13:34 Nov. 3, 2016
New portion of documents adds to the mounting evidence of Kremlin's leading role in Ukraine conflict
Ukrainian hackers released a second cache of emails tied to Vladislav Surkov, a key Kremlin figure overseeing the Minsk ceasefire agreement and, as many have contended, an architect of Russia's strategy to take Crimea and supervise pro-Russian separatists in eastern Ukraine.
The first release, which AtlanticCouncil's Digital Forensic Research Lab analyzed last week, exposed specific details regarding Surkov's cooperation with Donetsk separatist leaders, most notably Denis Pushilin. However, more often, the first leak of emails showed us Surkov's concern with the media environment of Ukraine and the perceptions in Russia, Ukraine, and the West regarding figures and projects related to the self-declared republics of the Donbas.
DFRLab's analysis of the second leaked inbox, with emails ranging from November 2014 to September 2016, shows many of the same concerns in these emails, along with new revelations.
Comparison between leaks
Like with the first leaked inbox, the second batch of Surkov emails was published by the Ukrainian hacker group "CyberHunta." While the first inbox contained .PST files — data files for Microsoft Outlook inboxes — the second inbox are .MBOX files — common for web mail inboxes, such as Gmail. This difference is consistent with the source of the two inboxes: the first (PST) is from Surkov's "incoming" inbox on a Russian government server (firstname.lastname@example.org), which presumably used Outlook. The second (MBOX) is another "incoming" inbox for Surkov that was hosted on the popular web client Mail.ru (email@example.com).
The operators of two leaked inboxes are also the same: two Surkov assistants named Maria and Yevgenia.
The first dump of emails was widely viewed as genuine, including from American and Ukrainian intelligence officials. In DFRLab's analysis, all evident indications pointed towards the authenticity of the leaked materials. The email headers (metadata) appeared reliable, individual incidents could be confirmed with hard-to-find and public information, and various individuals independently confirmed that they had sent emails that appeared in the hacked materials.
The second email cache shows similar signs of authenticity.
Like the first leak, the second released inbox has no bombshell information that would be expected in a forged document, such as admission of culpability in the downing of MH17, receipts of payment to families of Russian soldiers who died in combat in Ukraine, and so on.
The most interesting information is subtle, and in line with previous assumptions of Surkov's role in managing the self-proclaimed Donetsk People's Republic.
Taken together, the two leaked Surkov inboxes shows us what we already knew: key Kremlin figures are supervising separatist officials, funding anti-government movements in Ukrainian-controlled cities, and guiding propaganda efforts related to the Ukrainian Conflict. There is little doubt that Russia will deny the importance of these leaks, but these emails provide a valuable window into the inner workings of the architect of the Crimean takeover and Ukrainian separatist movements.
Read the full DFRLab's analysis here