For years, the U.S. Justice Department has worked to unravel a global hacking campaign that targeted prominent American climate activists. Now, public tax filings reviewed by NPR reveal an unexpected link between the company that allegedly commissioned the attacks and some of the victims.
The connection emerges as another element in the complex story of how hackers were allegedly hired to attack parts of American civil society. The Justice Department investigation has focused recently on an Israeli private investigator named Amit Forlit whom federal prosecutors are trying to extradite from the United Kingdom for allegedly orchestrating the hacking. Prosecutors say the operation was aimed at gathering information to foil lawsuits against the fossil fuel industry over damage communities have faced from climate change.
Buried in the investigation’s court filings are the names of one of the world’s biggest publicly-traded oil companies and one of its longtime lobbyists: ExxonMobil and DCI Group. In an affidavit filed in the UK, a federal prosecutor identifies DCI as the firm that allegedly commissioned the hacking.
DCI was working for ExxonMobil when the attacks allegedly started around early 2016, according to federal lobbying records and Justice Department legal filings. At the same time, DCI was also consulting for New Venture Fund, a nonprofit known for working on progressive causes, including reducing the use of fossil fuels, according to tax filings NPR reviewed. During that period when DCI worked for both ExxonMobil and New Venture Fund, a senior advisor at the nonprofit was working with climate activists targeted by the alleged hacking operation.
Legal experts and researchers who track Washington’s influence industry told NPR the relationship between DCI and New Venture Fund raises questions about what role that connection might have played in the alleged targeting of climate activists. Analysts at The Citizen Lab, a cyber watchdog at the University of Toronto, said in a report about the attacks that they were carefully tailored, suggesting hackers had a “highly detailed and accurate understanding” of the climate activists and their relationships.
“What you have unearthed is certainly a step investigators would want to look at,” Barbara McQuade, a law professor at the University of Michigan and a former federal prosecutor, told NPR about the link between DCI and New Venture Fund.
In criminal cases, investigators map out relationships between individuals and organizations using things like financial transactions, phone records and tax filings, McQuade says. “When you layer them along with dates, sometimes you can find interesting patterns,” she says.
The Justice Department didn’t respond to a message seeking comment.
A DCI executive, Craig Stevens, declined to comment. Stevens previously told NPR that no one at the firm has been questioned by the U.S. government as part of the hacking investigation. “Allegations of DCI’s involvement with hacking supposedly occurring nearly a decade ago are false and unsubstantiated. We direct all our employees and consultants to comply with the law,” Stevens said. “Meanwhile, radical anti-oil activists and their donors are peddling conspiracy theories to distract from their own anti-U.S. energy activities.”
ExxonMobil referred to a previous statement in which the company told NPR it has not been “involved in, nor are we aware of, any hacking activities. If there was any hacking involved, we condemn it in the strongest possible terms.” The company has said it has repeatedly acknowledged “climate change is real, and we have an entire business dedicated to reducing emissions.”
New Venture Fund President Lee Bodner told NPR that DCI worked on a project housed at the nonprofit that promoted education reform and Common Core state education standards with Republicans. Bodner says DCI wouldn’t have had access to New Venture Fund’s internal computer systems.
Hacking victim says the attacks felt like ‘Big Brother had arrived’
The hacking operation against climate activists fits a widespread pattern in which companies and wealthy individuals use private investigators to conduct cyberespionage against opponents, often to discredit them in legal disputes.
As part of the Justice Department’s long-running investigation into the hacking, an Israeli private investigator named Aviram Azari was sentenced to prison in the U.S. in late 2023 after pleading guilty to conspiracy to commit computer hacking, wire fraud and aggravated identity theft. Azari hired hackers who targeted American climate activists, as well as government officials in Africa, members of a Mexican political party and critics of a German company called Wirecard, according to federal prosecutors.
