Exxon Knew: Hack-for-Hire operation targeted groups fighting for climate action
The Canadian digital watchdog group Citizen Lab reported Tuesday that a hack-for-hire group targeted thousands of organizations around the world, including climate advocacy groups involved in the #ExxonKnew campaign. Groups that have asserted ExxonMobil knew about and hid data linking fossil fuel extraction to the climate crisis for years were among those that faced phishing attempts by a group dubbed “Dark Basin” by Citizen Lab. According to the research, numerous progressive groups—including Public Citizen, Greenpeace, 350.org, and Oil Change International—were among those targeted.
After an extensive multi-year investigation, Citizen Lab reported that it has linked Dark Basin “with high confidence” to BellTroX InfoTech Services, a technology company based in India which has publicly stated its hacking capabilities.
In 2017 when Citizen Lab began its investigation, the group believed Dark Basin could be state-sponsored, but soon determined it was likely a hack-for-hire operation. Its targets—which also included journalists, elected officials, and digital rights groups that have lobbied for net neutrality—”were often on only one side of a contested legal proceeding, advocacy issue, or business deal.”
The watchdog has not been able to definitively link Dark Basin’s phishing efforts to particular entities which would have an interest in threatening the #ExxonKnew campaign and net neutrality advocates.
“That said, the extensive targeting of American nonprofits exercising their First Amendment rights is exceptionally troubling,” wrote Citizen Lab in its report.
A global hack-for-hire scheme, Citizen Lab wrote, “is a serious problem for all sectors of society, from politics, advocacy, and government to global commerce,” particularly because the targets have little recourse without a robust investigation by law enforcement.
“Many of Dark Basin’s targets have a strong but unconfirmed sense that the targeting is linked to a dispute or conflict with a particular party whom they know,” the report reads. “However, absent a systematic investigation, it is difficult for most individuals to determine with certainty who undertakes these phishing campaigns and/or who may be contracting for such services, especially given that Dark Basin’s employees or executives are unlikely to be within the jurisdiction of their local law enforcement.”
350.org responded to the report, noting that Citizen Lab’s ongoing investigation could eventually uncover the fossil fuel industry’s involvement. While acknowledging the evidence does not exist to directly implicate Exxon or any specific corporate actor behind the effort, the group said it would be deeply troubled to find out the company would behave in such a manner.
“If the investigation demonstrates that Exxon is behind these attacks, it only shows how far the fossil fuel industry will go to silence critics and avoid accountability for fueling climate change,” said 350.org.
Net neutrality advocates are accustomed to seeing “an uptick in breach attempts whenever we’re engaged in heated and high-profile public policy debates,” Tim Karr of Free Press told CBC Tuesday. Free Press was targeted by Dark Basin in 2017 as President Donald Trump’s FCC was working to repeal net neutrality rules.
“When corporations and politicians can hire digital mercenaries to target civil society advocates, it undermines our democratic process,” Evan Greer, deputy director of digital rights group Fight for the Future, told CBC.