CHAPTER 12: Shell corporate espionage in more recent years

Shell cloak and dagger activities against me have continued in more recent years but this time on a global basis, as revealed in a Reuters article (extract above). The most recent spying of which I am aware was directed at me, my website and against Shell’s own employees.

I have already listed the various kinds of Shell insider information we receive. It has included confidential internal documents from a high-level source in Shell Global Security.

We discovered that the continued campaigning on our part triggered another bout of sinister activity by Shell, this time targeting my website, myself and Shell employees.

It was the subject of a Reuters article by Tom Bergin published 2 December 2009 under the headline: “Shell critic says oil major targeting his website

Extracts

A prominent Internet critic of Royal Dutch Shell (RDSa.L) says the oil major has asked an anti-cyber fraud agency to target his site, which Shell admits provides better information on the group than its own internal communications.

Shell did not comment on the veracity of the communication or any of Donovan’s allegations, despite several emails and phone calls requesting it.

One email between Shell employees dated June 2009, said an individual whose name is blanked out but apparently also a Shell employee, met with “NCFTA” to discuss the website.

The email adds that resources had been assigned to NCFTA “that are RDS (presumably Royal Dutch Shell) focused” and that “There will be no attempt to do anything visible to Donovan”. Donovan believes NCFTA refers to the National Cyber Forensics and Training Alliance, a Pittsburgh-based organisation, whose website says it is supported by Fortune 500 companies and that its purpose is to help tackle cyber fraud.

A Google search for NCFTA yields the Pittsburgh organisation as the top result.

National Cyber Forensics and Training Alliance did not respond to emails or telephone calls.

Another email, dated March 2007 said Shell was monitoring emails from Shell servers globally to Donovan and internal traffic to their website. The email noted this information was “not for publication”.

Another email seen by Reuters, apparently from a Shell communications representative to U.S. news network Fox News said: “royaldutchshellplc.com is an excellent source of group news and comment and I recommend it far above what our own group internal comms puts out”. EXTRACTS END

Information about setting up a counter-measures team (“roundtable working group”) was contained in a Shell internal email dated 9 March 2007 classified as being “Legally Privileged and Confidential.”

As can be seen, the tone was aggressive with a proposal to mount a “demonstration that we won’t tolerate the Donovans’ approach unchallenged any longer.

In a Shell internal email dated 19 March 2007 (an email I sent to Bill O’Reilly at Fox News about “Shells treachery in Iran,”) the unidentified Shell author states:

“This latest Email to xxxxxxxx is not good if xxxxxxxx should take this and go public with it. I have contacted some of my sources in the USG and in London to see if they have anything else on the brothers, but that may take a few days for their response. We will monitor any fallout from this.”

The redacted information denoted by the “XXXXXXX’s” is believed to be “Bill O’Reilly” and “Fox News.” “USG” is believed to be a reference to the U.S. Government.

In a Shell internal email a few days later, dated 20 March 2007 Shell staff discussed whether to set up “an information security tasking to discover where exactly in Shell their (good) sources are located.”

Amusingly, the same email contained the spectacular endorsement of the website, quoted in the Reuters article, which its author obviously never intended for public consumption.

The following day, in a Shell internal email dated 21 March 2007 marked “Donavan CONFIDENTIAL”, there was confirmation that Shell had undertaken a global spying operation against its own employees in an attempt to discover the identity of employees supplying me with Shell insider information.

The spying plan included monitoring “Shell servers globally to Donovan” and “monitoring web traffic to determine internal traffic to their website. There is history of several former employees taking internal laundry to Donovan also, internal e-mails have appeared on his website.”

The primary objective was to stop Shell “internal laundry” from being aired online.

A Shell internal email dated 31 August 2007 said that Shell employees had been instructed not to visit our website. An abbreviation – “D’” – was used instead of our surname in one of the Shell emails.

We also discovered that from 2006 onwards Shell secretly kept and regularly updated “Focal Point” information about our activities. Some of the information in the reports is inaccurate.

We have copies of reports updated in 2006, 2007, 2008, 2009 and 2010. I have supplied one example from each year.

The “Focal Point” seems to be a person rather than the title of the document. I believe the person was Richard Wiseman.

It is plain from the reports that there was anxiety at Shell about the possibility that I would ask a question at the AGM. A list of possible questions and rehearsals of responses are listed in the Focal Point reports.

Surprising bearing in mind that the last time we asked a question at a Shell AGM was over two decades ago, in 1995. My fathers’ exchange with the then Shell Transport and Trading Company chairman, John Jennings, self-evidently made a long-lasting impact!

Shell even discussed internally the possible impact of my father growing older and what might happen to the website:

In one Shell internal email dated 11 March 2007, someone at Shell expressed the hope that “with AD getting older, his interest might wane… but it looks as though JD is just as determined.”

In 2007 & 2010 Shell secretly considered putting pressure on national newspapers concerning my activities

In February 2007, someone at Shell stated an intention in an internal email dated 2 February 2007, to put pressure on The Sunday Times to “kill” an article about our intervention in the Sakhalin 2 project (which according to The Sunday Times article cost Shell £11 BILLION).

The entire content of the article was read out to me on a Saturday morning by Steven Swinford, the then Sunday Times journalist and the paper was due to go to press later that day. The article included an interview with a Russian Government minister Oleg Mitvol. I had supplied Mitvol with leaked Shell internal communications. Mr Mitvol made damaging comments about Shell management during the interview.

By coincidence or otherwise, the article was duly killed. Shortly thereafter The Sunday Times published a colour Shell/Ferrari advertorial.

