The Ukrainian Cyber Alliance (hacktivist groups FalconsFlame, CyberHunta, Trinity and RUH8) published today its latest SurkovLeaks dump, retrieved from the reception office of the Russian presidential aide Vladislav Surkov.

The dump contains messages of the early period (2013-2014) and the more recent archives for 2015-2016. The new leak has been codenamed SurkovLeaks (part 2). It focuses mainly on the pochta_mg@mail.ru. mailbox. The dump contains 336 incoming and 87 outgoing messages, with the total volume of 340 MB (download).

InformNapalm international volunteer intelligence community conducted verification of the published data and confirmed the authenticity of the emails.
While analyzing the data with the help of OSINT methods, it became possible to establish the specific person who owns the mailbox: Maria Vinogradova, adviser to Vladislav Surkov. This mailbox was the destination for some extraordinary and even arguably secret messages, lists, and reports, even though the largest portion of the dump consists of routine and trivial messages.

InformNapalm has prepared a brief overview of the most interesting details found in the messages published by the Ukrainian hacktivists.

1.Shopping for office supplies. Identifying the mailbox operator

One of the found emails was sent from the mailbox of Surkov’s reception office prm_surkova@gov.ru (its ccontent was published earlier). This proved that the owner of pochta_mg@mail.ru was associated with Surkov.

Another leaked message unveils additional data: personal phone number of the mailbox owner and office location somewhere close to Teatralny Proezd 5, Moscow. Within a 5-10 minute walking distance from this spot (close to Children’s World department store) there is The Presidential Administration of Russia. Another curious place located in this area is the second office building of the Russian Federal Security Service (FSB).

Searching by the phone number (+79036621519), specified as the contact for an office supplies order, we find the document titled

“Presidential Directorate for Social and Economic Cooperation with the Commonwealth of Independent States Member Countries, the Republic of Abkhazia and Republic of South Ossetia”. It contains contacts, full name and office number of the employee.

Maria Vinogradova, an employee in the office of the Presidential Aide apparently works in the office #432 in the FSB building mentioned above.
This establishes the person who processes email for Vladislav Surkov.

2. Minsk agreement (#MinskMonitor). Withdrawal of heavy flamethrower systems

At least twice, Vladislav Surkov received through this mailbox plans of activities for implementation of the Protocol signed by the Trilateral Contact Group. There were two versions dated January 29 and 30, 2015. Both versions contain the item covering the pull-back of heavy flamethrower systems (TOS) to 14km from the contact line.
However, the Package of Measures for the Implementation of the Minsk Agreements (Minsk II) was agreed on at the summit in Minsk on February 11-12, 2015, and open sources contain no references to pull-back of the TOS systems.
The versions of January 29 and 30 also differ with regard to the detailed descriptions of the ground control points for the withdrawal of the forces.
Previously, in October 2015 BBC news , citing the report of the OSCE observers, reported about militants operating TOS-1 Buratino, modern Russian multiple rocket launcher and thermobaric weapons. The piece emphasized that TOS-1 was produced only in the Russian Federation, and had never been exported to Ukraine.

In February 2015 InformNapalm presented the infographics
TOP-10 Military Gadgets Involved in the Russian Aggression Against Ukraine  which also featured TOS-1 Buratino, based to the findings of our HUMINT network.

Additionally, both documents discuss the transfer of counter-battery radar systems from Russia to the OSCE Special Monitoring Mission “to ensure the monitoring and verification of the state of ceasefire”.

3. Kremlin curator: “The list of the top officials of LPR ministries recommended for replacement”

On December 15, 2015, Vladislav Surkov was sent the lists and resumes of the candidates for various positions in Luhansk People’s Republic (LPR). This demonstrates that appointments of candidates for senior positions are fully centralized and depend on the Kremlin.

4. Kharkiv. Attempts to destabilize the situation in the region

A large number of messages in Surkov’s reception office mail concern the situation in Kharkiv.
The reports on the social situation in Kharkiv and the opportunities of its destabilization are very interesting.
For example the report of April, 29, 2015, named “The Package of Measures Kh” states that the majority of the population of Kharkiv Oblast is opposed to Kiev and offers measures to escalate the situation.

However, in June the situation looks radically different, thanks to, among other things, the activities of the Ukrainian Security Service (SBU) and the wisdom of the citizens. According to another report, the slogan “Rise, Kharkov!”, is no longer trending. Kremlin’s agents try to justify their failures, offering Surkov the distorted picture of “reprisals”.

