The Surkov Leaks, as they have been called on Twitter since their release, show us a picture of the conflict in Eastern Ukraine that we have long suspected: the Kremlin had a guiding hand in orchestrating and funding the supposedly local and independent government.
It serves as a good supplement for other proof of such evidence, like the Glazyev tapes and Informnapalm’s OSINT report on Russian military equipment in Donbas.
Ukrainian hacker group called “Cyber Hunta” released a cache of emails linked to the Kremlin’s “grey cardinal” — Vladislav Surkov. This political operative is well known in the West as the creator of Russia’s “sovereign democracy” and has been the point-man for Russia’s management, and sometimes direct control, of the so-called states of South Ossetia, Abkhazia, and the self-declared Donetsk and Luhansk People’s Republics.
The hacked inbox was for firstname.lastname@example.org, which was handled by his secretaries or assistants, including a “Masha” (Mariya) and “Yevgenia” (last names unclear). The majority of the emails are briefings from Surkov’s assistants, such as Aleksandr Pavlov.
On August 25, 2014, Surkov received an email from a Russian government official with the last name Govorun, originally sent from a Vitaly Leybin, concerning a letter addressed to the Ukrainian government from the “public representatives of the Donbass.” The title of the email was “corrections in the text.” This letter, supposedly from local citizens living in eastern Ukraine, tells of the horrors of the area resulting from the Ukrainian military’s activities, and calls for a cessation of the Ukrainian “Anti-Terrorist Operation” (ATO).
As documented by DFRLab, along with countless journalists and online investigations, a significant portion of the military equipment used in the Donbas was delivered from the Russian military. There is even more evidence of Russian involvement in the Ukrainian Conflict in January 2015 emails detailing the withdrawal of an exclusively Russian piece of military equipment.
An email from “Semyon Fish” on January 29, 2015 shows an early draft of weapon withdrawals for the eventual Minsk II ceasefire protocols. Not all of the elements in this draft made it to the final version of Minsk II, most notably the proposed withdrawal of a heavy flamethrower TOS system.
On May 13, 2014, Surkov was sent a PDF from a worker at the Marshall Group. This organization was founded by Konstantin Malofeev, a quite rich and even more notorious Russian ultra-nationalist who has been accused by the United States and European Union of being a key financer and supporter of pro-Russian separatists in eastern Ukraine.
The attached PDF contained a list of candidates for the government of the Donetsk People’s Republic, including the Speaker of the People’s Soviet (Pushilin), Ministry of Defense (Igor “Strelkov” Girkin), and other key officials. At the bottom of the document, a note says that the individuals with asterisks next to their name were “checked by us” and are “especially recommended.” These individuals included Aleksandr Zakharchenko, who is mentioned as under consideration for the role of Prime Minister. Eventually, this came true, and Zakharchenko was “elected” to the job. At the end of the document, the author (presumably Malofeev or someone working under him) says to ask for the opinion of “Vladimir Ivanovich” regarding Aleksandr Khodakovsky, the commander of the Vostok Battalion. It is currently unclear who this Vladimir Ivanovich is.
On December 15, 2015, Vladislav Surkov was sent the lists and resumes of the candidates for various positions in Luhansk People’s Republic (LPR). This demonstrates that appointments of candidates for senior positions are fully centralized and depend on the Kremlin.
A large number of messages in Surkov’s reception office mail concern the situation in Kharkiv.
The reports on the social situation in Kharkiv and the opportunities of its destabilization are very interesting.
For example the report of April, 29, 2015, named “The Package of Measures Kh” states that the majority of the population of Kharkiv Oblast is opposed to Kiev and offers measures to escalate the situation.
However, in June the situation looks radically different, thanks to, among other things, the activities of the Ukrainian Security Service (SBU) and the wisdom of the citizens. According to another report, the slogan “Rise, Kharkov!”, is no longer trending. Kremlin’s agents try to justify their failures, offering Surkov the distorted picture of “reprisals”.
Russian MP (in 2015) Mikhail Markelov sent a handful of documents to Surkov via his assistant, Anna Makharinskaya. In the attached documents from emails sent on April 29, June 4, and June 18, 2015, we see how Markelov proposed the creation of nominally local initiatives that were supposedly organized by Kharkov citizens. Markelov also sends Surkov lists of planned protests in Kharkov — again, supposedly with the organization and participation of local citizens. One of the locals that the then-Russian MP suggests to lead a new organization is Igor Massalov, a Ukrainian politician who organized pro-Russian demonstrations in Kharkov in 2014.
Future correspondence from Markelov include a list of planned events in Kharkiv, most of which were connected to the aforementioned Igor Massalov, entitled “Plan of initial measures for the election campaign in the Kharkiv Oblast,” (План мероприятий предварительного Этапа использования избирательной кампании в Харьковской области). These events were planned from “the end of June” to “the first half of August,” all before the local elections that took place in the Kharkov Oblast, among other Ukrainian regions, in October 2015. Another email from June 18 describes the organization of a flashmob protest in Kharkiv, which will “consist of 30–50 people” and where “it is necessary that people yell that Poroshenko should step down.” We encourage our readers to find possible instances of this flashmob protest taking place.
Other messages from Markelov show the clear intentions of Surkov and his proxies in Kharkiv: to foment unrest and erode the authorities of the Ukrainian government. The Russian MP and Surkov looked to create and support local pro-Russian organizations, organize events to help elect Kremlin-friendly candidates, and shift public opinion towards Russia and the separatists it backs. A June 4, 2015 email from Markelov is revealing, in that he peels back the ideological-charged language that floods Russian media and shows a more pragmatic view of the situation in Kharkiv.
