‘A man who’s seen society's black underbelly’ Meduza meets ‘Anonymous International’
After a year’s existence, the data-leaking blog Anonymous International, better known as Shaltai Boltai (Humpty Dumpty), has never released truly important documents to the public. Nevertheless, every one of Shaltai’s publications causes a sensation on Russian social networks. (Some of the group’s leaks include private emails allegedly belonging to Deputy Prime Minister Arkady Dvorkovich, Duma Deputy Robert Schlegel, Kremlin official Timur Prokopenko, and Prime Minister Dmitri Medvedev himself, as well as several other politicians.) While targeting such individuals, Shaltai also provides readers with at least a general idea of how the Putin Administration functions. Meduza’s special correspondent, Daniil Turovsky, traveled to Bangkok and met with one of the leaders of Anonymous International, in order to learn more about the group’s origins and why it’s doing what it does.
Originally published in Russian on January 13, 2015
On August 14, 2014, around ten in the morning, an unremarkable man walked into a café near Tishinskaya Square in Moscow. He ordered a coffee, sat down in the café’s far corner, and opened up a cheap laptop. Next, he launched a few applications: a text editor, an app for encrypted chat, and a Web browser. Then he connected to the free Wi-Fi and accessed the Internet through a VPN, using his own private server, in order to make tracking his actions impossible. He opened Twitter in the Web browser and entered the login and password that were saved in a separate document. His first tweet read, I’m resigning. I am ashamed of this government’s actions. Forgive me.
The note immediately appeared on Prime Minister Dmitri Medvedev’s official Twitter account, visible to his 2.5 million subscribers.
Taking a sip of his coffee, the man in the café wrote a few more tweets: I will become a free photographer. I've dreamed about it for some time; Despite our efforts, certain online hooligans still sh!t on needing to provide their passport number for Wi-Fi access. :( :( :(; I’ve wanted to say this for the longest time: Vova [Putin]! You are wrong!; and I like reading @Navalny. Then, he retweeted Navalny’s former campaign manager, Leonid Volkov, and opposition journalist Roman Dobrokhotov. Finally, he wrote, “You think anyone in Yalta today will say something important? I doubt it. I'm sitting here and thinking to myself, what's the f*cking point?” (At the time, Medvedev and Putin were visiting Yalta on the Crimean peninsula.)
The man didn’t think anything unusual or extraordinary about his task. He hadn’t even planned on coming to the café that day, to write in the Prime Minister’s account. It just so happened then that he was the only one not at work, among the members of the group Anonymous International, better known as Shaltai Boltai. The programmers at Shaltai had gained access to Medvedev’s Twitter account long before, when downloading from iCloud copies of three of Medvedev’s smartphones. (The Prime Minister kept his social media passwords in a note on one of his iPhones.) The group timed the Twitter hack to coincide with Putin’s speech in Yalta, now a part of Russia, where he was addressing local officials.
“We monitored Medvedev for two years, but nothing interesting ever happened, so we decided we’d just troll him instead,” one of Anonymous International’s members told me, explaining the reason for the Twitter hack.
Thirty minutes after the first phony tweet, Putin’s press secretary, Dmitri Peskov, announced to reporters, “I can say with high probability that we’re looking at a hacker attack.” The government soon confirmed it: “The Prime Minister’s Twitter account has been hacked. The last several messages posted to his micro-blog are untrue.” Medvedev’s press service started deleting some of the tweets, but the man in the café managed to publish a few more: We might be returning to the 1980s. It’s depressing. If this is what my colleagues in the Kremlin are after, they might soon get their wish; and Russians shouldn’t have to suffer because the country’s leadership has problems grasping common sense.
Additionally, the man in the café retweeted Anonymous International’s Twitter account, @b0ltai (blocked inside Russia since April 2014): “The circus has ended and the clowns have scattered. Ban electricity! :).”
The “creative technician,” as he’s called at Anonymous International, was able to scribble as many tweets as he pleased—nobody was able to kick him out of the account. To stop what was happening, Medvedev’s press office would have needed to ask Twitter’s administrators to block the account. Instead, after an hour, the man wrote to his colleagues over chat, saying, “I’m bored. I’m getting out of here,” and he closed his netbook and walked out of the café.