There are also some curious incidents, when the activities of different Russian agents intersect. This also results in complaints to Surkov.

For an in-depth analysis of the situation in Kharkiv we recommend to look at the emails sent to Surkov’s reception office from the email address maharinskaya@mail.ru.

5. Ukraine’s federalization plans 

The email exchange contains a large number of notes, lists, and even creative “postcards” from Denis Pushilin (one of the top Donetsk People’s Republic (DPR) leaders). Surkov also received the lists of Ukrainian MPs, who offered various initiatives in line with the federalization plans, suggestions on the changes of the Constitution of Ukraine, and others. This will require a separate analysis.

6. Vitaliy Leybin notes

The messages sent to Vladislav Surkov by the editor-in-chief of the Russian Reporter magazine Vitaliy Leybin present a very large body of revelations.
For example, in the message with the subject “For V.Yu. somewhat secret, there are names”, Leybin reports that he met with his friend Igor Guzhva (Vesti media holding) on the subject of “the Bigger Ukraine”. “He holds our license for the Kiev version of the “Reporter”. By the way, we promised him help from our European friends on the subject of freedom of speech in Ukraine,” states Leybin in his message.

Vitaliy Leybin doesn’t say anything new about the life in “the young republics”, but when included in a report for Surkov these facts gain additional importance. He writes about looting, coal trade, imprisonment of Russian citizens “in the cellars”, and the conflict between Zakharchenko and Khodakovskiy. He also brings up the role of Rinat Akhmetov:

“He helped me too, when I asked for assistance with the release of unlawfully detained journalists etc. And the “info” about connections to the oligarch can be found on everyone who tried to run a business, for the obvious reason: the whole oblast belonged to Rinat. By the way, regarding the gas station chains, there are rumors of redistribution in favor of Kurchenko and that Z (Zakharchenko – Ed.) is upset. And when I was there, there were gas shortages in Donetsk. The prices have gone down a little, but they are still overinflated, higher than Ukrainian ones, even though it’s likely purchased in Russia at Russian prices. It would be better to deal with this pricing mess rather than encourage internal squabbles and “manage” the redistribution. It would actually be great to say directly to our commanders there to stop playing VIPs and wannabe oligarchs, walking around with dozens of personal security and driving around in expensive cars. They should at least stop showing off their provincial attitudes,” states Leybin in one of his messages to Surkov.

7. Surkov overseeing fuel markets in the “republics”

The mailbox also contains evidence of Surkov’s oversight over the fuel markets in DPR. A subsidiary company is created in Russia under Surkov’s control that buys fuel at commodity exchange prices and uses Russian Railways for customs clearance and delivery of the fuel into Ukraine to rail stations in Donetsk Oblast. (In September 2016 there were fires of fuel farms and ammunition storages in the specified area – Ed.). Fuel deliveries are financed by Russian National Commercial Bank (this bank operates in Crimea and is subject to sanctions). This means that there exists a procedure for financial and economic activities in the occupied territories, which involves a subsidiary of the Russian Republican Fuel Company, Russian Railways, and RNCB bank.

It is possible that the fuel market is becoming one of the reasons for the elimination of “DPR/LPR” field commanders, who threaten with the “Dremov’s secret flash card” or can’t be controlled in the process of contraband of fuel, coal, medicines, or illegal drugs.

Note that earlier, on October 25, Ukrainian hacktivists also published the dump of the mailbox prm_surkova@gov.ru that belongs to Surkov’s reception office. The size of the dump was almost 1GB. Its authenticity was confirmed by the InformNapalm experts and later acknowledged by other international organizations and analysts, such as Bellingcat and The Atlantic Council. The operation under the code name SurkovLeaks provoked widespread coverage in Western media.

Evidence data was exclusively provided to InformNapalm by the hacktivists of the Ukrainian Cyber Alliance for analysis and processing. InformNapalm Community bears no responsibility for the sources and origin of the data.

The mailbox dump was analysed by Mikhail Kuznetsov and Roman Burko for InformNapalm volunteer intelligence community. An active link to the authors and our project is obligatory for any reprint or further use of the material.
(Creative Commons — Attribution 4.0 International — CC BY 4.0 )
For notifications about InformNapalm investigations follow us on Facebook.