FINANCIAL TIMES ARTICLES CITING THE WEBSITE: Royaldutchshellplc.com

ENERGYSOURCE BLOG December 3, 2009

Spot news

…French companies dismiss claims of political fix (FT) Shell critic says oil major targeting his website Royaldutchshellplc.com operator cites released emails (Reuters) Nigerians urge Yar’Adua to step down Warnings of power vacuum… Kate Mackenzie

ENERGY SOURCE BLOG February 12, 2010

Shell’s directory leak shouldn’t be taken lightly

…corporations (in western countries)” to campaign for change in corporate practices. Meanwhile John Donovan at royaldutchshellplc.com is irked , because he says Shell asked him not to make the directory public for security and personal reasons… Kate Mackenzie

ENERGY SOURCE BLOG November 9, 2009

Shell image-making falls short on the forecourt

…Shell has changed its mind about the poppies and published a rather abject apology about the whole affair. Royaldutchshellplc.com - probably company’s most eagle-eyed watchers – have published the whole thing and even gave them a pat… Kate Mackenzie

September 4, 2009

Shell set to unveil job cuts

…exploration and production business into two divisions: one for the Americas and one for the rest of the world. Royaldutchshellplc.com, an independent website used by present and former Shell staff, said: “Although precise figures have… By Ed Crooks

February 12, 2010

Shell staff contact list leaked to environmental campaign groups

…for this year.The e-mail was sent to a handful of campaign groups, including Greenpeace, and to www.royaldutchshellplc.com, a website used to air grievances about Shell.One campaigner who was sent the e-mail said it did not… By Ed Crooks in London

February 12, 2010

Shell employees’ details leaked to environmental campaigners

…announced a further 1,000 job losses for this year.The e-mail was sent to a handful of campaign groups, including Greenpeace, and to www.royaldutchshellplc.com, a website used to air grievances about Shell.Energy M&A surge, Page 14 By Ed Crooks in London

February 11, 2010

Shell staff details leaked to campaign groups

…for this year. The e-mail was sent to a handful of campaign groups, including Greenpeace, and to www.royaldutchshellplc.com, a website used to air grievances about Shell. One campaigner who was sent the e-mail said it did not count… By Ed Crooks in London

December 30, 2007

Shell looks to outsource about 3,200 IT jobs

…outsource most of its IT division, which numbers about 3,600 people. According to Shell protest website royaldutchshellplc.com, an e-mail from Goh Swee Chen, vice-president of IT infrastructure, was leaked by a Shell employee… By Rebecca Bream

ENERGY SOURCE BLOG July 20, 2009

The Source: Nissan’s batteries; oil in Angola and Kurdistan; Exxon’s algae; where is Saudi Arabia’s gas; ethanol from corn cobs, and more

…marine power development… (Guardian) Energy storage + smart grid = cheap, cool (SeekingAlpha) Why royaldutchshellplc.com do what they do (The Times) North Dakota Democrat Senator won’t support cap-and-trade bill, citing… Kate Mackenzie

May 27, 2009

Cost cutting to top agenda of incoming Shell chief

…could be folded into two. Ms Cook’s departure has ignited speculation that such a move could be imminent. Royaldutchshellplc.com, a website used to air stories and complaints about Shell, reported yesterday that E&P and gas and power… By Ed Crooks

December 12, 2008

Shell pension scheme value falls 40%

…for workers whose employer has become insolvent without a fully funded scheme. The letter was published by royaldutchshellplc.com, a website used to air complaints against Shell. The letter said that its assets were 70 per cent invested… By Ed Crooks and Norma Cohen

December 13, 2008

Shell pension scheme value falls 40%

…for workers whose employer has become insolvent without a fully funded scheme. The letter was published by royaldutchshellplc.com, a website used to air complaints against Shell. The letter said that its assets were 70 per cent invested… By Ed Crooks and Norma Cohen

May 27, 2009

Shock exit as Shell braces for shake-up

…said they also expected a drive to cut costs in support functions such as human resources and accounting. Royaldutchshellplc.com, an independent website used by Shell staff, said yesterday that more than 30 per cent of senior managers… By Ed Crooks and John O’Doherty

May 27, 2009

Shake-up looms at Shell as head of gas and power division departs

…said they also expected a drive to cut costs in support functions such as human resources and accounting. Royaldutchshellplc.com, an independent website used by Shell staff, said yesterday that more than 30 per cent of senior managers… By Ed Crooks and John O’Doherty in London

By Alfred & John Donovan

We knew that Shell took seriously the leaks of information and Shell internal documents which have been supplied to us over several years by Shell employees. This was plain from Shell internal documents the company has been legally obliged to disclose to us.

