Private eye behind #ExxonKnew hacking scheme faces jail time

By Lesley Clark | 11/16/2023 06:09 AM EST

Climate activists say sentencing of Aviram Azari is an “empty win” because they still don’t know who ordered him to infiltrate their email accounts.

Damian Williams, the U.S. attorney for the Southern District of New York, speaks during a Dec. 13, 2022, press conference.

Damian Williams, the U.S. attorney for the Southern District of New York, speaks during a Dec. 13, 2022, press conference. Julia Nikhinson/AP Photo

A private eye who has pleaded guilty to hiring a global network of hackers to target anti-Exxon Mobil climate activists will be sentenced this week.

But Aviram Azari’s punishment — to be handed down Thursday in a federal courtroom in Manhattan — comes as a hollow victory for the environmentalists whose email accounts were breached by hackers working at Azari’s direction.

Though most of the activists were involved in the #ExxonKnew climate campaign — and the oil company used some of the stolen material in court and on its website — almost no one who hired Azari has been named in the legal proceedings. Exxon has said repeatedly that it has no knowledge of Azari and had no involvement in any hacking activities.


Azari’s targets included a global array of financial companies and government officials, in addition to the climate activists. Prosecutors said he took in $4.8 million for his work between 2014 and 2019. But only one of his clients — a now-defunct German financial technology company — has been publicly identified.

Cyber specialists say the other entities that hired Azari might not ever face prosecution, even if he reveals his clients. It’s not a crime to hire a private investigator, and few companies would put in writing that an investigator should conduct illegal hacking on their behalf.

“Even if he says he was hired by dot, dot, dot, that doesn’t mean the company that hired him was legally liable,” said Vahid Behzadan, an assistant professor in computer and data science at the University of New Haven. “They can always claim that the private investigator has taken it on his own to go down the illegal hacking path.”

Behzadan said it’s increasingly common for corporations to hire investigators to research competitors.

But a request for background information “does not necessarily include an explicit request for illegal hacking,” he said.

Environmentalists involved in the hacking scam say they’ve been told the investigation won’t end with Azari’s sentencing. Damian Williams, the U.S. attorney for the Southern District of New York, did not respond to a request for confirmation.

“It’s a little bit of an empty win,” said Kert Davies, who was director of the Climate Investigations Center at the time of the hacking and is now at the Center for Climate Integrity. He plans to attend Thursday’s hearing.

“He’s just the middleman in the whole operation,” Davies said of Azari. “We’d sure like to know who paid him.”

‘It couldn’t be clearer who benefited’

An Israeli citizen, Azari, 52, has been detained since his arrest in 2019. He pleaded guilty in April 2022 to conspiracy to commit computer hacking, two counts of wire fraud and aggravated identity theft. The government is asking for him to be sentenced to prison for up to 11 years.

Exxon’s use of documents Azari obtained is already being cited to bolster a lawsuit filed against the oil company by more than a dozen Puerto Rico municipalities. Attorneys for the communities argued in court documents filed earlier this month that Azari’s activities suggest the oil and gas industry continues to engage in climate deception.

Puerto Rico’s class-action lawsuit is one of dozens that have been filed against Exxon and its peers for allegedly misleading the public about the dangers of burning fossil fuels. If successful, the climate liability lawsuits filed by local governments could leave oil majors, including Exxon, on the hook for billions of dollars.

Among the material stolen from environmentalists was the agenda and attendee list for a January 2016 meeting at the offices of the Rockefeller Family Fund, where climate activists sought to gauge interest in litigation against Exxon. That meeting followed investigative reports in 2015 that said the company privately knew about climate change in the 1970s but publicly denied the scientific consensus for decades — revelations that spawned environmentalists’ #ExxonKnew social media and advertising campaign.

The 2016 meeting was mentioned in an article by The Wall Street Journal in April 2016, and the email and invite was printed a day later in The Washington Free Beacon. Energy In Depth, an industry-run website that frequently writes about climate litigation, posted the articles. Exxon later cited the news stories in court documents.