The messages sent to Vladislav Surkov by the editor-in-chief of the Russian Reporter magazine Vitaliy Leybin present a very large body of revelations.
For example, in the message with the subject “For V.Yu. somewhat secret, there are names”, Leybin reports that he met with his friend Igor Guzhva (Vesti media holding) on the subject of “the Bigger Ukraine”. “He holds our license for the Kiev version of the “Reporter”. By the way, we promised him help from our European friends on the subject of freedom of speech in Ukraine,” states Leybin in his message.
Vitaliy Leybin doesn’t say anything new about the life in “the young republics”, but when included in a report for Surkov these facts gain additional importance. He writes about looting, coal trade, imprisonment of Russian citizens “in the cellars”, and the conflict between Zakharchenko and Khodakovskiy. He also brings up the role of Rinat Akhmetov:
“He helped me too, when I asked for assistance with the release of unlawfully detained journalists etc. And the “info” about connections to the oligarch can be found on everyone who tried to run a business, for the obvious reason: the whole oblast belonged to Rinat. By the way, regarding the gas station chains, there are rumors of redistribution in favor of Kurchenko and that Z (Zakharchenko – Ed.) is upset. And when I was there, there were gas shortages in Donetsk. The prices have gone down a little, but they are still overinflated, higher than Ukrainian ones, even though it’s likely purchased in Russia at Russian prices. It would be better to deal with this pricing mess rather than encourage internal squabbles and “manage” the redistribution. It would actually be great to say directly to our commanders there to stop playing VIPs and wannabe oligarchs, walking around with dozens of personal security and driving around in expensive cars. They should at least stop showing off their provincial attitudes,” states Leybin in one of his messages to Surkov.
The mailbox also contains evidence of Surkov’s oversight over the fuel markets in DPR. A subsidiary company is created in Russia under Surkov’s control that buys fuel at commodity exchange prices and uses Russian Railways for customs clearance and delivery of the fuel into Ukraine to rail stations in Donetsk Oblast. (In September 2016 there were fires of fuel farms and ammunition storages in the specified area – Ed.). Fuel deliveries are financed by Russian National Commercial Bank (this bank operates in Crimea and is subject to sanctions). This means that there exists a procedure for financial and economic activities in the occupied territories, which involves a subsidiary of the Russian Republican Fuel Company, Russian Railways, and RNCB bank.
When was RUH8 created?
Sean Townsend is his chosen pseudonym on Facebook, complemented by images of the notorious Guy Fawkes mask of hacker group Anonymous and the Ukrainian coat of arms. Before Sean, he was “Ross Hatefield,” until the world’s leading social network banned that account for impersonation.
In hacker circles, he is better known as RUH8 — pronounced “roo-hate” to express his aversion to all things Russian.
RUH8 agreed to speak with RFE/RL on condition that we avoid publishing his real name, which he only uses with friends unaware of what he does outside his day job as a Kyiv-based security researcher.
He provided details of the cyberwar that has been raging — parallel to the shooting war between Ukraine and Russia-backed separatists in eastern Ukraine over the past 30 months — between the respective sides’ patriotic hackers using digital subterfuge.
RUH8 is part of a Ukrainian “hacktivist” collective that includes four hacker groups: CyberHunta, Falcons Flame, Trinity, and RUH8. When working together, they call themselves the Ukrainian Cyber Alliance. Their declared enemy is the Kremlin, and their avowed mission is to expose its meddling in Ukraine and ultimately to destroy Russian President Vladimir Putin’s regime.
They regard a hacker group called CyberBerkut — which international cybersecurity experts have blamed for digital attacks on Ukrainian ministries and its presidential election in 2014 — as their Russian counterpart. They also believe CyberBerkut is an alias for Fancy Bear, a hacker group with suspected ties to the Russian state that is thought to have worked with another Russian group, Cozy Bear, to disrupt the upcoming U.S. presidential election.
In mid-2014, somewhere around spring-summer. We had each our own skill sets at that time, being involved in information security. Then we understood that the government needs our help because there were no specialized departments in the security service or military intelligence. We saw they needed help with obtaining information
Tell us how the war is manifest in cyberspace.
Cyberwar, or infowar, is a wide topic. We are involved in the technical aspects of this war.
You are part of the “Cyberalliance.” Tell us about it
Cyberalliance is a quasi-organization with the participation of several groups – RUH8, Trinity, Falcon Flames, Cyberhunta. There are structures affiliated to the hackers – the Myrotvorets site, Informnapalm analytical agency.
How do you conduct your operations? Who does the planning?
Each unit in the Cyberalliance functions separately. It outlines and implements its own goals. But there are moments when we do act together – when somebody has special knowledge that will be useful for the whole team.
There have been other recent successes for the pro-Kyiv hacktivists, too.
The Cyber Alliance and InformNapalm collaborated to leak the mobile-phone data of a Russian national named Arseny Pavlov shortly after his death in an elevator bombing in eastern Ukraine in October. Better known by the nom de guerre Motorola, Pavlov commanded separatist fighters in Donetsk and had boasted of killing captive Ukrainian troops. The hackers alleged the leaked phone data showed, among other things, that Motorola had feared assassination by Russian security services.
In May, Falcons Flame and Trinity hacked and defaced nine websites associated with the separatist group that calls itself the Donetsk People’s Republic and what the hackers said were private Russian military companies operating in Ukraine and Syria that were associated with Russia’s Federal Security Service (FSB).