‘Comrade Major’ An anonymous Telegram channel leaked the personal data of 3,000 ‘Navalny supporters.’ Here's how it happened and who was behind it.
On Friday, August 9, a day before a massive political protest at Sakharov Prospekt in Moscow, the Telegram channel Comrade Major (@MayorFSB) wrote the following: “Listen to this: these idiots in the Team Navalny chat group have completely lost it. Right in their chat group, they accidentally uploaded the WHOLE database of their supporters’ information that they use for mobilizing people for rallies. It’s got everything: passport and telephone numbers, addresses, everything! There’s not even anything left for us to do! These guys screwed themselves over. Jesus, what a bunch of idiots!”
Comrade Major has almost 30,000 subscribers on Telegram, and the channel's own description identifies the creator as “your personal curator from the FSB [Federal Security Service].” Anyone interested in collaborating with Comrade Major is invited to contact the Telegram user @silovikicat (“Siloviki Cat,” which refers to Russia’s security and intelligence agents, or siloviki).
Next, the channel posted an Excel spreadsheet named “Baza,” which it soon deleted. An employee at Alexey Navalny’s Moscow headquarters told Meduza that an unknown account recently posted this same spreadsheet in the office’s group chat on Telegram, before immediately leaving the group and deleting itself. A screenshot showing the Navalny group chat with this file shared was later published at Comrade Major. The source in Navalny’s office told Meduza that the “leaked” database uses a completely different format than the one Navalny’s team uses to store information about volunteers and staff.
The file’s properties indicate that it was created on July 27, and last modified on August 9. The “company” field reads “Moscow Interior Ministry Main Directorate.” The spreadsheet contains 3,198 fields with personal information: telephone numbers, full names, registered addresses, birth dates, and passport numbers. Not every data field is complete: for some individuals, there’s only a full name and phone number, and in some places there’s no registered address. Of the 1,794 telephone numbers listed, 1,406 have prefixes from the telecom MTS (though not everyone with these numbers is a current customer, as some have migrated their old numbers to new service providers).
Whose data landed in the “Baza” spreadsheet?
People who found their phone numbers listed in the database say they started getting text messages after it was published urging them to come masked to Moscow’s August 10 demonstration, telling them to organize “action-coordination groups.” The messages included a hyperlink to an anonymous website on the free blog-hosting portal “Tilda,” without any masthead or indication of who runs the site, where visitors were encouraged to rally groups of “physically fit people, exclusively guys and men,” in order to “fight back against the devils in uniform.”
Meduza contacted several people on Comrade Major’s list. They fall into some of the following categories:
- People who attended Moscow’s protests on July 27 and August 3 and were arrested by the police. At the police station, officials logged their personal data in exactly the same format as it appears in the “Baza” file. On Twitter, unregistered Moscow City Duma candidate Dmitry Gudkov reported that one of these arrested demonstrators gave a fake address to the police, and this same address appears next to his name in the “Baza” spreadsheet. In other cases, police officers made mistakes when recording activists’ passport numbers, and these same errors show up in the file shared on Telegram. One protester who was arrested on Tverskaya Street before the start of Moscow’s July 27 demonstration told Meduza that his passport data and the numbers of another 12 activists who shared the same police van later found its way to the “Baza” spreadsheet, appearing in the same format as the police recorded their information.
- People who attended Moscow’s July 27 and August 3 protests, but were not arrested and never signed official warnings issued about the “inadmissibility of participating in unpermitted rallies.” The data listed for these individuals sometimes include other people’s phone numbers and personal information that usually belongs to the people who registered those numbers. For example, journalist Nina Abrosimova, who covered the July 27 protest, searched the “Baza” spreadsheet and found her mother, in whose name her phone number is registered. But Nina Abrosimova’s mother didn’t attend the July 27 protest. A Meduza reader says he’s identified in the “Baza” database as older than he really is, apparently because an MTS clerk added a year to his age when he registered his phone number at the age of 17. In other cases, the names of people who attended the protest are listed in the spreadsheet alongside the personal information of someone who called or texted them during the demonstration.
- People who endorsed the candidacy of independent politicians running for seats in the Moscow City Duma who were ultimately denied spots on the ballot. For example, the brothers Zakhar and Pavel Artemyev, who are registered voters in Moscow’s 43rd electoral precinct, gave their signatures in support of Lyubov Sobol. Meduza contacted several other people from the “Baza” spreadsheet, and learned that they haven’t attended Moscow’s recent opposition protests, but they did give their signatures to Sobol. Additionally, the spreadsheet contains the information of people who endorsed other independent candidates in this September’s Moscow City Duma race, voters who supported Alexey Navalny in Moscow’s 2013 mayoral election, and people who registered for Navalny’s “Smart Vote” system or donated money to his Anti-Corruption Foundation.
- Random people who neither attended Moscow’s protests nor endorsed its independent City Duma candidates. In the app GetContact (which allows users to see how their number is logged on other users’ telephones), other people's names are assigned to their phone numbers.