In a sentencing memo for Azari, prosecutors singled out ExxonMobil, saying the com
threaded - newest
For years, the U.S. Justice Department has worked to unravel a global hacking campaign that targeted prominent American climate activists. Now, public tax filings reviewed by NPR reveal an unexpected link between the company that allegedly commissioned the attacks and some of the victims.
The connection emerges as another element in the complex story of how hackers were allegedly hired to attack parts of American civil society. The Justice Department investigation has focused recently on an Israeli private investigator named Amit Forlit whom federal prosecutors are trying to extradite from the United Kingdom for allegedly orchestrating the hacking. Prosecutors say the operation was aimed at gathering information to foil lawsuits against the fossil fuel industry over damage communities have faced from climate change.
Buried in the investigation’s court filings are the names of one of the world’s biggest publicly-traded oil companies and one of its longtime lobbyists: ExxonMobil and DCI Group. In an affidavit filed in the UK, a federal prosecutor identifies DCI as the firm that allegedly commissioned the hacking.
DCI was working for ExxonMobil when the attacks allegedly started around early 2016, according to federal lobbying records and Justice Department legal filings. At the same time, DCI was also consulting for New Venture Fund, a nonprofit known for working on progressive causes, including reducing the use of fossil fuels, according to tax filings NPR reviewed. During that period when DCI worked for both ExxonMobil and New Venture Fund, a senior advisor at the nonprofit was working with climate activists targeted by the alleged hacking operation.
Legal experts and researchers who track Washington’s influence industry told NPR the relationship between DCI and New Venture Fund raises questions about what role that connection might have played in the alleged targeting of climate activists. Analysts at The Citizen Lab, a cyber watchdog at the University of Toronto, said in a report about the attacks that they were carefully tailored, suggesting hackers had a “highly detailed and accurate understanding” of the climate activists and their relationships.
“What you have unearthed is certainly a step investigators would want to look at,” Barbara McQuade, a law professor at the University of Michigan and a former federal prosecutor, told NPR about the link between DCI and New Venture Fund.
In criminal cases, investigators map out relationships between individuals and organizations using things like financial transactions, phone records and tax filings, McQuade says. “When you layer them along with dates, sometimes you can find interesting patterns,” she says.
The Justice Department didn’t respond to a message seeking comment.
A DCI executive, Craig Stevens, declined to comment. Stevens previously told NPR that no one at the firm has been questioned by the U.S. government as part of the hacking investigation. “Allegations of DCI’s involvement with hacking supposedly occurring nearly a decade ago are false and unsubstantiated. We direct all our employees and consultants to comply with the law,” Stevens said. “Meanwhile, radical anti-oil activists and their donors are peddling conspiracy theories to distract from their own anti-U.S. energy activities.”
ExxonMobil referred to a previous statement in which the company told NPR it has not been “involved in, nor are we aware of, any hacking activities. If there was any hacking involved, we condemn it in the strongest possible terms.” The company has said it has repeatedly acknowledged “climate change is real, and we have an entire business dedicated to reducing emissions.”
New Venture Fund President Lee Bodner told NPR that DCI worked on a project housed at the nonprofit that promoted education reform and Common Core state education standards with Republicans. Bodner says DCI wouldn’t have had access to New Venture Fund’s internal computer systems.
Hacking victim says the attacks felt like ‘Big Brother had arrived’
The hacking operation against climate activists fits a widespread pattern in which companies and wealthy individuals use private investigators to conduct cyberespionage against opponents, often to discredit them in legal disputes.
As part of the Justice Department’s long-running investigation into the hacking, an Israeli private investigator named Aviram Azari was sentenced to prison in the U.S. in late 2023 after pleading guilty to conspiracy to commit computer hacking, wire fraud and aggravated identity theft. Azari hired hackers who targeted American climate activists, as well as government officials in Africa, members of a Mexican political party and critics of a German company called Wirecard, according to federal prosecutors.
In a sentencing memo for Azari, prosecutors singled out ExxonMobil, saying the com