Inside ExxonMobil's Alleged Hack-for-Hire Campaign Targeting Climate Activists

Why it matters: A hack-for-hire operation linked to ExxonMobil targeted over 500 climate activists and journalists, showing us how corporations can now deploy nation-state-level cyber capabilities against their critics. This case shines a light on the industrialization of digital warfare in corporate disputes, with massive implications for advocacy and journalism.

The big picture: The operation combined mercenary hackers, professional PR firms, and legal teams to weaponize stolen information in courts and media. Code-named “Fox Hunt,” this effort goes deep into the cybercriminals playbook, complete with phishing campaigns and layers of plausible deniability built into the architecture.

By the numbers:

• 500+ environmental activists and family members targeted

• 28,000+ malicious URLs deployed

• 100+ phishing attempts sent to high-value targets

• $10+ million/year in revenue from Exxon to DCI Group, the PR firm allegedly involved

How it worked:

• Target List Creation:
  The DCI Group, Exxon’s public relations and lobbying firm at the time, allegedly compiled a list of targets, including activists and attorneys involved in climate litigation.

• Outsourced Hacking:
  The list was handed to Israeli private detective Amit Forlit, who outsourced the hacking to India-based BellTroX InfoTech Services, a notorious hack-for-hire firm.

• Phishing Campaigns:
  BellTroX sent sophisticated phishing emails designed to mimic colleagues and friends, successfully breaching email accounts.

• Weaponization of Stolen Data:
  Hacked emails were leaked to media outlets and used in court filings to discredit environmental advocates and bolster Exxon’s legal defenses.

Timeline of Key Events

• 2015: Reports surface that Exxon scientists knew fossil fuels contributed to climate change but downplayed the risks publicly.

• November 2015: New York Attorney General Eric Schneiderman announces an investigation into Exxon, sparking the #ExxonKnew campaign.

• 2016: Stolen Rockefeller Family Fund memo leaks to media, used to paint climate litigation as a politically motivated vendetta.

• 2018: Exxon lawyers cite hacked documents to argue against lawsuits filed by state attorneys general.

• 2022: Aviram Azari, an associate of Forlit, is convicted in the U.S. for hack-for-hire schemes.

Between the lines: The operation's timing aligned perfectly with key events in climate change litigation against Exxon, suggesting coordination between hackers and legal teams.

What they're saying:

• Exxon denies involvement, calling allegations "conspiracy theories"

• DCI Group: "We direct all our employees and consultants to comply with the law"

Fallout for Activists

The hack-and-leak operation disrupted key preparations for lawsuits modeled on historic tobacco litigation. Attorney Matt Pawa, who drove much of the anti-Exxon litigation, said the leaks turned his life upside down:

Activists described a chilling effect, with Kert Davies of the Center for Climate Integrity noting that the leaks “sent a shudder through the environmental community.”

What's next: The FBI investigation continues, while advocates push for stronger legal frameworks to address hack-for-hire operations.

The bottom line: This case exposes how corporate disputes have moved from boardrooms to cybersecurity battles, with massive potential impact on advocacy and journalism.

Go deeper: Read Citizen Lab's full investigation into Dark Basin and their connections to BellTroX.

Longer form thoughts:

What we're witnessing isn't just corporate espionage – it's the industrialization of digital warfare. As Reuters reports, Exxon, facing existential threats from climate litigation, apparently decided to go full Metal Gear Solid on its critics. But here's the genius (and I mean that in the Machiavellian sense): they built a perfect plausible deniability machine.

The Architecture of Modern Corporate Warfare:

1. Client (allegedly Exxon) ->

2. PR Firm (DCI Group) ->

3. Israeli PI (Forlit) ->

4. Indian Hackers (BellTroX)

This is what we’ll call the "four-layer burrito of blame." Each layer provides insulation from legal and reputational risk. It's brilliant and terrifying.

The Economics Follow the money:

• $10M/year from Exxon to DCI

• Unknown millions to Israeli/Indian hackers

• Potential billions saved in climate litigation

The ROI here is insane. For the cost of a few executive salaries, Exxon potentially derailed multiple state-level lawsuits and gained tactical advantage in ongoing litigation.

Why It Works

• Asymmetric Warfare: Advocacy groups lack the resources to combat such sophisticated campaigns.

• Perfect Information Arbitrage: Stolen documents provide insider knowledge for strategic advantage.

• Legal Weaponization: Data obtained via hacking is used in courts under the guise of legitimate evidence.

This is peak late-stage capitalism meets cyberpunk reality. We've created a world where:

• Corporations can deploy nation-state level cyber capabilities

• Legal systems are unprepared for weaponized stolen information

• Plausible deniability can be purchased as a service

This isn't just about Exxon. We're seeing the emergence of a new business model: Industrialized Digital Espionage as a Service (IDEaaS?). And like all good SaaS businesses, it scales beautifully.

What's Next?

1. More sophisticated cutout structures

2. AI-powered targeting and social engineering

3. Blockchain-based payment systems for better opacity

4. Increased regulatory scrutiny (too little, too late)

The Bottom Line: The game has changed. The next great corporate advantage might not come from better products or services, but from better information warfare capabilities. And that is terrifying to me.