Shell data hackers hoped to kick-off 'revolution'
A document released with the stolen database suggests Shell could face more breaches.
A lengthy document sent by allegedly disillusioned Shell employees to leading environmental and human rights activists sought to launch a corporate revolution at the oil giant.
The document, which has been given to IT PRO, was attached to a leaked database containing contact details of nearly every Shell employee. It was sent by 116 disillusioned full-time employees in the US, the UK and the Netherlands to Greenpeace and other campaign groups active in Nigeria.
The document contained information on how the contact database could be used change the way Shell operates, by influencing employees, the public, top institutional investors and non-governmental organisations.
"Using the files we have attached... the Royal Dutch Shell Corporate Revolution that we propose and describe in large detail in Section 5 of this document provides a step-by-step guide on how to shatter the walls of mass ignorance in the corporation in order to bring about informed and meaningful insider dissent from Shell's common-folk robot employees," the document reads.
One recipient of the files, John Donovan, a campaigner at anti-Shell website www.royaldutchshellplc.com, told IT PRO that the disillusioned employees may have been planted there by activists solely to extract information such as the database. Donovan predicted that more data breaches would be forthcoming at the oil giant.
According to the document, the employees are upset at a range of environmental and human rights abuses that they believe their employer is taking in Nigeria, one of its key markets for energy exploration.
"We are extremely concerned regarding Shell's behaviour in Nigeria and we are disgusted by the injustices that Shell is committing in Nigeria," they wrote.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The document was not signed by the authors, they say, to protect their own jobs. They fear they would be sacked if they revealed their identities.
Shell accepts that the database is genuine, but says it believes that the covering letter is not.
The oil giant publicly argues that individuals' security has not been affected by the distribution of the database. However, an email apparently sent by Shell's chief ethics and compliance officer Richard Wiseman suggests there are wider internal security concerns.
"Although the vast majority of information in the [Shell corporate] Address Book is largely business related, there may be cases where the security of an individual may be impacted by release of such information," Wiseman wrote.
Some personal phone numbers are included in the database where the individual uses that number to work from home. IT PRO understands that Wiseman sent a memo to Shell staff declaring that some might receive nuisance phone calls as a result.
Donovan said: "We expect to receive further leaked information from Shell insiders."
Shell is currently investigating the circumstances under which the database was leaked. This investigation includes trying to identify if hackers were involved.
The company could offer no comment on whether the leak was caused by people or if it's a process or technology issue, and what actions it would take to prevent the issue happening again.