Exxon relied on hacked info in fight against climate probes — court docs

By Lesley Clark | 10/16/2023 06:42 AM EDT

The federal sentencing of the ringleader of a global hack-for-hire operation revealed that the oil company cited press reports in court that used stolen information.

U.S. Attorney Damian Williams for the Southern District of New York speaks during a news conference at the Department of Justice in Washington in May.

U.S. Attorney Damian Williams for the Southern District of New York speaks during a news conference at the Department of Justice in Washington in May. Jose Luis Magana/AP

In its battle against climate investigations in Massachusetts and New York, Exxon Mobil cited news reports that leaned on stolen information, according to court documents filed last week in connection with a vast hacking-for-hire scheme.

According to a sentencing memo filed Thursday, Israeli private detective Aviram Azari contracted various hacking groups to target individuals and entities around the globe, including climate change activists in the United States.

The document does not name any of Azari’s clients. But Damian Williams, the U.S. attorney for the Southern District of New York, said in the memo that some hacked files that were stolen from climate activists’ accounts were leaked to the press.


Those stories — relating to investigations led by the Massachusetts and New York attorneys general — were later “incorporated into court filings Exxon made in state and federal court while litigating against the state AGs’ investigations,” Williams said.

Azari, who has been jailed in New York since 2019, is scheduled to be sentenced in federal court Wednesday. Exxon did not return requests for comment on Friday, but the company has long denied any ties to Azari.

Exxon told the Wall Street Journal in March when it reported that anti-Exxon activists had been targeted by Azari that the company “has no knowledge of Azari, had no involvement in any hacking activities and has not been accused of any wrongdoing. To be clear, ExxonMobil has done nothing wrong.”

In the sentencing memo, Williams wrote that the news articles that used the hacked material “appeared designed to undermine the integrity” of the two state investigations into Exxon or “individuals working at the non-profit organizations purportedly involved in influencing the state AGs to investigate Exxon.”

The Massachusetts and New York attorneys general offices began investigating Exxon in 2016, alleging that the company downplayed the hazards of climate change decades ago. The investigations spurred the hashtag #ExxonKnew and drew vociferous pushback from the industry.

Since 2017, nearly 40 cities, counties and states, including Massachusetts, have filed lawsuits against the industry, charging it with purposefully deceiving the public about climate change. After years of efforts by the industry to quash the cases, state courts around the country are beginning to hear the lawsuits, which could cost the oil industry hundreds of billions of dollars if they succeed.

The sentencing memo includes victims’ statements from a number of people who say they were targeted in the spear phishing campaign, including Peter Frumhoff, who until 2021 was chief climate scientist at the Union of Concerned Scientists.

Frumhoff, whose work included a “climate accountability” campaign that sought to spotlight the role of the major fossil fuel companies in disinformation about climate change, told prosecutors that he received “repeated, deceptive emails” that suggested a knowledge of his interests and contacts.

He said his work email account was hacked, causing him “a great deal of stress” and putting an “inevitable chilling effect” on his organization’s efforts to tackle climate change.

Kert Davies, former director of the Climate Investigations Center, was targeted with more than 80 emails disguised as messages from friends, staff and colleagues. In the memo, Davies — who now works for the Center for Climate Integrity, which backs climate litigation — said the cyber campaign produced “anxiety, paranoia, depression, sleeplessness and fear.”

Bradley Campbell — president of the Conservation Law Foundation, which has filed lawsuits against Exxon for failing to prepare for climate change — told prosecutors that the agenda and attendee list for a private meeting at the offices of the Rockefeller Family Fund was leaked to the press and “cited on an ExxonMobil webpage designed to dispel criticism of the company’s climate stance.”

Campbell said he later learned that he and at least 24 members of his staff were taken in by Azari’s spearphishing efforts and that the harm was “significant and far-reaching.” Beyond technology upgrades and security, the non-economic harm was “far greater,” he told prosecutors.

Climate activists were not the only targets. The sentencing document says Azari also sought to hack individuals and companies critical of a now-defunct German payment processor, employees of the Bahamas gaming authority, members of a Mexican political party and governmental officials from various African countries.

Azari pled guilty in April 2022 to conspiracy to commit computer hacking, two counts of wire fraud and aggravated identity theft. The state is asking for him to be sentenced to prison for as long as 11 years.

In a memo to the court, Azari’s attorney, Barry Zone, asked for a sentence of no more than five years, arguing that his client has contracted “a debilitating medical condition” in jail and has already “endured a simply unimaginable punishment.”