Images

The indictment described allegations using ciphers instead of specific names of people and companies, but the names were clear to anyone who had read Forlit’s U.K. court filings opposing his extradition. The indictment laid out a chain of events connecting Forlit and Azari to a “lobbying firm” — which Forlit’s U.K. filings say was DCI Group — and in turn the lobbying firm’s “client,” which the U.K. filings say was Exxon Mobil. The indictment alleged that in October 2015, the client asked the lobbying firm for help responding to civil investigations it was facing related to climate change.

According to the indictment, a principal at the lobbying firm contacted Forlit about a project that would target people working on climate and environmental issues. In a memo to Forlit, the principal laid out a plan for how they “would operationalize the research on the bad guys.” The principal sent the memo to Forlit with a cover email that said: “This is what I gave the client yesterday.” The memo referenced “recent attacks” on the client — the oil and gas company in Irving, Texas — “over climate change by groups on the left” and the “opportunity to go ‘on offense.’”

Prosecutors alleged that Forlit then emailed the principal a proposal for the climate change project, with a $125,000 monthly budget, outlining how his firms would gather intelligence for the client’s use in lobbying and legal proceedings. Forlit then allegedly contracted Azari and others who, in turn, hired hackers.

The indictment alleges that the hackers successfully breached the accounts of two targets who worked for a climate advocacy nonprofit in February and March of 2016 (around the time that Davies heard from the Wall Street Journal reporter) and continued their phishing spree, successfully hacking more targets, until late 2017. The indictment alleges the stolen materials were funneled through Azari and Forlit to the principal at the lobbying firm and ultimately used in lobbying work and climate litigation filings for the client. Between 2014 and 2017, Forlit’s firms allegedly earned $7 million through the scheme, including work on the climate hack.


A decade after they received a flood of phishing attempts, the targets are now poring over the unsealed indictment, trying to piece together the identity and motivations of those who attacked them a decade ago. Although the government investigation confirmed the successful hacking of 100 victims, the Forlit indictment focuses on five unnamed victims.

Lee Wasserman, director and secretary of the Rockefeller Family Foundation, has reason to believe he is “Victim 5.” He and others received letters from the DOJ stating that they were victims of the scheme, although the government never confirmed to them whether they were successfully hacked.

Wasserman believes he was targeted because he supported a Columbia Journalism School investigation into what Exxon knew about climate change that was published in the Los Angeles Times. He also met with the New York attorney general to talk about Exxon. “We think Exxon and their allies’ conduct was the most consequential corporate deception of all time,” Wasserman said.

But the phishing attempts had a chilling effect on their accountability efforts, he added. They switched from email to phone calls, and at times, Wasserman found himself whispering because he wondered if someone had bugged his office or home. He pondered whether cars could be lurking outside to follow him or his colleagues.

a mobile gas station awning, seen mostly in shadow
A Mobil logo is seen on a gas station in Los Angeles in November 2023. Jakub Porzycki / NurPhoto / Getty Images

Wasserman hopes the court process will reveal how the idea was hatched, who directed the operation, and who paid for it. “We’re all sitting on the edge of our seats waiting to see if we hear that at trial,” he said.

In 2016, Jennifer Cunningham was a partner with SKDKnickerbocker, a public affairs firm, and a policy consultant to the New York Attorney General. She was involved in the climate litigation work and recalled receiving phishing emails, which she believes were attempts to obtain information about the litigation strategy.

In an interview with Grist, she initially said the hackers were not successful. “I remember there were a couple that I really narrowly avoided, because [they appeared to be] from a colleague,” she said. Her office turned over the phishing emails to federal prosecutors.

But later, after reviewing the Forlit indictment, she was fairly certain she recognized herself in it. “Wait — I must be Victim 3?” she wrote in a text message. “If so, I guess they were successful in hacking in, which I never knew.” She hopes the court case will reveal more details, including the communication between the companies and the hackers.

Scott-Railton, who first exposed the hacking operation, said, “The #ExxonKnew hacking campaign stands out, in my mind, as one of the largest and most brazen hacking attempts I’ve ever seen against environmental organizations — or for that matter, U.S. advocacy organizations in general.” These groups continue to face digital threats, he explained; phishing attempts still occur, and hacking has progressed to include more sophisticated methods of intrusion that don’t require targets to click on anything. For instance, the Israeli cyber-intelligence firm NSO Group’s Pegasus spyware had been used to target human rights defenders and journalists. “I have no doubt that a version of this is going to come again,” he said.

This year, Davies received a letter from the DOJ stating that he was a “victim” in the Forlit case. He hopes that the people who ordered the hacking operation are named and held accountable.

“I still live not knowing if I was hacked,” Davies said. “I don’t have proof that they did hack me, that they did get my password. I don’t have proof that they didn’t. And that’s the thing that still rests with me: Am I secure?”

TAGGED:AccountableExxonHackedHoldWanted
Share This Article
Twitter Email Copy Link Print
Previous Article Dollar Declines on a Benign US CPI Report Dollar Declines on a Benign US CPI Report
Next Article Influencer Dead After Bicycle Crash on Honeymoon With Olympian Influencer Dead After Bicycle Crash on Honeymoon With Olympian

Popular Posts

Spending Christmas with ‘Dr. Doom’

The lawmakers simply did not want to hear the inconvenient truths he had to share.…

December 28, 2024

Donald Trump Says There Are 2 'N-Words' You Can't Use

Donald Trump A New Controversy: The Precarious Use of N-Words Published September 30, 2025 6:59…

September 30, 2025

How to Rewatch the 2025 Met Gala Livestream

The highly anticipated 2025 Met Gala has come to a close, leaving fashion enthusiasts buzzing…

May 6, 2025

ManéMané Spain Spring 2025 Collection

Miguel Becer’s ManéMané: A Decade of Folklore-Inspired Fashion ManéMané, the brainchild of designer Miguel Becer,…

November 8, 2024

‘A hubristic, colossal wreck’

The film "Colossal Wreck" offers a poignant glimpse into the complexities and contradictions of our…

December 16, 2025

You Might Also Like

Shopping Your Values: Organic – Earth911
Environment

Shopping Your Values: Organic – Earth911

July 15, 2026
TV must showcase real animal lives
Environment

TV must showcase real animal lives

July 14, 2026
Midwest’s Blowout Year of Storms, Power Outages Is a Window into Its Climate-Changed Future; We Must Heed It
Environment

Midwest’s Blowout Year of Storms, Power Outages Is a Window into Its Climate-Changed Future; We Must Heed It

July 14, 2026
Climate-impacted communities across Asia are taking their fight to court
Environment

Climate-impacted communities across Asia are taking their fight to court

July 13, 2026
logo logo
Facebook Twitter Youtube

About US


Explore global affairs, political insights, and linguistic origins. Stay informed with our comprehensive coverage of world news, politics, and Lifestyle.

Top Categories
  • Crime
  • Environment
  • Sports
  • Tech and Science
Usefull Links
  • Contact
  • Privacy Policy
  • Terms & Conditions
  • DMCA

© 2024 americanfocus.online –  All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?