* * *
One of Anonymous International’s heads told me this story in the city of Bangkok, in early January 2015. He didn’t tell me his name, he refuses to let me describe his appearance, and he forbade me from recording our conversation. For the sake of convenience, I’ll call him Lewis. (After all, Lewis Carroll’s Alice in Wonderland, with its inside-out logic, most accurately captures the world of Russian politics, Shaltai’s members have said.)
It took three months of emailing to arrange a meeting with Lewis. At first, the meeting was supposed to take place in Istanbul, then in Kiev, and later, in November 2014, Anonymous International’s representative informed me that they could only meet in the capital of Thailand, where “it’s warm and the booze and women are cheap :) :) :).”
I asked Shaltai Boltai if they were changing our planned meetings from one city to another because the police were on their trail. “We don’t think so :) :) :). We’ve got too many trails. Really, we’re not afraid of anything, honestly :) :). Believe it or not, our motives are purely wholesome, like a family’s :) :) :). We’re all just folks—just regular people :) :) :). Incidentally, we got loosely acquainted with you through a mutual friend in Moscow :) :) :),” Anonymous International told me online.
* * *
The final instructions regarding our meeting arrived in my inbox just a day before they expected to meet: “Fly [to Bangkok]. Buy a local SIM card, and email us the number. You’ll be called back within a few hours, and we’ll agree about the meeting.” A day later, after doing this, Lewis himself was the one to call me. He said the meeting would take place a few hours later on Khao San Road, the most crowded area of the city.
In the novel The Beach, Alex Garland describes Khao San Road as “backpacker land”: “Almost all the buildings had been converted into guest-houses, there were long-distance-telephone booths with air-con, the cafés showed brand-new Hollywood films on video, and you couldn’t walk ten feet without passing a bootleg-tape stall. The main function of the street was as a decompression chamber for those about to leave or enter Thailand, a halfway house between East and West.”
In January 2015, almost twenty years since Garland’s book was released, Khao San Road looks about the same. Every other European is walking around with a Thai prostitute under his arm, and the local wheeler-dealers whisper to tourists, “You need weed? We’ve got weed. You need loving? We’ve got loving.”
A little more than a year before this meeting, on December 12, 2013, Anonymous International registered its website on Wordpress.com. (Its newer site, b0ltai.org, appeared later, in the summer of 2014.) On December 31, 2013, these online activists published the full text of Vladimir Putin’s New Year’s national address—several hours before it ever aired on television. Over the next 12 months, Anonymous International released what was mainly correspondence lifted from email accounts and mobile phones belonging to Russian politicians of varying degrees of influence.
In the spring of 2014, Shaltai leaked documents about several high-profile people and events in Russia and Ukraine: the state’s game plan for a supposedly grassroots mass demonstration in Moscow in support of Russia’s actions in Crimea, documents about how the Kremlin prepared Crimea’s secessionist referendum, and private emails allegedly belonging to Igor Strelkov (real surname: Girkin), who played a key role in organizing the insurgency in Donetsk, before resigning suddenly and returning to Russia in August 2014. Shaltai also released documents about how Concord, a company owned by Kremlin-connected restaurant owner Evgeny Prigozhin, apparently coordinates an army of pro-Putin “Internet trolls” through an outfit called the Internet Research Agency.
Igor Osadchy, whom the leaked emails name as the director of Translator, a project at the Internet Research Agency tasked with placing comments in foreign news media, later sued Shaltai for personal data theft. A representative at Roskomnadzor, Russia’s federal agency for media oversight, then announced, “A court has determined that the information [published by Shaltai] must be deleted, but the website’s hosting provider has not responded to our notification. Therefore, our agency has ordered Internet Service Providers to block this blog.” On July 27, 2014, acting on orders from Roskomnadzor, Russian ISPs blocked access to the domain b0ltai.org. The group’s main Twitter account, @b0ltai, was also blocked. Today, Shaltai’s website is accessible in Russia only via VPN or a mirror site. The group also runs @b0ltai2, a duplicate Twitter account, still unblocked in Russia, that reproduces all the first account’s posts, down to its retweets.
A few days before being blocked, Shaltai published emails allegedly belonging to Deputy Prime Minister Arkady Dvorkovich, where he stressed the need to change Russia’s 2015-2017 budget plan. Otherwise, he supposedly argued, “it will become impossible to achieve most of the government’s policy aims.” Dvorkovich never commented on the emails leak, and his press secretary turned away reporters from Vedomosti newspaper.
