US senators, green groups call for accountability over hacking of Exxon critics

By Raphael Satter and Christopher Bing

WASHINGTON -Two Democratic senators and a host of environmental groups have called for investigations and accountability following a Reuters report that a lobbyist for Exxon Mobil (NYSE:) had been investigated for its alleged role in a sweeping hack-and-leak operation that targeted prominent critics of the oil company.

In late November, Reuters reported that more than 500 email accounts belonging to environmentalists and their allies were targeted by mercenary hackers between 2015 and 2018 as part of an effort to help beat back climate change investigations and lawsuits being mounted against Exxon. 

Reuters reported that Exxon’s longtime Washington consultant, the DCI Group, had been investigated by the FBI over the hacks as well as the subsequent leak of some of the environmentalists’ emails to the press.

At the time of that report, Exxon had denied any involvement with the espionage campaign and called allegations to the contrary “conspiracy theories.” In a statement on Wednesday, Exxon said “if there was any hacking involved, we condemn it in the strongest possible terms.”

DCI said in a statement that the company “has not been involved in nor commissioned others to hack or to obtain information unlawfully.”

Senate Budget Chairman Sheldon Whitehouse – a critic of the energy company – said in a statement the news that DCI was implicated in the distribution of emails stolen from prominent environmentalists was cause for serious concern and urged the Department of Justice to “take a good, long look at Exxon and its fellow fossil fuel flunkies.”

Responding to the Reuters story, Senate Finance Chairman Ron Wyden said the cyberespionage industry “threatens the very core of America’s democracy and fundamentally undermines our justice system.” In a statement, the Oregon lawmaker called for justice for “corporations and billionaires who pay for hack-and-leak operations against their critics,” without naming specific companies or people. 

Democratic California representative Ro Khanna called the hacking allegations “deeply concerning.”

Department of Justice officials declined to comment.

MERCENARY HACKING

The lawmakers’ statements come as the Justice Department reaches a crossroads in a wider investigation of mercenary hacking that began in early 2018.

A key player in the scheme, private detective Aviram Azari, is due to be released from prison next month after refusing to cooperate with U.S. authorities, his attorney has previously said. 

The London extradition trial of Amit Forlit, a former business associate of Azari who is wanted by the U.S. in connection with the investigation into DCI, is due to begin on Jan. 22. In a deposition made public in 2022, Forlit said he had “never commissioned hacking and never paid for hacking.”

Some hacking victims fear that Trump, an oil industry ally who has called climate change a hoax, will kneecap the investigation. In 2020, during Trump’s first term, Senator Whitehouse had already raised the alarm over what he called “political interference” in the prosecution.

Trump Communications Director Steven Cheung said the president-elect had been “quite clear” that the Justice Department and the FBI would be independent under his administration.

The environmental groups targeted in the hacking campaign have urged investigators to keep at the case and scrutinize any possible involvement by Exxon.

The Center for International Environmental Law’s acting president, Amanda Kistler, said the Reuters story had exposed the cyberespionage operation’s “increasingly clear links to Exxon Mobil.” The Union of Concerned Scientists’ Kathy Mulvey urged investigators “to get to the bottom of what if any role Exxon Mobil may have played here.”

Those two groups were among the organizations named as targets of mercenary hackers by the Canadian watchdog group Citizen Lab in 2020. 

Reuters has since identified more than a dozen additional groups caught up in the surveillance operation, including several public affairs firms such as SKD Knickerbocker, which regularly does work for Democratic politicians and left-leaning campaigns.

Data reviewed by Reuters as part of its long-running investigation shows that the hackers also targeted the advocacy organization Oil Change International, environmental and human rights group Earthworks, and the left-wing Working Families Party.

SKD Knickerbocker, now known as SKD, said it had “not been breached and no emails were compromised.”

Oil Change International’s Executive Director Elizabeth Bast said in a statement that industry had spent years undermining those fighting climate change and the “disgusting” hacking allegations uncovered by Reuters “underscore why governments must take action to rein in these rogue companies.” 

In a statement, Washington-based Earthworks wondered “what threat” it could possibly have posed to a company the size of Exxon.

The Working Families Party’s political director, Joe Dinkin, demanded that Exxon investigate its relationship with the hackers.

“Beyond that, an apology would be nice,” Dinkin said.