In January 2017, the popular Russian business newspaper Vedomosti reported that Russian presidential aide Vladislav Surkov accepted the resignation of his first deputy, and that this resignation may be related to a series of publications on the leaked correspondence of Surkov’s staff exposed by Ukrainian hackers. These dumps of correspondence were provided exclusively to InformNapalm volunteer intelligence community and published on the community’s website in late 2016. The story has unfolded further, as the hacktivists extracted new dumps of correspondence associated with the head of the Department of the Administration of the President of Russia, the first deputy presidential aid Inal Ardzinba.

• SurkovLeaks timeline

  The first dump of the mailbox [email protected] belonging to Surkov’s reception office with almost 1 GB of data was made public in October 2016 under the code name SurkovLeaks. The correspondence contains details about the business and media interests of the Russian Federation in Ukraine, and in particular, about the risks of economic blockade of the occupied territories controlled by illegal armed groups (IAGs) of Donetsk People’s Republic (DPR) and Luhansk People’s Republic (LPR). The files also contain complete lists and contact details of the staff of the Directorate for Cooperation with the CIS Countries, Abkhazia, and South Ossetia, contact data of the government officials of the self-proclaimed Republic of Abkhazia (RA). There also are “temniki” or instructions for particular media spins for positioning of the “key figures of the RA” and much more. The materials also contain scans of passports of Vladislav Surkov and his family.

  In November 2016, the second array of the leaked data was published titled SurkovLeaks (part 2). This leak was mainly based on the data retrieved from the mailbox [email protected], which was managed by Maria Vinogradova, another employee of the presidential aid’s office. The dump contained 336 incoming and 87 outgoing messages, with the total size of 340 MB. In the correspondence, we discovered following documents:

  – draft plans of activities for implementation of the Protocol signed by the Trilateral Contact Group on January 29 and 30, 2015. Both versions contained clauses on the withdrawal of heavy flamethrower systems (HFS) for 14 km. The Minsk Agreement (Minsk-2) was agreed upon at the summit on February 11 and 12, 2015, but the actual text no longer contained any clauses on HFS;
  – Lists of the LPR top officials recommended for replacement;
  – “Set of measures X” (to destabilize the situation in Kharkiv);
  – Plans for the federalization of Ukraine;
  – Evidence that Surkov controlled the fuel market in the DPR, which is a likely explanation for a series of physical liquidations of IAG field commanders of LPR and DPR.
  There were other materials as well.

  Our publications of the two above-mentioned mail dumps from Surkov’s office made a stir in the Western media. The content was verified and its authenticity confirmed not only by InformNapalm, but also other by international OSITNT and analytical groups such as Bellingcat and Atlantic Council. Articles about Surkov’s office hacking appeared in the international media, including the BBC, TIME, Daily Mail, The Times, Radio Free Europe / Radio Liberty, The Guardian and others.

  Western experts were wondering about the origins of the leak. Som eo fthem in their interviews even argued, that the US security services were behind this material pointing out that the video which accompanied the publication of #SurkovLeaks was made at a high professional level, and also translated into several foreign languages, including Bulgarian. We are flattered that the information support of SurkovLeaks materials by InformNapalm volunteer intelligence community was taken by the experts as the work of American intelligence agencies.

The hacktivists of the Ukrainian Cyber Alliance and CyberHunta handed to InformNapalm for further investigation two more dumps from mailboxes associated with Surkov. [email protected] and [email protected] .

[email protected] – there were messages sent to this mail box with analytical notes from the Russian General Consulate in Odessa, Ukraien ([email protected] – this address is indicated as a contact on the website of the Russian Foreign Ministry http://www.odessa.mid.ru). Having analyzed the files attached to the messages and their properties, InformNapalm volunteers came to the conclusion that the mail-box was managed by Inal Batuvich Ardzinba, chief advisor to the presidential Directorate for Cooperation with the CIS Countries. Being Surkov’s deputy, Inal Ardzinb supervised and financed projects of the so-called “soft federalization” of Ukraine: Slobozhanshchina in Kharkiv, Porto-Franco in Odesa, People’s Republic of Bessarabia in Odesa Oblast, People’s Council of Nikolaev in Mykolaiv.