In August 2014, Anonymous International released archives from three different email accounts allegedly belonging to Dmitri Medvedev, as well as correspondence from Duma deputy and United Russia member Robert Shlegel about an organized “troll” attack on the websites of major American and British news media (including The New York Times, CNN, the BBC, USA Today, and The Huffington Post).
Later that fall, the group leaked emails between government-affiliated company Moscow Information Technologies and various Russian media outlets about the publication of planted stories, in addition to emails allegedly belonging to First Deputy Prime Minister Igor Shuvalov. Then, in December, Shaltai posted a photograph of Kristina Potupchik, the former press secretary of the pro-Kremlin youth group Nashi, apparently depicting her sitting in an office inside the Kremlin beside a bag full of cash.
The photo of Potupchik was meant as a tease, Shaltai implied, and two weeks later they leaked emails (about an orchestrated media campaign against opposition leader Alexey Navalny) and SMS records supposedly belonging to Timur Prokopenko, a former head of the pro-Putin youth group Molodaya Gvardiya (Young Guard), and now an official in the Kremlin.
The leak included February 2014 emails between Prokopenko and Alexey Goreslavsky, who at the time was the deputy director for external communications at Rambler&Co, which owns the popular news websites Lenta.ru, Gazeta.ru, Afisha.ru, and others.
Timur Prokopenko: Now hold on. Do they even listen to you over there?
Alexey Goreslavsky: For starters, I’m not their boss. I can make very strong recommendations, but I can’t fine or fire anyone. At Gazeta.ru, they listen, but the f*cking editors aren’t completely whipped into shape yet, so there are still some screwups. At Lenta.ru, they have their own position on everything. Galina [Timchenko] says she has a certain “standard” that she will uphold. I’ve brought the issue to the shareholders. I’m doing what I can.
Twenty days after this conversation took place, Lenta.ru’s chief editor, Galina Timchenko, was fired.
In an interview conducted over encrypted chat, Anonymous International’s press secretary asserted that the group publishes leaks because it is “dissatisfied with the restrictions on free speech online and with Russia’s aggressive foreign policy.” It has complaints about Russian domestic policy, too: “They only let the convenient candidates participate in elections,” and it’s “impossible to work peacefully in a small or medium business.” Shaltai’s stated mission is “to change the world for the better, helping to bring greater freedom and social awareness.”
One of the group’s members even quoted the 2009 film Watchmen, saying, “We don't do this thing because it's permitted. We do it because we have to. We do it because we're compelled. Once a man has seen society's black underbelly, he can never turn his back on it.”
* * *
With another bang of the exhaust, we come a halt 15 minutes later in the center of Bangkok, where Lewis suggests another ride, this time on the subway. “We were supposed to meet recently with [another] Russian journalist,” he explains. “We’ve got loads [of information] that’s been verified. Well, it turns out, they hacked his emails (you can guess who “they” are), and put a tail on him. We had to cancel the meet at the last minute. They checked you out, too, but found nothing. But I still asked Boltai to make sure nobody is following us.”
“Boltai is here, too?” I ask Lewis.
“Yeah, he lives here,” Lewis answers. “I came here one day to transfer files. When you’ve got several gigabytes of data, it’s sometimes simpler to hand over a hard disk in person, than try it online. We keep at least two copies of all our data in different countries. And no one person has full access to the entire archive.” He looks at me again and adds, “We wanted to take a dip in the pool at Boltai’s condo today, but it’s too cold.”
Shaltai Boltai, if Lewis is to be believed, is only a “side project.” The group’s main work is getting hired to dig up information about private and public individuals. The whole company consists of a dozen people. Apart from the technical staff, there are Shaltai and Boltai, who manage communications with the outside world, two co-founders (one of whom is Lewis), and a certain woman named Alice. “She’s a field officer doing extremely important work. For instance, when needed, she follows Prokopenko to a café and sits down behind him, to see what he types on his computer,” Lewis explains.
The company’s structure, Lewis says, resembles an “online gaming clan”: the staff don’t know each other in person, but they spend hours chatting together every day. No one collects a regular salary, and the size of one’s earnings depends on how much he or she contributes to an operation. They pay these fees in cash, and sometimes in bitcoins. They’ve hired no new staff since they started publishing documents under the Anonymous International brand.
