In the early weeks of 2016, a high-stakes strategy session took place in the Upper Manhattan offices of the Rockefeller Family Fund. The attendees—a select group of environmental advocates, legal experts, and climate scientists—were gathered to discuss a daunting objective: holding Exxon Mobil, one of the most powerful corporations on the planet, legally accountable for its role in the climate crisis. The meeting followed explosive investigative reports from InsideClimate News and the Los Angeles Times, which revealed that Exxon’s own scientists had accurately predicted the catastrophic effects of global warming as early as 1982, even as the company spent the subsequent decades funding campaigns to sow public doubt about climate science.
For the activists, the movement known by the hashtag #ExxonKnew represented a tipping point in climate litigation. For Exxon, it represented an existential legal and public relations threat. Within weeks of that Manhattan meeting, the digital walls began to close in on the participants. Kert Davies, founder of the Climate Investigations Center, was among the first to notice something was wrong. It began with a seemingly innocuous notification: "Kert, you have 5 poke." The email, designed to look like a standard Facebook alert, was the opening salvo in a sophisticated, multi-year cyber-espionage campaign that is only now being fully unmasked in federal court.

The Anatomy of a Corporate Counter-Offensive
The phishing campaign targeting Davies and his colleagues was not a random act of cybercrime. It was a targeted intelligence-gathering operation designed to disrupt the legal and political momentum building against the fossil fuel industry. As Davies and other activists clicked on links that appeared to be from LinkedIn, Twitter, or Google Drive, they were unknowingly granting access to their private communications.
By April 2016, the fruits of this digital intrusion became public. The Wall Street Journal and the Washington Free Beacon published detailed articles based on a leaked internal agenda from the January Rockefeller meeting. The reports alleged a "secret coordination" effort between climate activists and state officials to target Exxon. Almost immediately, Exxon’s legal team seized on these reports. In court filings intended to block subpoenas from 17 state attorneys general, Exxon quoted the stolen meeting agenda to argue that the investigations were not based on law, but were part of a politically motivated conspiracy orchestrated by environmental "extremists."
For years, the source of the leak remained a mystery. While activists suspected they had been hacked, they lacked the forensic evidence to prove it. It was not until the Department of Justice unsealed indictments against a network of Israeli private investigators that the bridge between the hackers and the oil industry began to take shape.

From Dark Basin to Federal Indictments: A Chronology of Discovery
The investigation into the #ExxonKnew hacks eventually merged with a broader global inquiry into the "hack-for-hire" industry. The timeline of discovery reveals a sprawling network of mercenaries operating across four continents.
2017: The Citizen Lab Discovery
John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, began investigating a series of phishing attacks against financial journalists and hedge funds. His team discovered a massive infrastructure they dubbed "Dark Basin." This operation, run by an Indian firm called BellTroX InfoTech Services, had targeted thousands of individuals, including CEOs, politicians, and human rights defenders. Crucially, the list of targets included nearly every major figure involved in the #ExxonKnew campaign.
2019: The Arrest of Aviram Azari
The first major legal breakthrough occurred in September 2019, when federal agents arrested Israeli private investigator Aviram Azari at John F. Kennedy International Airport. Prosecutors alleged that Azari acted as a middleman, hiring the Indian hackers on behalf of wealthy clients. In 2022, Azari pleaded guilty to wire fraud and conspiracy to commit computer hacking, admitting to managing a global campaign that earned him more than $4.8 million over five years.

2024: The Extradition of Amit Forlit
The most direct link to the fossil fuel industry emerged with the arrest of another Israeli investigator, Amit Forlit. Extradited from the United Kingdom to the United States in early 2024, Forlit faces charges that could result in 45 years in prison. In court documents filed during his extradition battle, Forlit’s own defense team alleged that the hacking of climate activists was commissioned by DCI Group, a prominent Washington-based public affairs firm with a long-standing relationship with Exxon Mobil.
Supporting Data: The Lobbying and Legal Paper Trail
The financial relationship between Exxon Mobil and DCI Group provides critical context for the allegations. According to public lobbying disclosures, Exxon has been a major client of DCI Group for nearly two decades. In 2015 alone—the year the hacking operation was allegedly commissioned—Exxon paid DCI Group approximately $320,000 for lobbying services. Over the broader period of the #ExxonKnew controversy, the company’s total expenditures on the firm reached into the millions.
The federal indictment against Forlit describes a client matching Exxon’s description: "one of the world’s largest oil and gas corporations, with headquarters in Irving, Texas." At the time of the alleged crimes, Exxon was the only global oil major headquartered in Irving. The indictment further alleges that a principal at a "lobbying firm" (identified in Forlit’s filings as DCI Group) sent a memo to the client outlining a plan to go "on offense" against environmental groups. The budget for this "intelligence-gathering" project was reportedly $125,000 per month.

Official Responses and Denials
Despite the mounting evidence in court filings, all corporate entities involved have maintained their innocence. Exxon Mobil, which recently moved its headquarters to Houston, has denied any knowledge of or involvement in hacking. "We have not been involved in, nor are we aware of, any hacking activities," the company stated in a previous response to the allegations. "If there was any hacking involved, we condemn it in the strongest possible terms."
DCI Group has been equally firm in its denials. Craig Stevens, a partner at the firm, stated that DCI directs all employees and consultants to comply with the law. He added that the firm had been informed by the government that it was not currently under investigation and characterized any insinuation of involvement in hacking as "false and unsubstantiated." Amit Forlit has pleaded not guilty to all charges.
Analysis: The Implications of Corporate Cyber-Warfare
The Forlit case represents more than just a legal battle over stolen emails; it highlights a dangerous evolution in corporate strategy. For decades, large corporations have used "strategic lawsuits against public participation" (SLAPPs) to silence critics. The #ExxonKnew hacking campaign suggests that the "offensive" has moved into the digital realm, utilizing the same tools of espionage once reserved for state intelligence agencies.

The implications for civil society are profound. The victims of the #ExxonKnew hack reported a "chilling effect" on their work, leading to pervasive anxiety and a breakdown in communication. Jennifer Cunningham, a consultant for the New York Attorney General during the Exxon investigation, noted that the phishing attempts were likely aimed at uncovering legal strategies, potentially giving the defendant an unfair advantage in multi-billion-dollar litigation.
Furthermore, the "hack-for-hire" model provides corporations with a layer of plausible deniability. By utilizing a chain of intermediaries—lobbying firms, private investigators, and offshore hacking cells—the ultimate beneficiary of the stolen data can remain shielded from criminal liability.
Conclusion: A Turning Point for Accountability
As Amit Forlit awaits trial in the United States, the climate advocacy community is watching closely. For activists like Kert Davies, who have spent a decade living in the shadow of digital surveillance, the case offers a rare opportunity for transparency. The potential for the trial to reveal internal communications between Exxon, DCI Group, and the hackers could set a precedent for how corporate espionage is prosecuted in the 21st century.

Today, the legal pressure on the fossil fuel industry is greater than ever. Dozens of cities and states are currently suing oil majors for damages related to climate-induced disasters, with potential liabilities reaching hundreds of billions of dollars. If the court proves that Exxon or its agents utilized illegal hacking to subvert these investigations, it could not only lead to criminal penalties but also significantly weaken the industry’s defense in the ongoing climate liability "trial of the century." The shadow war, it seems, is finally coming into the light.








Leave a Reply