Damir Gainutdinov, a lawyer with the “Agora” human rights organization, says this data leak constitutes at least two felonies: the illegal collection and dissemination of personal information, and the abuse of office, if this data was transmitted to Comrade Major by members of the police.
Who is Comrade Major?
Meduza has tracked down a man who could be the administrator behind the Telegram channel Comrade Major.
A program called “Insider-Telegram,” developed by the Center for Legitimacy and Political Protest, helped identify the phone number linked to the account @silovikicat. “There are now more than 10 million numbers in the program’s database,” explains the center’s director, Evgeny Venediktov. “We simply check all the numbers in a row to see if they’re present on Telegram: we take, let’s say, all the numbers beginning with +7911, and we run the whole numbering capacity from zeros to nines. When you use Telegram on your smartphone, you automatically see any accounts linked to your contacts, right? Well we’re simply adding all the country’s Telegram users to our very fat ‘phone book.’”
The phone number linked to @silovikicat, identified by Insider-Telegram, made it possible to establish the apparent name of Comrade Major’s administrator. Igor Bederov, the creator of the digital investigative company “Internet-Search,” says he’s “90-percent sure” that the man behind the Telegram channel has been identified correctly: “A Moscow PR consultant named Vitaly Taysaev could be behind the personal-data leak. Our ‘TelPoisk’ toolkit analyzed social networks, message boards, the Unified State Register of Legal Entities, and in the end we found the number in the GetContact contacts manager, which linked the number to a subscriber named Vitaly Taysaev.”
Using the name “Vitaly Taysaev” and the channel’s region (Comrade Major is linked to a Moscow phone number), Bederov established the administrator’s likely presence on other social media. “These data are consistent with just one person, not only in Moscow but nationwide,” Bederov says. “The program scanned through all social networks, and then I repeated the search manually. There are no other Vitaly Taysaevs — I didn’t find any on VKontakte, Odnoklassniki, or Facebook.”
In one post on VKontakte, Taysaev shared a hyperlink to a story at RIA Novosti about a motocross honoring the late journalist Sergey Dorenko, with the caption: “The photos are mine.” The images published in the report are credited to “Vitaly Taysaev.”
On Instagram, before Meduza’s investigative report, Taysaev confirmed in his bio that he works in media and on Telegram, writing, “Media and editor, Telegram engagement” (after this article was published, he removed to words “Telegram engagement”). On specialist websites and on his own blog, Taysaev calls himself an expert in social media marketing (SMM), and he told one interviewer that he works on developing “communities with audiences greater than 20 million users,” and came to the SMM field “from the sciences.”
In his Medium blog, Taysaev says he worked “as a copywriter, project manager, and social-media manager for digital marketing agencies,” and talks about conducting “cost-per-acquisition advertising campaigns for large million-plus VKontakte communities.” He also organizes “masterclasses and seminars on social networks for various audiences,” and comments on “SMM issues” for the radio station Serebryanyi Dozhd.
On Medium, Taysaev also writes about Telegram, including in one post titled, “Why Is Telegram the Main Instant Messenger in Russia?” where he says, “Telegram controls all of Russia. Believe me: nearly all the state and public processes are buzzing in chats on this messenger — and it’s not just Moscow, but also the remote areas of our vast Motherland. [...] On some political channels, you frequently see screenshots from chat rooms where it’s all representatives from all branches of the government.”
In the same text, Taysaev says one of Telegram’s main advantages is its privacy: “The administrators defiantly decided not to turn over their encryption keys to ‘Comrade Major’ [Russian law enforcement], which would have allowed even the young girl cadets at the FSB academy to see your private chats. Many sources in law enforcement say this correspondence can still be hacked, even when it’s password-protected, but it’s a technical challenge and only justified when there are vital agency requests. In any case, it’s better than WhatsApp, which is full of holes, and openly shares your number with anyone in a chat group. Of course, this gives all kinds of spammers the chance to use scripts to collect telephone data and blast out spam mailings.”
Taysaev writes like he has experience managing Telegram channels, including political outlets: “Unlike communities on VKontakte or profiles on Instagram, Telegram (even at the start of 2019) has a pretty low monetization threshold. [...] A channel with 5,000 subscribers can raise between 75,000 to 100,000 rubles (about $1,335) in investments, generating between 20,000 and 30,000 rubles ($385) in pure [monthly] profits for the editorial staff. Expenses will be higher for political channels, but smart editorial policies can mean profits three to five times higher for these channels.”
“The interface for working with channels and chats is just awful,” Taysaev complains. “If you’ve got a few of your own channels, you’re following the main socio-political and theme-based channels, and you’ve got five to 10 work chats open, then you’re probably missing something constantly (important information, advertising orders, or work assignments). [...] It’s better to have a ‘personal’ account for all your contacts and subscriptions, and a separate ‘work’ phone for your work channels.” According to Venediktov and Bederov, all of Taysaev’s personal social-media accounts were registered using his personal telephone number.