Lewis says all the group’s employees, except for Shaltai and Boltai, live inside Russia. Lewis himself moves between Moscow, St. Petersburg, and Kazan (though he never explains why he goes to Kazan specifically). “I also love going to this café in Staraya Square [in Moscow], where [pro-Kremlin political strategist] Dmitri Badovsky likes to dine,” Lewis adds.
Every time before crossing the Russian border, Lewis wipes his hard drive of all its files. He came to Bangkok for just one day, arriving from a neighboring Asian country.
* * *
Lewis confuses the subway stations, and we have to exit our car and backtrack on the next train. Leaving the subway, we head for a European-style café because he “doesn’t like Asian food.” Lewis suggests walking there through a back alley, where, in almost total darkness, among the shacks and puddles, we find no passage and turn around. Finally, we sit down at the first café we can find.
Lewis is quiet. When he speaks, he doesn’t make eye contact. Talking to him isn’t easy. When I ask him questions about specific people and situations, he smiles and usually says, “Let’s leave that without any comment.”
You understand, Anonymous International isn’t my main job—it’s not our main job. We don’t do it all the time. Shaltai Boltai is a byproduct of other games. We do information technology security and … what’s the word?
Danger?
Yes, that’s it. Information technology danger.
You’re hackers?
That’s an inaccurate way of putting it. Our work is gaining access [to information]. It doesn’t have to be through hacks.
But you’re capable of hacking people?
Of course. But more often access and information can be obtained by other means. For example, you can go to a café and watch what a person does [on his or her laptop]. To get information, sometimes you need to persuade people. Sometimes it’s with a kind word; sometimes it’s with another kind of word. Sometimes it’s with money, and sometimes you’ve got to trade one kind of information for another. We often take on work that’s tied to the Kremlin. After the main work is done, there’s always some information we collected, but never used. That is what makes it to Anonymous International.
Do you have many clients?
We have a small circle of regular clients. It’s enough for us. Our prices start at around $30,000. I won’t say how high they go. We earn enough to live comfortably and to travel.
Who are are you clients? To whom do you sell this information?
We’re hired by private individuals and groups within the state, and we never work with anyone tied to the drug trade. But we maintain that we’re an independent team. It’s just that it’s often impossible to tell who our clients are. Sometimes we hand over information to intermediaries, without ever knowing the client.
* * *
Among Meduza’s contacts in the Kremlin, there’s no consensus about who’s behind Anonymous International. People only guess. Some think it’s actually Timur Prokopenko. Others say it belongs to Alexey Gromov, Putin's first deputy chief of staff (about whom the group has leaked nothing). Finally, some pin it on Putin aide Vladislav Surkov. “The funniest thing is that nobody really seems to care,” says one of the Kremlin’s internal policy staff members. “At first, everyone was on a constant lookout for them. In the summer [of 2014], for example, but not anymore. Everyone has been at this for a while now. At one time, a group even got to London looking for them, but the trail went cold. Most efforts have been about [locating] their headquarters. These guys have a lot of information and nobody’s been able to smoke them out.”
* * *
“We know they’re looking for us,” Lewis says. “Since May, there’s been a police general on our case. He used to work for the Ministry of Internal Affairs, then the FSB and the Federal Protective Service. We have a dozen SMS messages to Prokopenko, where this general reports that he’s closing in—that he’s almost got us. Sure he does. Last summer, people came to us through intermediaries, asking us to hack Anonymous International’s accounts, not knowing of course that we are Anonymous International. In this case, their main aim wasn’t hacking our archives, but using our data to identify the people working in our group. We quoted them a price of $100,000, and they declined. Although I don’t really understand it, because the price wasn’t all that high.
So, your main work is collecting damaging information on people?
No. Our job is changing the current reality. Sometimes our work is more than collecting information.
I don’t follow...
O. Henry has a story—I can’t remember the name—about how a young man can’t propose to a girl because of her busy social schedule [Lewis was describing Mammon and the Archer]. In the story, the couple are caught in a traffic jam, some other events take place, and he declares his love to her. Later, a man comes to his father with a bill: here’s how much it cost to pay the taxi drivers, the policemen, and everyone else who produced the traffic jam. We at Anonymous International are doing roughly the same thing. We’re arranging it so someone shows up, or doesn’t show up, at a particular place, so information can be collected at just the right moment.