We did not know just how seriously, until information reached us recently from a Shell Corporate Security source.

Leaked Shell Corporate intelligence documents now in our possession cover Shell’s security plans until 2014.

This is evidence that Shell’s counter-measures have not been entirely successful.

The email below was sent yesterday evening to the Company Secretary & General Counsel Corporate of Royal Dutch Shell Plc.  We also sent copies to Peter Voser and Malcolm Brinded. The draft article contains revelations about Shell’s cloak and dagger activities, including infiltrating Shell spies into host governments.

The “CAS” mentioned in the email is an abbreviation for Shell Corporate Affairs Security.

We will publish the article at midnight UK time tonight unless we receive a response from Shell before then, or receive notification of a High Court Injunction blocking publication.

THE EMAIL

Dear Mr Brandjes

Printed below is a self-explanatory draft article.

I have supplied as an attachment the sample CAS Intel Summary document mentioned in the article, which we plan to make accessible online.

Please advise if Shell has any objections to publication of this document, and if so, on what grounds? Obviously we do not want to put anyone at risk, though we cannot see that this would be the case, as the intel information is not current.

As usual, Shell is invited to supply for publication on an unedited basis, any comments you wish to make on this matter. You are also invited to point out any factual inaccuracies, so that appropriate action can be taken before publication.

John Donovan

RELATED ARTICLE

Shell embedded spies in host governments of Nigeria, Dubai and Iraq

By a former employee of Shell Oil USA

Reuters Article: Shell critic says oil major targeting his website

John

I must say that I have been very surprised (and  disturbed) to learn of the extent of Shell’s activities in the monitoring of their employees, their outside critics, etc. I find the creation of an internal ‘thought police’ organ very disturbing. Even more disturbing is the employment of former high level British and American governmental ‘spooks and cops’ to run these organizations. Shell’s relationship with the FBI is also very disturbing. Furthermore, Shell’s actions toward you and your blog have been almost ‘neo-facist’ in nature. (Henri Deterding would be proud of them, I am sure. Traditions die hard, I guess.)

Who hires these guys? Fear does nothing for staff performance or loyalty, and it breeds loathing, contempt, and rebellion. It is very bad for business and the bottom line because it drives away the best and the brightest.

All this nonsense brings to mind a number of books I read as a youth. One was George Orwell’s ’1984′. There are some lessons to be learned from that book, good and bad I suppose. (As I  recall the ‘pigs’ were the ruling caste. No. That was Orwell’s ‘Animal Farm’. The ‘Party’ and ‘Big Brother’ ruled in ’1984′.) I wonder if these two books are recommended reading for Shell management? (They might try reading John Locke’s comments on tolerance and the various forms of tyranny as well. However, you might have to remind these folks who John Locke was.) There has to be a good editorial comment lurking in this observation somewhere. I will have to ponder it and see what I can come up with.

When I worked for Shell USA in the 1980′s the HR gang (Human Resources) was referred to as the ‘thought police’. The term ‘Resources’ was snickered at as well. Staff was a ‘resource’ to be ‘exploited’, just like natural resources. Why Shell USA management chose the term ‘Resources’ is a mystery to me. Very bad form. Most companies would use the term Human Relations or Employee Relations. Not Shell. But the term accurately reflected the attitude of management towards their staff.

Times have changed but management culture and their attitude toward their staff clearly has not. Shell would be served far better if the time and resources involved in policing and repressing staff attitudes and discontent were directed toward the process of selecting competent managers of both talent and character. This would do more for staff moral, attitude, loyalty and performance than any degree of bullying and repression.

Just a thought or two from a former Shell USA employee.

Ironically, Shell’s security breach came at a convenient time- had Shell discovered the breach in April, a new set of rules (covered here and here) would have allowed the company to be charged fines of up to £500,000. However, even without the additional monetary cost, Shell lost something extremely valuable: the trust of its employees. Shell workers are much less likely to remain loyal to a company which isn’t proactive about protecting its internal information.

A lengthy document sent by allegedly disillusioned Shell employees to leading environmental and human rights activists sought to launch a corporate revolution at the oil giant.

