The Israeli investigator who delivered dirt on Exxon’s enemies

Emil Lendof/WSJ, iStock
Emil Lendof/WSJ, iStock

Summary

Formerly a sleuth with the Manhattan DA’s office, Eitan Arusy is now caught up in a globe-spanning “hack-and-leak” probe.

Eitan Arusy made his name more than a decade ago as a dogged sleuth helping the Manhattan district attorney uncover a well-disguised—and deadly—terror-financing operation.

He parlayed that achievement into a successful career as a private investigator, where he excelled at digging up emails and other nonpublic information that could be used as weapons in high-stakes litigation and geopolitical disputes.

The former Israeli intelligence officer is now on the other side of a major investigation. As part of a globe-spanning probe, the Manhattan U.S. attorney’s office is scrutinizing Arusy’s role within an insular network of Israeli investigators who sought damaging information on opponents of Exxon Mobil, hedge fund Elliott Management and others, according to people familiar with the matter.

At various times, Arusy has procured confidential emails belonging to employees of billionaire and onetime presidential candidate Tom Steyer, as well as the private calendar of Mohammed bin Salman, the crown prince of Saudi Arabia, said other people who are familiar with his activities.

Prosecutors are examining what role Arusy and his colleagues played, if any, in an illegal practice known as hack-and-leak. Lawyers and cybersecurity experts say the practice has proliferated in corporate-intelligence circles over the past two decades.

For years, Arusy has split time between Washington and Tel Aviv, but people who know him say they haven’t seen him in the U.S. for months.

Arusy hasn’t been accused of wrongdoing. His lawyer said in a letter to The Wall Street Journal that Arusy “has never engaged in any illegal activity. Period. He has not illegally obtained any information, ever. He has not hacked anyone, nor requested that anyone be hacked, nor directed any such hacking."

One case in which Arusy played a key role was in 2016, when Exxon Mobil was defending itself from a high-profile campaign alleging the company knew about climate change for decades and hid it from the public. Exxon said in court filings and public statements that the campaign was a politically motivated conspiracy between members of the Rockefeller family, environmentalists and Democratic attorneys general.

Arusy arrived at the Washington, D.C., offices of DCI Group, a longtime adviser to Exxon, with a plan to prove it. He had obtained a private memo about a meeting between environmentalists earlier that year at the offices of a Rockefeller charity, according to people familiar with the matter. The memo said the session’s goals included “to establish in [the] public’s mind that Exxon is a corrupt institution."

DCI shared its bounty with Exxon and within weeks, the firm leaked the memo to media outlets, people familiar with the matter said. Once the document became public, Exxon and its surrogates began arguing that it was evidence that the Rockefellers and green groups were behind a scheme to gin up investigations into the oil company.

Federal prosecutors said in court documents that the memo was stolen through illegal hacking.

Among the crucial questions for prosecutors is who ordered the hacking, who conducted it and what the companies knew about the efforts to make public their enemies’ private correspondence. Neither Exxon nor DCI have been accused of wrongdoing.

DCI said in a statement that it instructs its employees to comply with the law and it hasn’t been involved in any hacking.

A spokeswoman for Exxon Mobil said the company “has not been involved in, nor are we aware of, any hacking activities." She added: “If there was any hacking involved, we condemn it in the strongest possible terms."

Amit Forlit, an Israeli who has said in a civil deposition that he was a longtime associate of Arusy’s, was arrested in April at London’s Heathrow Airport in connection with an alleged hacking conspiracy targeting opponents of Exxon and Elliott. Forlit, who has denied being involved in hacking, is under supervised curfew while the U.S. tries to get him extradited from London.

An associate of Forlit’s, Aviram Azari, pleaded guilty in 2022 to conspiracy and wire-fraud charges related to the hacking of Exxon’s opponents and is serving a U.S. prison sentence. Prosecutors said he was involved in the hacking of hundreds of companies.

Uncovering terrorist financing

After serving in the Intelligence Branch of the Israel Defense Forces, Arusy began working as an analyst at the Manhattan district attorney’s office in 2005.

Arusy studied suspicious money that was flowing to and from an Iranian nonprofit operating in an office tower in Midtown Manhattan. The investigation ultimately led to admissions by some of Europe’s largest banks that they handled transactions that violated U.S. sanctions. The banks paid hundreds of millions of dollars each to settle the cases, amounting to some of the largest penalties ever recovered by U.S. prosecutors.

People who know Arusy say that after years of government work, he was eager to set up his own business using his intelligence skills. He left the district attorney’s office in 2007.

Hacking-for-profit proliferated in the early part of the 21st century as digital communications became ubiquitous and cybersecurity tools lagged behind. In some corners of the corporate-intelligence community, it became an accepted practice on behalf of deep-pocketed clients seeking valuable information.

“Hacking opens so many doors," said David Hooper, a retired British media and defamation lawyer. He was himself hacked in a brazen campaign targeting dozens of individuals—from lawyers and journalists to a retired judge—while he was defending a Greek-language newspaper in a libel case, an episode he describes in a 2023 book.