Can you give an example of when you changed reality?
Some of our work has resulted in the resignation of a governor. We handed over a file to someone who needed it. I won’t name names.
* * *
On December 29, 2014, Lewis sat down at his laptop with a cup of his favorite Himalayan Alpine tea. Only Boltai was signed online. They conferred a bit and decided to release some of Timur Prokopenko’s emails. Boltai then tweeted a link to the email archive, and Lewis wrote back over chat, “All done. I’m off to bed.”
* * *
For us, there’s nothing unordinary, nerve-racking, or earth-shaking [about publishing emails].
Who decides what to publish?
We discuss everything together, but I can decide to publish something on my own, too.
What’s caused the biggest controversy?
Girkin’s emails, of course. Boltai is the most radical of us, and he said “we have to release every last bit of this sh*t.” Shaltai is the opposite. The technical staff couldn’t care less. There were no arguments about Prokopenko, however. The photo of Potupchik was a postcard to him. He understood immediately what else we have. Generally, we only release information that’s socially useful. We never share personal data.
So, the only thing you won’t publish is personal data?
And we’ll never publish state secrets.
What if you had data like Snowden’s? Would you leak that?
Most likely not. Not everything needs to be released.
What if the data revealed crimes by the state?
Then we’d release it.
But that’s exactly what Snowden released.
Any specialist in his field was already well aware of what he released.
Other than hacking, how do you acquire your data? Who are your sources?
Some people working in the Kremlin like being involved in this fight. When I come to Moscow, I meet with some of them for lunch. I give them information and they give me information. For the most part, my sources there are people I’ve known for many years. But some people give us information on a work basis, unaware that we’re Anonymous International. And we never accept contracts from people we don’t know. (It’s very difficult to verify those.)
Whom will you target in your next leaks?
We have about two terabytes of data. A lot of those files are about people close to Vladimir Putin. We only released about 10 percent of what we have on Prokopenko. We’ve got 40,000 SMS messages, including lots of correspondence with liberal journalists, for example. We know the reigning theory about us is that we work for Gromov, but just because we haven’t published anything about him so far doesn’t mean we won’t later.
So there will be something about him in the future?
I said it doesn’t mean we won’t publish something.
Why do you show so much interest in Prokopenko?
We’ve been observing Prokopenko for more than two years, and now he’s headed for a new position [instead of information policy, he’ll be managing federal elections, working with political parties, the Central Election Commission, and youth groups]. We thought it important to show what he’s been up to lately.
* * *
Lewis pulls out a laptop and spends a long time rummaging through his files. Finally, he swings the computer around to me. On the screen is a photo of Dmitri Medvedev reclining on a chair in his office, beside a table topped with several multicolored folders. “What’s in those folders is what would really be interesting to know,” Lewis tells me. According to him, everyone working in the Kremlin was forbidden from using non-office email accounts, after Anonymous International started leaking documents. Now, every staff member has a protected work account, accessible only from a specific IP address and a specific computer, but none of the staff ranking above the assistant deputy prime minister actually observe these restrictions. “It’s not like an FSB officer can come to Dvorkovich and say, ‘Alright then, let’s shut it down,’” Lewis says.
We leave the café.
“When I saw you, with your backpack and your headphones, I thought you might easily record and photograph me, posting my picture tomorrow,” Lewis says.
And what would you do, if I did that?
“I’d never come back to Russia,” he answers quietly. “I’d put a checkmark next to your name, if it came to that. What else would there be to do? Is Prokopenko going to send assassins or something? Although… Well how could they find me in Asia? It would be impossible.”
I ask him if I can photograph his laptop or his hat. Lewis hangs his hat on a fence, so that none of the signs in the picture’s background are visible. “It would be easy to come here later, pay someone some money, and get the camera footage from this area,” Lewis explains, as he buys some orange juice from a street vendor. He takes out from his bag a small bottle of gin and has a sip. Then he fishes out from his pocket the disposable phone he used to call me. With a handkerchief, he rubs off the fingerprints and removes the SIM card and battery, tossing them in different trash bins.
Then he runs off to catch a train to the airport.