The document, which was given to IT PRO, was attached to a leaked database containing contact details of nearly every Shell employee. It was sent by 116 disillusioned full-time employees in the US, the UK and the Netherlands to Greenpeace and other campaign groups active in Nigeria.

The document contained information on how the contact database could be used change the way Shell operates, by influencing employees, the public, top institutional investors and non-governmental organisations.

“Using the files we have attached… the Royal Dutch Shell Corporate Revolution that we propose and describe in large detail in Section 5 of this document provides a step-by-step guide on how to shatter the walls of mass ignorance in the corporation in order to bring about informed and meaningful insider dissent from Shell’s common-folk robot employees,” the document reads.

One recipient of the files, John Donovan, a campaigner at anti-Shell website www.royaldutchshellplc.com, told IT PRO that the disillusioned employees may have been planted there by activists solely to extract information such as the database. Donovan said more data breaches would be forthcoming at the oil giant.

According to the document, the employees are upset at a range of environmental and human rights abuses that they believe their employer is taking in Nigeria, one of its key markets for energy exploration.

“We are extremely concerned regarding Shell’s behaviour in Nigeria and we are disgusted by the injustices that Shell is committing in Nigeria,” they wrote.

The document was not signed by the authors, they say, to protect their own jobs. They fear they would be sacked if they revealed their identities.

Shell accepts that the database is genuine, but says it believes that the covering letter is not.

The oil giant publicly argues that individuals’ security has not been affected by the distribution of the database. However, an email apparently sent by Shell’s chief ethics and compliance officer Richard Wiseman suggests there are wider internal security concerns.

“Although the vast majority of information in the [Shell corporate] Address Book is largely business related, there may be cases where the security of an individual may be impacted by release of such information,” Wiseman wrote.

Some personal phone numbers are included in the database where the individual uses that number to work from home. IT PRO understands that Wiseman sent a memo to Shell staff declaring that some might receive nuisance phone calls.

Donovan said: “We expect to receive further leaked information from Shell insiders.”

Shell is currently investigating the circumstances under which the database was leaked. This investigation includes trying to identify if hackers were involved.

The company could offer no comment on whether the leak was caused by people or if it’s a process or technology issue, and what actions it would take to prevent the issue happening again.

SOURCE ARTICLE

By John Donovan

Shell media spin machine went into overdrive last week trying to downplay the worlds biggest ever leak of employee details, including personal information, which Shell Ethics boss Richard Wiseman, has twice admitted puts the safety of some employees at risk.

A copy of a related email from Mr Wendel Broere, Group spokesman, Global media relations, Shell International B.V, desperately engaged on a damage limitation exercise with the news media, was leaked to me on the day it was sent. My role is discussed in the email, no doubt because I am the person who broke the story which turned into a global PR disaster for Shell, with all kinds of unwelcome repercussions, including an investigation by the Information Commissioners Office and the prospect of a fine for being reckless with confidential employee data.

The information sent by Broere on the record says that Shell is investigating the matter and will comply with all legal requirements. The issue of personal security is only mentioned “Off the record” in his email, down-played to being no greater risk to Shell employee personal safety than merely handing out a business card.

Shell now says there was no private address information. That was not the case in the leaked employee data I received which Shell pressured me into destroying before Shell media started pumping out smoke. In fact, many post-codes were included in the data: Far more than could be only Shell addresses. Also personal mobile phone numbers, along with an array of other contact information.

The line now being taken by Shell is totally incompatible with the unambiguous statement on the personal security aspect made by Shell Ethics Richard Wiseman that he subsequently reconfirmed to me by email. This was after I published a leaked email Wiseman had sent to all employees, which failed to mention any risk to personal safety.

And it was not just Shell employee information that was leaked, but four other data files, all forming part of an carefully contrived plan – formulated with almost military precision – for a claimed corporate revolution at Shell by a subversive group that appears to have successfully infiltrated the oil giant. The whole thrust of the plan directed at Shell is motivated by its alleged crimes in Nigeria, which are listed in the extraordinary document.

Following contact with the Information Commissioners Office, we have also destroyed the other related files supplied within the attachment containing the Shell Global Address Book. However, we understand that now that the information has escaped into cyber-space, it will always be potentially retrievable.

Although Shell Corporate Affairs Security (CAS) is mounting a major investigation, how much confidence can employees have in a department headed by retired spooks, when CAS was presumably ultimately responsible for safeguarding security in the first place? At least it might divert CAS from carrying out “invisible” investigations against the Donovans.

