Constant attacks on the website royaldutchshellplc.com

Just for information royaldutchshellplc.com is a site that is highly critical of Shell and its associates.

Illustration of 95 year old Alfred Donovan, co-founder of royaldutchshellplc.com, displayed courtesy of The Wall Street Journal.

DISCLAIMER: This is not a Shell website nor is it officially endorsed by or affiliated with Royal Dutch Shell Plc.

EMAIL SENT 11 NOVEMBER 2012 BY JOHN DONOVAN TO MR MICHIEL BRANDJES, COMPANY SECRETARY & GENERAL COUNSEL CORPORATE, ROYAL DUTCH SHELL PLC

From: John Donovan <john@shellnews.net>

Subject: Constant attacks on the website royaldutchshellplc.com

Date: 11 November 2012 15:29:54 GMT

To: michiel.brandjes@shell.com

Dear Mr Brandjes

I would like to bring another serious matter to your attention.

I refer to the constant attacks on our website royaldutchshellplc.com.

There are three strands to the activity.

DENIAL OF SERVICE ATTACKS

The first is denial of service attacks where the site is flooded with traffic. We have upgraded our server a number of times in an effort to deal with these attacks, but the scale is such that even our latest high capacity dedicated server has crashed due to massive spikes in traffic, which cannot be due to normal activity.

BLOCKING SHELL BLOG ENTRIES

For over a year we have received attacks on the site in the form of massive numbers of blog entries being received. They have recently reached a level whereby legitimate blogs are crowded out, effectively blocking criticism against Shell. Blog postings arrive every few minutes 24/7 for several days. Then cease for a few days. The time interval between the blogs, during the periods when they are being received, is random. Multiple languages are used including Dutch, Greek, French and mainly English. Different IPS addresses are used for each blog. Different content, mostly nothing to do with Shell or related matters. The amount of text changes on every blog. Sometime just a few lines and sometimes a long screed. Different aliases are used on each posting. One posting contained a threat to hack the site. Despite the machinations, we have evidence that all of the blog activity comes from one source, with clues that the source is located in the Netherlands.

THREATS RELATING TO SAKHALIN ENERGY

We also receive forwarded emails almost every day, sometimes several times per day, from a source relating to Sakhalin Energy. The emails contain multiple languages. In more recent months, this party has also copied the emails to Mr Voser and to senior people at Gasprom, Sakhalin Energy and the UK police. The emails have contained implied threats against us personally arising from our intervention in the Sakhalin2 project. This party also seems to be located in the Netherlands.

We had initially wondered if some or all of the activity was due to mis-identification i.e someone thought they were attacking a Shell website. However, given the amount of time the attacks have gone on and the fact that we personally have been targeted, it seems that possibility can be ruled out.

We do not know if the multi-pronged attacks are co-incidental or coordinated.

Given the 24/7 nature of the blogging activity, it appears that someone has very deep pockets. Someone who does not like us very much.

I would be grateful if you could check whether an operation directed against us by Shell may have got out of hand?

As you know, Shell has used undercover activities against us in the past and more recently, set up a counter-measures team as well as initiating a global spying operation against us involving a Pittsburgh based agency with specialist expertise in cyber-crimes/warfare.

Is any of this activity still in progress?

I have recently brought these matters to the attention of a specialist UK police cyber-crimes unit as I understand that the activity I have described is unlawful.

Best Regards

John Donovan