[email protected] is the e-mail address used by Alla Alexandrovska (she headed the Kharkov regional organization of the Communist Party of Ukraine, MP from 1998 to 2012) and her son Alexander Aleksandrovsky. They were responsible for the Slobozhanshchina project. In the summer of 2016, Aleksandrovska was detained in Kharkiv and has been held in custody ever since. She faces charges of offences pertaining to the violation of the territorial integrity of Ukraine and bribery (part 2 art. 110 and part 3 art. 369 of the Criminal Code of Ukraine). Her son Alexander is also a defendant in the case, but he is hiding from the investigation in Belgorod, Russian Federation, and continues to supervise subversive activities in Ukraine from there. They are charged with attempting to bribe town council deputies of the town of Pivdenne, Kharkiv Oblast, to appeal to the Verkhovna Rada, the parliament of Ukraine, with a demand for federalization of the country. Read more here:

Important correspondents

[email protected] – Anton Davidchenko, head of the Kolokol [the Bell in Russian] youth organization. He was responsible for planning and carrying out of projects involving provocations and riots in Odessa (Porto-Franco), Zaporizhia (Zaporizhia Working Group on Constitutional Reform), Dnipropetrovsk (Dnipropetrovsk Constitutional Forum), Mykolaiv (People’s Council of Nikolaev) and Kyiv.

[email protected] – Sargis Mirzakhanian, assistant to the member of the Russian parliamentary committee on defense Igor Zotov (Fair Russia party). Zotov supervises and sponsors political actions in Eastern European countries.

[email protected] – Alexey Muratov, Russian MP from Putin’s United Russia party. Muratov is the official representative of the DPR in Russia.

Highlights

1) The project to seize power in the Zaporizhia Oblast of Ukraine. It was sent as a protected archive in a message from Alexey Muratov on 11/12/2014. Hacktivists cracked the password: wq1234567890. The archive also contains a CV of the project coordinator, a DPR terrorist Volodymyr Novikov ( callsign Alabay). Novikov is the former leader of the security service of the former pro-Russian Party of Regions.

2) The list of current and former employees of the regional office of the Ministry of Internal Affairs of Ukraine in Odesa recruited by the Russian side. It was sent on January 11, 2015, by someone named Luiza Mamedova (e-mail address [email protected]) 

3) The report about provocations carried out in Odessa in early February 2015 evidenced by publications in the media. The message was mailed on February 16, 2015 by Luiza Mamedova.

4) Anton Davidchenko, the chairman of the Kolokol youth organization, reports about funds spending in the first half of 2015 for various events (we show here three of those messages as examples). The letters mention the money allocated for the payment for media and online publications. Amounts are indicated in USD.

All the events were also filmed on photos and videos, those reports were sent in separate messages. For example, in 2014 and 2015 many anti-Ukrainian graffiti appeared in Odesa in a clearly scheduled pattern. It turns out they were coordinated and approved from Moscow.

5) A brief summary of the Kolokol youth organization. The summary specifies that their groups were formed in three cities: Odesa, Mykolaiv and Kherson. The document also lists examples of accomplished jobs, with prices.

6) A message from Anton Davydchenko with a list of athletic thugs (mostly mid-level athletes in boxing, wrestling, Thai boxing etc.) for participation in violent riots in Ukraine.

7) Davidchenko reports about paid online publications: RBC, Bagnet, From-UA, Golos.ua, Channel 112, Ukranews. He also indicates the price for paid-for news on Ukrainian TV channels (in the correspondence, there was no evidence of the paid content airing on these TV channels, so it is likely they discussed general prices for airing partisan content).

8) Surkov’s assistant Ardzinba sends to Alexandrovsky basic provisions for the draft law “On the special development region of Slobozhanshchina”.

9) Aleksandrovsky sends to Ardzinba cost estimates for the holding of Slobozhanschina public events.

10) Aleksandrovsky sends to Ardzinba a plan for the upcoming regional elections 2015 in the Kharkiv Oblast for approval and requests to provide necessary funding.

So it was established that a part of the election campaigns in the Kharkiv Oblast was directly funded from Russia, a tactic also applied to influence election outcomes in the US, UK and EU.

11) Someone named Simon Simonov [email protected] wrote to Aleksandrovsky that one of the rallies in support of the law on the special development region Slobozhanshchina was banned by the Kharkiv City Council. Simonov also informs that the TV company Simon TV (Objectiv Media Group) refused to broadcast them and offered a refund through the New State election foundation.

Thus, the non-public data retrieved by Ukrainian hacktivists reveals the details of how Vladislav Surkov, with the help of his assistant acted to destabilize Ukraine, as well as supervised actions of violent gangs.

This publication was prepared by Mikhail Kuznetsov specially for InformNapalm international intelligence community site. Translated by Volodymyr  Bogdanov, edited by Artem Velichko. An active link to the authors and our project is obligatory for any reprint or further use of the material.
(Creative Commons — Attribution 4.0 International — CC BY 4.0 )
For notifications about InformNapalm investigations follow the community page on Facebook.