Clearly the global spying by CAS against Shell employees to try to stop information from reaching us has not been entirely successful. The flood of leaked Shell information continues unabated.

According to a posting on our Shell Blog by a Shell IT insider (a regular contributor of articles to this website) a breach of the employee Directory could have happened at anytime in the last decade:

IT4me: What interests me about the Directory Leak story is that any competent scripter could have done this at any time in the last 10 years using just NOTEPAD and maybe 20 lines of VBS code. That’s because Active Directory (parts of it anyway) have been left open for use by RDS’s diverse collection of systems. So why didn’t it happen before ? And why doesn’t this sort of thing ever happen at GOOGLE ?

IR magazine

An anonymous group of CSR-crusaders are performing anti-investor relations for Royal Dutch Shell.

A database of the personal details of Shell employees and contractors has been leaked by  environmental and human rights campaign groups. The document, confirmed as genuine but out of date by Shell, contains the personal details of 176,000 individuals. Released on the evening of February 11, it comes with a 170-page ‘covering note’ from the vigilantes including plans for a campaign to educate the company’s institutional investors.

The covering note claims that all of Shell’s institutional investors are oblivious to the company’s supposedly maleficent activities in Nigeria’s Niger Delta. As the Financial Times notes, these claims are already well-known and it is unlikely that they would be news to investors.

If institutional investors were not aware of Shell’s difficulties in Nigeria, they should not be surprised by the covering note’s call for a change in policy. ‘Petroleum giant accused of poor corporate social responsibility (CSR) in Africa’ is a well-worn story. Nor does the appeal to CSR appear to affect investor behavior. The company’s share price fell slightly with the news, hitting £17.26 on Friday, down from January’s high of £19.50, but has recovered today.

SOURCE ARTICLE

Written by Emmanuel Carabott on February 15, 2010 – 4:35 pm

This week the BBC reported that someone has disclosed contact details for 170,000 of Shell’s employees world wide. The disclosure comes with a note claiming it is being disclosed by former employees who can’t stand the damage the company is doing to the environment.  Shell has in turn downplayed the event claiming that the information disclosed does not pose a security risk to its employees since it does not include employee’s addresses.

Following this statement I really hope that such a statement is simply damage control on Shell’s part and that it does not truly believe the statement the company released. Whenever an organization is hit with something like this the implications are enormous and it’s definitely not something to take lightly. While the details published included names and phone numbers for the most part there is no guarantee that whoever perpetrated the leak doesn’t have access to additional information. Furthermore even with such limited information such as name and contact numbers a social engineer can use that information very effectively to infiltrate the organization.

Another thing Shell should definitely be concerned over is, if the attacker managed to get access to this data what else did he manage to get his hands on? How will this affect its workforce?  Will the resulting harassment lead to people leaving the company? Will the breach mean that some possible future employees will think twice before the joining the company fearing for their privacy? What about lost business? It is definitely to be expected that some companies will worry about their contractual and financial details being safe with the company! This can lead to lost deals and revenue.

What is definite is that such a breach causes one huge PR nightmare that will not go away by downplaying the breach; downplaying,  if anything, will make the situation worst.

As the proverb goes, prevention is better than cure and this was never more so than in the realm of security.  Once such a breach occurs the damage is done. Contingencies may limit the damage a little but in any case the resulting fall out is likely to be more expensive than protecting the system in the first place. I am obviously not claiming that Shell didn’t do its best to protect its data, that’s something I do not know and neither do I have a way of knowing. What I am trying to say is that one should do his best to avoid such an unfortunite situation. If one is to believe the disclosed letter, the attack was perpetrated by insiders. While Shell itself is sceptic of this claim it is really not that hard to believe. Time and time again researchers have placed insider threats very high on the security risks organization’s face.  Worse yet, often organizations spend the majority of their security budget protecting the inside from the outside and not the inside from itself. One would obviously do very well to remember that in security one loses as soon as the weakest link is compromised and not after the strongest measures fall.

Stories such as this should be an effective cautionary tale of what security is meant to avoid. While investing in end point security, the perimeter and access control might not bring any tangible ROI in the short term, if that one time cost can avoid an unpleasant situation such as this it would have more than paid for itself.

A spokesperson for the ICO said: “Shell has notified us of a security breach regarding a significant amount of people’s personal details. We are looking into how this data breach occurred and will decide what, if any regulatory action, is required.” Shell – if it is found guilty – may escape lightly. Fines levied by the ICO for failing to protect against the loss of personal data tend to be under £5,000.