Last year, Britain’s domestic cybersecurity watchdog said hack-for-hire operations were spreading as fee-earning actors fanned out to steal information for third-party clients.

Contrary to pledges by law and private intelligence groups to police their peers, Hooper said, “I think it’s getting much worse."

In many instances, according to people involved in cases that have involved allegedly hacked material, it often isn’t clear where valuable information originated.

In addition to the Rockefeller meeting memo, Arusy provided DCI private emails belonging to employees of Steyer, said people familiar with the matter. Steyer has ties to environmental groups and has been a top donor to Democrats.

Arusy provided DCI correspondence from 2015 that showed Steyer’s camp had been in contact with lawyers suing Exxon on behalf of the city of San Francisco. He obtained another email between Steyer surrogates in 2016 that said the then-New York attorney general, Eric Schneiderman, wanted to speak with Steyer about Schneiderman’s gubernatorial campaign as well as his office’s investigation into Exxon.

Representatives of Steyer have told prosecutors in the Manhattan U.S. attorney’s office that they believe the emails were stolen through hacking, say people familiar with the matter.

Hackers also targeted the offices of Jennifer Cunningham, a top political adviser to Schneiderman during his Exxon investigation, some of the people said. She is also Schneiderman’s ex-wife. Representatives of Cunningham’s political advisory firm met with prosecutors several years ago and shared evidence of the suspected hacking efforts. It is unclear whether the hacking was successful.

Cunningham called the activity “illegal and disgusting" and said she believes the attempted hacking was “clearly ordered—or at least condoned" by Exxon executives.

The contents of the Steyer emails and the Rockefeller meeting memo were ultimately detailed in articles in several publications. Ray Hernandez, a former New York Times reporter who had joined DCI in 2013, began contacting reporters about the documents after Arusy shared them. Articles later appeared in the New York Post, the Daily Mail, the Free Beacon and The Wall Street Journal.

Lawyers at Paul, Weiss, Rifkind, Wharton & Garrison LLP, the law firm defending Exxon, subsequently cited them in court documents repeatedly, arguing they were proof that the lawsuits against the company were improperly influenced by politics.

Hernandez hasn’t been accused of wrongdoing.

The judges presiding in the lawsuits against Exxon in San Francisco and New York ultimately dismissed the suits on other grounds. For years after the cases, Exxon linked to the articles about the private emails on its corporate website, saying they showed the cases against them were frivolous.

Federal prosecutors’ hacking investigation became public in 2020. That year, Exxon chose not to renew its contract with DCI. In 2023, Exxon removed links to the articles from its website.

In its statement, DCI said “radical anti-oil activists and their donors are peddling conspiracy theories about alleged hacking by the oil industry to distract from their own secret meetings and anti-U.S. energy activities."

More Middle East opportunities

Hernandez had left DCI to join another Washington communications firm called Marathon Strategies LLC by 2019, where he continued to work with Arusy.

Arusy approached Marathon about potentially finding buyers for private communications and other information about Gulf state leaders, including the personal schedule of the Saudi crown prince, according to people familiar with the matter.

The material was the product of an Indian hacking network, which had been hired by Qatar to target the United Arab Emirates, Saudi Arabia and Kuwait. The hacking effort was retaliation after the other Gulf states embargoed Qatar in 2017 over its alleged support of terrorists.

The hacker groups later sought various ways to get paid for what they found, and the material eventually made its way to Arusy.

Arusy came up with the idea to peddle the material to the countries that were hacked, hoping they would value information about their own people, said the people familiar with the matter.

Marathon founder Phil Singer said his company declined Arusy’s approach. It isn’t clear whether Arusy found any buyers.

“Once we knew what he was proposing, we said no and that was the extent of it," said Singer.

Around the same time, Marathon acquired a batch of data from Arusy’s company and flipped it the same day, for $1.05 million, to a Kuwaiti company called KGL Investment. The deal was described in an obscure federal filing submitted to satisfy the U.S. requirement that agents of a foreign government disclose their political and public-relations activities.

The data was described as “formatted in electronic disc and/or drive format." Marathon was advising KGL, which was spending heavily to lobby Washington officials at the same time one of its executives faced embezzlement charges in Kuwait.

Arusy’s lawyer said his client never worked for KGL.

Write to Christopher M. Matthews at christopher.matthews@wsj.com, Jenny Strasburg at jenny.strasburg@wsj.com and Bradley Hope at bradley.hope@wsj.com

The Israeli Investigator Who Delivered Dirt on Exxon’s Enemies
View Full Image
The Israeli Investigator Who Delivered Dirt on Exxon’s Enemies
The Israeli Investigator Who Delivered Dirt on Exxon’s Enemies
View Full Image
The Israeli Investigator Who Delivered Dirt on Exxon’s Enemies
The Israeli Investigator Who Delivered Dirt on Exxon’s Enemies
View Full Image
The Israeli Investigator Who Delivered Dirt on Exxon’s Enemies
Catch all the Corporate news and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
more

topics

MINT SPECIALS