Yesterday, The Wall Street Journal's Christopher Matthews reported BellTroX, an IT firm based in New Delhi, India, targeted a group of climate activists and funders in 2016 with spear phishing messages just three days before they were scheduled to discuss ExxonMobil's climate disinformation.
Months later, in April 2016, The Washington Free Beacon published a story with a private email about the meeting, which was convened by the Rockefeller Family Fund and included Bill McKibben, and staff from Greenpeace, Public Citizen, and other advocacy organizations.
While Exxon denied culpability, the company "eventually cited the email on its website," as part of its legal counter-attack against those seeking to hold it accountable for decades of climate denial and/or the costs of climate impacts we could've avoided.
Exxon has not been formally accused of hiring Aviram Azari, an Israeli private detective who Matthews reports hired BellTroX. Azari pleaded guilty to hacking, wire fraud, and identity theft in 2022, and there haven't been any other public charges brought in relation to the case.
But Azari was certainly not acting alone. "According to court documents," Matthews reported, "Mr. Azari would provide the Indian hackers with information on the main targets for each hacking project as well as on individuals who were connected to the main targets, such as family, friends or co-workers."
Climate activists were far from the only targets, as Azari has admitted that now-defunct German company Wirecard was also a client whose short-sellers and journalistic and regulatory investigators were targeted. Wirecard denied any "direct or indirect contact with a hacker group from India,” which is a very specific sort of denial that would still allow for the company to have contact with a hacker group it believed to have been from anywhere other than India.
Exxon's denial was a bit more firm, with a statement that the company “has no knowledge of Azari, had no involvement in any hacking activities and has not been accused of any wrongdoing. To be clear, ExxonMobil has done nothing wrong.”
But like Wirecard's very-specific-denial, this statement leaves room for Exxon having knowledge of someone else working with someone like Azari, and having done something wrong on the company's behalf but without having given them the details to ensure the company's executives can maintain plausible deniability. (Unrelated: last year an ExxonMobil lobbyist admitted the company used "shadow groups to work against" climate efforts in secret.) (Also unrelated: ExxonMobil reportedly directs site content at Energy In Depth, which is actively using emails of ExxonMobil critics as part of its years-long campaign to defend the company, and industry, with the help of some friends like tobacco-turned-fossil-fuel-backed lawyer Chris Horner.)
Rockefeller Family Fund director Lee Wasserman told Matthews that "the defendant" Aviram Azari, "did not decide on his own to follow and target climate advocates in the U.S. from halfway around the world. He was clearly working for corporate actors in this country."
What a mystery! Who could possibly guess which corporate actor would hire hackers to target a meeting of ExxonMobil's critics? Who can (safely) say? Certainly not us!
Anyway, be sure to enable your two-factor authentication and otherwise shore up your security!