A few hours before Vladimir Putin gave his 2014 new year’s speech, a shadowy group calling itself Shaltai Boltai — the Russian for Humpty Dumpty, the nursery rhyme character — beat the Russian president to it by posting the text online.
“We’re always with you, even when you least suspect it,” the anonymous bloggers wrote.
Such audacious leaks used against the Kremlin itself made Shaltai Boltai one of the leading exponents of the peculiarly Russian dark art of “black PR”, a cottage industry mixing fake news and compromising material, or kompromat, used to blackmail politicians and businessmen.
“It’s a kind of anonymous celebrity. Nobody knows who you are, but everyone’s writing about it,” says Alexander, one of the members of the group.
Now, after years of sparking intrigue and gossip among Kremlinologists by leaking top officials’ correspondence, Shaltai Boltai has been thrust into a wider spotlight by the arrest of its ringleader, Vladimir Anikeev, in a murky case tied to treason proceedings against officers of the FSB, the Russian intelligence service. Russian press reports claim the FSB officers were Mr Anikeev’s handlers.
Alexander, who met the Financial Times in Estonia where he intends to seek asylum, believes he is the group’s last member at large.
Asking only to be identified by his first name, Alexander confirmed his identity by producing previous email correspondence between this reporter and an account Shaltai Boltai used to leak information, as well as photos of him alongside Mr Anikeev.
Amid western anxiety over Russia’s information war capabilities, the treason case — the highest-profile proceeding in years against senior officers in the FSB, the successor to the KGB — has opened a door on Russian intelligence’s murky connections with the hacker underworld.
US officials have already accused Russian intelligence of hacking Democratic party servers last year, while election officials in France and Germany are on alert for any Russian attempts to use hacking to interfere with their forthcoming elections.
Mr Anikeev has not been charged alongside the FSB officers in the treason case, denies having worked with any intelligence agencies and has pleaded guilty to leaking correspondence from politicians’ accounts, according to his lawyer, Ruslan Koblev.
Alexander, who met the FT in a Mexican restaurant in Estonia, on the ground floor of a hotel once run by the KGB, says he met Mr Anikeev in St Petersburg in 2003 at an event for users of damochka.ru, a cross between an erotic services site and an embryonic social network. There is no independent way to verify Alexander’s account of his involvement with Shaltai Boltai.
A decade after that first meeting, Alexander says, Mr Anikeev asked him to help leak kompromat that had been gathered on senior Russian officials. Bored at his job in mobile advertising and disgruntled with Mr Putin’s hardline politics, Alexander agreed.
Alexander claimed he never knew exactly how the files, which usually came from easily hackable accounts on popular free services such as Gmail, mail.ru and Yandex, were obtained.
As Russia fanned the conflict in Ukraine throughout 2014, the group posted the hacked correspondence of people involved in the seizure of Crimea, the Russia-backed insurgency in eastern Ukraine and a pro-Putin online army. Later, they posted the correspondence of several top officials and hacked prime minister Dmitry Medvedev’s Twitter account.
Many observers suspected officials themselves were leaking the files to settle internal scores. But Alexander said the group’s motivations became much simpler: selling stolen inboxes online for bitcoin. “It became more and more commercial,” he said. “I thought about leaving, but I already knew too much.”
The group made $1m to $2m selling files, most of which was spent on “operational expenses”, Alexander said. By this point, he was spending most of his time in Thailand, and Mr Anikeev had moved to Ukraine. They communicated using encrypted chats.
Alexander was not even sure how many people were in the group. Two other men have been arrested alongside Mr Anikeev; Alexander says he knew one of them, Konstantin Teplyakov, but claims never to have heard of the other, Alexander Filinov.
Things changed in early 2016, Alexander said, when Mr Anikeev told him the group had acquired unnamed handlers in Russian intelligence who had asked for a publishing veto. Though they never exercised it, he became suspicious late last year, when Mr Anikeev told him that he had been arrested at St. Petersburg airport on his way to Minsk, held in Moscow for three days, and then released after his handlers intervened.
When Mr Anikeev asked him and Mr Teplyakov to meet him in Moscow in early December, Alexander told him to prove he was at liberty by sending a selfie and a receipt from a French café. Mr Anikeev duly complied. “That made me even more suspicious,” Alexander said. “Normally, if I’d told him to go to the other side of town and do something like that, he’d have told me to screw myself.”
Mr Koblev, Mr Anikeev’s lawyer, says his client has been in jail for three months and could not have gone to the café.
Despite the group’s demise, Alexander says Shaltai Boltai was the first wave of Russia’s murky online future.
“We had our finger on the button. People found out things they’d never have had any idea about,” he said.
Get alerts on Russia when a new story is published