If you think corporate espionage is just the stuff of Hollywood movies, you need to look at what is happening in a New York federal courtroom right now.
For years, climate activists, journalists, and public officials had a sinking feeling they were being watched. Their emails were targeted. Their private discussions were leaked. It felt like someone had a key to their digital lives, but nobody could prove who was holding the keyring.
That is changing fast. The extradition and US court appearances of an Israeli private investigator named Amit Forlit have set off alarm bells in the fossil fuel industry. Forlit is facing serious hacking and wire fraud charges. But he is not the big fish. The real story is about who allegedly paid him.
This trial could finally draw a direct line from a major Washington lobbying firm and one of the world's most powerful oil giants straight to an international web of mercenary hackers.
The Day the Inbox Exploded
To understand how we got here, we have to go back to late 2015.
A series of blockbuster investigative reports revealed something devastating: ExxonMobil’s own scientists had confirmed as early as 1982 that burning fossil fuels would cause a climate crisis. Yet, instead of pivoting, the company spent decades funding campaigns to deny climate science and stall action.
The revelation sparked the #ExxonKnew movement. State attorneys general launched investigations, and environmental groups started plotting legal strategies to hold the company financially liable.
Then, the counter-offensive started.
Activists began receiving weird, highly specific phishing emails. We are not talking about the usual poorly written messages from a long-lost relative asking for money. These were highly targeted, sophisticated spearphishing attempts.
Take Kert Davies, the founder of the Climate Investigations Center. He received over 80 malicious emails. One of them looked exactly like it came from a trusted colleague, containing a link to a Dropbox file titled "ExxonMobil (confidential).docx". Another was disguised as a Google News alert about Exxon litigation.
The hackers knew exactly who was talking to whom. They knew what projects they were working on. When a group of activists held a private meeting in January 2016 to discuss their campaign, the private email invite was somehow leaked to reporters within days.
It was clear that someone was inside their networks.
Unmasking Dark Basin
The break in the case did not come from law enforcement. It came from researchers at Citizen Lab, a digital watchdog group based at the University of Toronto.
In 2020, Citizen Lab published a report exposing a massive "hack-for-hire" operation they named "Dark Basin". They linked the infrastructure to a Delhi-based company called BellTroX InfoTech Services. BellTroX was essentially a digital mercenary outfit. If you had the money, they would steal the emails.
The targets of Dark Basin spanned six continents, but a massive cluster pointed directly at US climate nonprofits, including Greenpeace, the Rockefeller Family Fund, and the Union of Concerned Scientists.
The digital trail was clear, but the financial trail was buried. Who was paying the bills? BellTroX did not know the end clients; they were hired by middlemen.
The Middlemen and the Lobbyists
Federal investigators started pulling the thread.
First came Aviram Azari, another Israeli private investigator. He was arrested in 2019, pleaded guilty to managing a global hacking campaign, and was sentenced to 80 months in prison in 2023. Yet throughout his trial, the identity of his ultimate clients remained shielded under court-approved redactions.
Then came Amit Forlit.
Forlit was arrested in London in 2024 and extradited to the US in early 2026. Facing up to 45 years in prison, his defense team decided they were not going down quietly. In court filings fighting his extradition, Forlit’s lawyer pointed the finger directly at who allegedly hired his client:
“The hacking is alleged to have been commissioned by DCI Group, a lobbying firm representing ExxonMobil, one of the world's largest fossil fuel companies.”
DCI Group is not just any lobbying firm. They are a powerhouse in Washington, known for running high-stakes public affairs campaigns for corporate giants. Suddenly, the puzzle pieces fell into place.
The alleged pipeline looked like this:
- The Client: ExxonMobil faces massive legal threats over climate deception.
- The Fixer: Lobbying firm DCI Group is brought in to manage the defense and public narrative.
- The Middlemen: Israeli private investigators like Forlit and Azari are hired to gather intelligence.
- The Mercenaries: Indian hacking outfits like BellTroX execute the actual spearphishing campaigns.
- The Payoff: Stolen emails are leaked to friendly media outlets to paint climate lawsuits as a corrupt conspiracy.
ExxonMobil and DCI Group have both denied any involvement. A DCI spokesperson dismissed the claims as false, blaming "radical anti-oil activists" for peddling conspiracy theories. But federal prosecutors do not base extradition requests on conspiracy theories. They base them on bank records, IP addresses, and encrypted chat logs.
Why the Trial is a Nightmare for Big Oil
This case is about far more than some stolen emails from 2016. It strikes at the very heart of the massive legal battle currently raging over climate change liability.
Right now, dozens of cities, states, and counties are suing major oil companies for billions of dollars to cover the costs of extreme weather, rising sea levels, and infrastructure damage. The industry is terrified of these lawsuits. They are actively lobbying Congress for liability waivers to block these cases from ever reaching a jury.
If the DOJ trial proves that Exxon's surrogates used hacked materials to derail these lawsuits, the fallout will be catastrophic for the industry's defense. It shifts the public and legal narrative from "a policy debate about energy transition" to "an active criminal cover-up."
It is incredibly rare for corporate giants to get caught red-handed in hacking operations. Usually, the layers of shell companies and offshore accounts keep them safe. If the New York trial pierces that corporate veil, it could set a massive precedent.
Protect Your Organization From Mercenary Hackers
If your group works on high-profile corporate accountability, advocacy, or investigative journalism, you cannot assume you are too small to be targeted. The Exxon case proves that corporations are willing to spend millions on international espionage to protect their bottom lines.
You have to take your digital security seriously. Here is how to lock things down:
Ditch SMS Two-Factor Authentication
If you are still receiving security codes via text message, you are vulnerable to SIM-swapping. Switch your accounts to use hardware security keys (like YubiKeys) or authenticator apps (like Google Authenticator or Duo).
Implement Strict Email Protocols
The Dark Basin attacks relied entirely on convincing spearphishing.
- Never click on file-sharing links (Dropbox, Google Drive) without verbally or visually confirming with the sender first.
- Train your team to inspect email headers, not just the display name.
- Use encrypted communication tools like Signal for sensitive discussions instead of standard email.
Run Regular Security Audits
Do not wait for a breach to find out your systems are compromised. Employ external security firms to test your networks. Keep a clean record of who has access to your organization's sensitive files and revoke permissions the second someone leaves the team.
The trial of Amit Forlit is just getting started. As the court proceedings move forward in New York, the public will get a front-row seat to how the modern corporate espionage machine operates. Keep your eyes on this courtroom. The secrets revealed here could rewrite the rules of climate litigation forever.