On 27 July 2010, Shell discussed in internal emails the possibility of applying pressure to the Financial Times concerning me and my website.

In September and October, 2010 Shell engaged in email correspondence with an unknown third party about my activities and accused my father and me of blackmailing Shell.

Logic suggests that the person who made the blackmailing allegation was Richard Wiseman, who by then was the Chief Ethics & Compliance Officer of Royal Dutch Shell Plc and at that time, our designated contact with Shell.

We knew nothing about the correspondence until we obtained it from Shell in response to a SAR application.

The blackmail allegation was without any foundation. We have never sought any payment from Shell since the High Court litigation ended in 1999. All of our online campaigning actively has always operated on an entirely non-profit basis.

If the peace treaty had still been in force, this false accusation, put in writing to a third party, would have been in blatant breach of the agreement. It is therefore further proof that Shell considered the settlement agreement to be dead.

It is plain from the SAR generated information that Shell transmitted information about me across national borders.

In a Shell email dated 19 March 2007, it is self-evident that Shell in the USA was busy making investigations about us in the USA (with the US government) and in Europe. They wrongly thought we were brothers.

The aforementioned Reuters article published on 2 December 2009, quoted from a confidential Shell internal email (dated 17 June 2009,) which mentioned “CAS” (Shell Corporate Affairs Security) and “NCFTA”.

The latter being a reference to the National Cyber Forensics and Training Alliance, a Pittsburgh-based organisation founded and partly funded and staffed by the FBI. Shell is a member of the NCFTA.

IN JUNE 2007 SHELL ACTED SECRETLY TO CLOSE DOWN OUR WEBSITE

In June 2007, Shell secretly threatened legal proceedings against our website server hosting companies in Canada and the USA. The threats resulted in the royaldutchshellplc.com website being briefly deactivated on 25 June 2007 by our then US server hosting company, Bluehost.com. See Bluehost.com email dated 25 June 2007.

Although initially unwilling to disclose who had made the threats, each hosting company reluctantly confirmed that it was Shell.

Keith Ruddock, a then Royal Dutch Shell General Counsel later confirmed in an email to me dated 26 June 2007 that Shell was responsible for the machinations, which briefly shut down the website (under the pretext of an alleged copyright violation).  See related article containing the email correspondence.

Because of speculation at the time over a Shell/BP merger, we had featured a combined satirical Shell/BP logo. Our website and many others have been publishing the Shell Pecten ever since without Shell taking any copyright action.

Denial of service attacks on the website

From 2008, the website came under a sustained denial of service attack – flooding the site with traffic, so that demand overloaded the server. By March of that year, the attacks had become so disruptive that I sent an email to Michiel Brandjes, officially notifying Shell of what was going on.

I thought it possible that if cyber attack specialists/hackers had been retained by Shell, they would be concerned at Shell senior management being made officially aware of what was going on and, therefore, being drawn into the matter. Mr Brandjes knew nothing about the attacks, but by coincidence, or otherwise, the attacks immediately ceased. They have resurfaced from time to time.

Shell still harboured ambitions to close down the website. The author of a Shell internal email dated 15 July 2009 raised the subject, asking: “are you doing anything to get the website shut down?”

Extracts

John Donovan says he has about a dozen high level executive who regularly feed him inside info ..

For example, he broke Vosers reorg plan’s in May. Is this worrying? are you trying to root out who these people are?

Have you tried to engage with the Donovan,, to try to bring them onside of get them to tone down their anti Shell stance?

He claims to have supplied information directly to Oleg Mitvol sending info after he was given Mitvols personal fax number, that led directly to Shell having to sell down its stake. That obviously has cost the company many billions in lost revenue. One, do you contest those facts? and Two, are you doing anything to get the website shut down?

In December 2009, I notified Essex police of concerns arising from the involvement of Shell Corporate Affairs Security, the monitoring of our website and Shell’s action in briefly closing it down. A senior local officer sought advice from Special Branch and the police Covert Investigations Department. Detective David Nash, from a police Hi-Tech Crime Unit, carried out an investigation.

However, because time had passed before we reported the events in question, technical information from our hosting company was “long gone”, and data from our server had been deleted or overwritten. Such information is apparently essential in terms of investigating unlawful access, hacking and malware.

In August 2012, I contacted Detective Nash again about on-going activity emanating from two separate sources, both apparently located in Holland and both using multiple languages. One party flooded the website on a regular basis with nonsensical Blog postings, each from a different ISP address and a different alias. All had the same distinctive hallmark that for security reasons I will not publicly disclose.

The other party appears to be a disgruntled former employee of Shell/Sakhalin Energy obsessed with us and our website. Cryptic emails were circulated almost every night to senior people involved in the energy sector in Sakhalin. Gazprom, Sakhalin Energy, the Russian Government and ExxonMobil were all on the circulation list. The emails, often featuring multiple languages, but mainly English, contained frequent references to my father and me, sometimes of a threatening nature.

By coincidence or otherwise, the disruptive attacks ceased for a long period on the day I sent the email to Detective Nash.

There was a brief resumption in February 2014. Again, the disruptive activity stopped after I published an article announcing that it was going on.

There were further attempts to disrupt my activities in August and September 2014.

We were forced to modify settings at one of our North American located servers to thwart one cyber/hacking based disruption attack.

royaldutchshellplc.com and its sister websites royaldutchshellgroup.com, shellnazihistory.com, royaldutchshell.website, johndonovan.website, shellnews.net, shell2004.com, shellshareholders.org, don-marketing.com and cybergriping.com are all owned by John Donovan. There is also a Wikipedia article: royaldutchshellplc.com