Taysaev’s telephone numbers — both the number linked to the Telegram account @silovikicat (which is provided as contact information in Comrade Major’s bio) and his personal number — have been deactivated. When Meduza reached out to @silovikicat with the message, “Greetings, Vitaly,” the user responded, “Greetings!” When asked, “You published a ‘database of Navalny’s supporters’ yesterday. Was this at someone’s request, or part of some paid integration?” the person controlling the account said they didn’t know this person, without specifying who they meant. Next, Meduza asked how the channel obtained the spreadsheet itself, and @silovikicat said, “The materials published on our channel are for entertainment and scientific-promotional purposes. Subscribers and other advertising agencies (we provide these services to [Comrade Major]) send us information, goodies, and ‘exclusives.’ This is the first we’ve heard of Taysaev. Maybe it’s one of the many advertising agencies or SMM managers whom this channel has replaced dozens of times. By the way, you guys have a really interesting, really cool publication. :).”
Vitaly Taysaev told Meduza over Facebook Messenger that he has no connection to Comrade Major, except when he was “hired to grow its audience for about two months in 2017.” Asked why the Telegram account identified in Comrade Major’s bio is registered to a phone number linked to his name by GetContact, Taysaev said he may have given the SIM card in question to a new client. “We do this sometimes, so the client has the correspondence history,” he explained (though he offered a different reason after Meduza published this report, claiming on Facebook that he transferred the SIM card “to control sales and budgeting”). Taysaev says Comrade Major has been resold twice, according to his information, but he says he doesn’t know its current owner. Taysaev was also unable to name the individuals who hired him to work on Comrade Major, but he says they might be people “from some clique close to the Kremlin.”
How did people’s personal data end up in the file shared by Comrade Major?
A representative from the telecom MTS assured Meduza that the company has no idea how the data in the “Baza” spreadsheet was collected, where the victims lost their personal information, or why it was all combined in this file. “For many years, MTS has led Russia in client numbers, so it’s hardly surprising, if relatively more MTS clients turn up somewhere,” said the spokesperson. A representative from another Russian telecom told Meduza on condition of anonymity that the phone numbers on the spreadsheet were probably taken from people’s arrest paperwork, pointing out that the database repeats some of the same phony addresses that activists gave the police.
Internet Research Institute managing director Karen Kazaryan believes Russia’s intelligence agencies are using special equipment at Moscow’s protests to intercept data from demonstrators’ mobile phones. He says the authorities field cell-site simulators known as “Stingrays,” which masquerade as legitimate cell-phone towers, tricking devices into connecting. “They’re one of the FSB’s favorite tools right now, and they use them at rallies, too,” Kazaryan says.
Mikhail Klimarev from the Internet Defense Society disagrees: “They don’t use IMSI-catchers [international mobile subscriber identity-catchers]. The technology is too expensive and it's pointless. Why would the police field these expensive devices, when they already have access to all the information at the network carriers? If there was a database leak, then it came from the carriers.”
Igor Bederov thinks the database leak is the result of police fieldwork: “It’s just a summary from different departments. Consider the fact that there are telephone numbers for only about 40 percent of the people listed, but there are passport data for everyone, which is how it works at the Interior Ministry’s Operational Search Bureau, which does all the ‘sticks’ at these events for the ministry’s Main Directorate.”
The “sticks” in this case, Bederov explains, are people who have been identified. He says one or two units from the Operational Search Bureau, each comprising about 100 officers, are sometimes deployed to political protests. “They go to a location and move through the crowd, supposedly looking for instigators and troublemakers, when in fact they’re drawing up a list of everyone there,” Bederov says. “This is how random passersby end up on these lists. For example, there are cars there along the road, they copy down the license plates and punch those numbers in, and bam you’ve got ‘citizens who participated in the rally.’ From there, you plug the plate numbers into the ‘Kronos’ system [a leaked police database sold on the black market], and then you’ve got their passport data, too.”
“When you arrest 1,500 people, there’s an opportunity to get their whole database,” a source close to the FSB told Meduza. “Some of them will break, admitting to anything and cooperating. Arrests are made, case officers conduct an initial survey (of the weakest, least prepared detainees), and then the psychologists go to work on them. Anybody who falls for this is turned over to the investigators, who beat them and push them to the breaking point. When the client [detainee] is finally ready, he spills everything about everyone.” For case officers who get access to these personal databases, says Meduza’s source, it’s not hard to find the passport data or other private information of other detainees, after their friends have rolled on them.
The same source says the August 9 leak was meant as a threat from Moscow’s authorities to the organizers of the protest at Sakharov Prospekt on August 10: “It’s like, ‘We’ve done the math on all of you,’ but the threat is very unprofessional and stupid. Apparently, there’s a real crisis of brainpower in the Mayor’s Office.”
Translation by Kevin Rothrock