In an operation dubbed #OpSaveTheArctic, thousands of employee email addresses and passwords from five of the world’s prominent oil companies said to be drilling in the Arctic were released last Friday by a hacker claiming association to the Anonymous collective, in support of the Greenpeace “Save the Arctic” campaign.

As reported by The Moscow Times this morning:

“Hacker group Anonymous said it had successfully hacked into the servers of five oil and gas companies operating in the Arctic, including Gazprom and Rosneft, posting hundreds of company email addresses and passwords online.

In a statement posted on the website Pastebin.com, the group said it had acted in support of environmental organization Greenpeace and that organization’s drive to cease oil and gas drilling on the Arctic shelf. The group emphasized that it did not work in concert with Greenpeace, but only in its support.”

The statement was written by the Twitter user @le4ky.  The action is said to support Greenpeace’s Save the Arctic campaign, which features a petition for signatures that will be used to lobby world political leaders and the United Nations to “demand a global deal to protect the Arctic.”

The leak was retweeted by prominent Anonymous Twitter accounts, further disseminating the information through the social media venue.

An earlier Pastebin post on June 26th outlined the hacker’s stated motive for the attack.

“The energy companies that caused the Arctic to melt in the first place are looking to profit from the disappearing ice. They want to open up a new oil frontier to get at a potential 90 billion barrels of oil. That’s a lot of money to them, but it’s only three years’ worth of oil to the world. Previously classified government documents say dealing with oil spills in the freezing waters is “almost impossible” and inevitable mistakes would shatter the fragile Arctic environment. We’ve seen the extreme damage caused by the Exxon Valdez and Deepwater Horizon disasters – we cannot let this happen in the Arctic.

To drill in the Arctic, oil companies have to drag icebergs out the way of their rigs and use giant hoses to melt floating ice with warm water. If we let them do this, a catastrophic oil spill is just a matter of time. “

This gave rise to #OpSaveTheArctic put forward by Anonymous.

Listed Targets:

1). Exxon Mobil Corporation

2). Shell Petrochemical Corp.

3). BP Global – British multinational oil and gas company

4). Gazprom Corporation

5). Rosneft Petroleum Corp. – Russia

[*]Phase-1 of #OpSaveTheArctic has been carried out.

Target – Exxon Mobil Corporation

To show our support to the cause, just after the employees of Exxon where [sic] hacked, we used their email ids to sign the petition at http://www.savethearctic.org.

We suggest you to do the same, Please sign the petition at the above mentioned site.

The latest Pastebin page posted on Friday, July 13th also includes this statement:

Similar to #OpSaveTheArctic – Phase I, the listed targets where [sic] breached and as a punishment, the employee accounts of the concerned Corporations where [sic] used to sign the petition at http://www.savethearctic.org.

It appears that email addresses obtained in both phases of the #OpSaveTheArctic hacking incidents have been used to sign the Greenpeace “Save the Arctic” petition. The statement from Friday’s Pastebin post indicates that a total of 96,176 signatures have been contributed to date to the “Save the Arctic” petition using the leaked employee email addresses.

Phase I of #OpSaveTheArctic included more detailed information about the leaked employee email accounts obtained from the target oil companies. Apparently, the hacker who posted the leaked account information had not foreseen the unintended consequences of such an action – the latest post for Phase II indicates that “the [Phase I] leaked account details where [sic] used for phishing attacks, so in this paste only few account details are released.”

It is not yet known whether Greenpeace has responded to the news of Friday’s leak, and whether the action by the Anonymous hacker or hackers will invalidate the “Save the Arctic” petition altogether. My suspicion is that the hacker or hackers are likely completely unaware of the fact that their actions have probably inflicted far more damage than help to the cause they intended to support. 

This is a recurring problem for Anonymous as a collective, which in turn negatively impacts innocent private citizens and organizations who fall victim to the actions of poorly thought out decisions.