“I do not know who beside the defendant was involved with this crime, but it couldn’t be clearer who benefited from the fruits of crime — and that was Exxon Mobil,” said Lee Wasserman, the director of the Rockefeller Family Fund, who was among the targets of the hackers.

“It was a real attack on civil society and the right of citizens to organize and to address big societal problems, which has been one of the hallmarks of our democracy,” Wasserman said.

A reference to the Rockefeller meeting email — calling it a “leaked memo” — had been on Exxon’s corporate website until it was taken down this spring after The Wall Street Journal published more details of the hacking campaign, according to reporting by WhoWhatWhy.

Wasserman said he viewed the hacking as an effort to distract attention from the dozens of climate liability lawsuits against Exxon and the rest of the oil industry.

In his sentencing memo, U.S. Attorney Williams said the articles appeared “designed to undermine the integrity” of investigations by Massachusetts and New York into Exxon’s activities.

Wasserman said climate activists are not deterred.

“There’s that old military adage,” he said. “If you’re taking flak, it means you’re over the target.”

Media attention

Details of Azari’s operation were first revealed in 2020 by Citizen Lab, a University of Toronto cybersecurity research group.

After a three-year investigation, Citizen Lab said it found that an India-based technology firm had targeted thousands of people on six continents. In addition to climate activists, the hackers went after employees of the Bahamas gaming authority, members of a Mexican political party and governmental officials from various African countries.

Citizen Lab wrote that phishing messages were often sent from accounts that pretended to be colleagues of those targeted and referenced supposedly confidential Exxon documents. Family members of the activists, including at least one minor child, were among those targeted in hopes of gaining access to their email accounts and computer logs.

Nearly a dozen climate advocacy groups were identified in Citizen Lab’s report, which found that the private email inviting attendees to the Rockefeller meeting was leaked to the press by unknown parties.

The email was referenced — but not published — in an April 2016 story by The Wall Street Journal that said the newspaper had “viewed” the agenda of the January meeting.

The Washington Free Beacon posted a story with a link to the email a day later, noting that the “secret meeting” was first reported by The Wall Street Journal but that “the group’s agenda was not posted in full until now.”

The Citizen Lab report notes that phishing attempts dropped off after a reporter in March 2016 asked attendees about the Rockefeller meeting.

But attempts picked up after then-New York Attorney General Eric Schneiderman (D) warned in a June 2017 court filing that he had evidence of “potential materially false and misleading statements by Exxon.”

Targeting spiked again shortly before New York City filed a climate liability lawsuit against Exxon and four other fossil fuel firms in January 2018. The city’s lawsuit was later dismissed.

Court citations

Citizen Lab’s report says it found “multiple other instances” in which internal documents linked to Azari’s targets appeared in the press, most of them in stories seeking to tie billionaire activist Tom Steyer to the climate litigation.

The report cited three stories, including a November 2017 Daily Mail article that refers to a “confidential” March 2015 memo the outlet said it had “obtained exclusively.” The memo showed that two principals with Steyer’s nonprofit group NextGen were briefed in 2015 on what the Daily Mail dubbed the “secret strategy behind the legal campaign.”

Energy In Depth highlighted the Daily Mail story on its blog, calling the memo a “bombshell.”

The hacked information was widely cited. In a 2020 filing in Massachusetts’ lawsuit against the company, Exxon pointed to news coverage of the leaked memo to argue that then-Attorney General Maura Healey (D) had “conspired” with private interests to pressure the oil company to alter its climate position.

The Rockefeller Family Fund, Exxon wrote, helped “devise the playbook” that Healey “has dutifully followed.”

Attorneys with Paul, Weiss, Rifkind, Wharton & Garrison, a New York City-based law firm that represents Exxon in several climate liability cases, cited the Rockefeller meeting in a March 2021 presentation to Massachusetts Superior Court Justice Karen Green about the state’s lawsuit.

The participants in the Rockfeller meeting, said Paul Weiss partner Justin Anderson, “referred openly to an Exxon campaign, the goals of which were to create scandal, force officials to disassociate themselves from the company and delegitimize Exxon Mobil as a political actor.”

Azari will be sentenced at 11 a.m. Thursday in the U.S. District Court for the Southern District of New York in Manhattan.