The Dark Side of the Kremlin: Hacked Russian documents explained

On January 25, tens of thousands of Russian emails and documents were leaked online after hackers uploaded over 170 gigabytes of data to the internet.

The catalogue of leaks – known as The Dark Side of the Kremlin – was published by a self-styled “transparency collective” called Distributed Denial of Secrets (DDoS). 

Private documents and emails of senior Russian political and religious figures, oligarchs and the military are among the swaths of information. 

DDoS comprises an anonymous group of journalists, activists, researchers and tech experts.

On its website, the group says it does not support “any cause, idea or message beyond ensuring that information is available to those who need it most – the people.”

The Kremlin, in general, has proved fairly Teflon to a lot of revelations over the years. There are domestic investigators and whistleblowers ... that uncover tremendous amounts of wrongdoing and it never really has any consequence for anybody in power.

by Samuel Greene, head of the Russia Institute at King's College London

Journalist and co-founding DDoS member Emma Best, a US citizen, told Al Jazeera: “The information is its own goal.

“If it causes change, so be it. If it confirms what people already suspected or knew, but in specifics that allow for detailed study? So be it.”

She says the collection of emails, their attachments, and numerous chat logs were hacked over several years by various hacking groups in Ukraine and Russia including the Ukrainian Cyber Alliance, the Cyber Junta and Russian hackers Shaltai-Boltai (Humpty Dumpty) and Anonymous International.

Here are seven things to know:

What information is in the leak?

The leaks contain internal documents and emails originating from the Russian Presidential Administration and Ministry of Defence as well as personal emails from high-level political operatives like Kremlin adviser Vladislav Surkov and separatists in East Ukraine.

The personal documents of Russian Prime Minister Dmitry Medvedev were uploaded from his hacked iPhone, which included holiday pictures and a “to-do” list of renovations for his home.

Private notes belonging to Yevgeny Prigozhin, who is known Russian President Vladimir Putin’s “chef” – he controlled the companies that catered high-level dinners and banquets for foreign dignitaries at the Kremlin – were also in the leak.

Prigozhin has been linked to the Wagner private military company, which was once described by the BBC as a “shadowy” organisation providing mercenaries in Syria.

According to the leak, Prigozhin made notes on conversations between Putin and European leaders such as Italy’s Silvio Berlusconi. The pair shared their experiences of meeting the then-retired British PM Margaret Thatcher; the Iron Lady allegedly scolded Putin for not keeping his room tidy.

They also shared their views of the press and compared their sleeping habits.

What insight does it give into Russia’s conflict with Ukraine?

Investigative journalist Roman Dobrokhotov told Al Jazeera that the most interesting hacks were of the Russian Presidential Administration, which “added to the transparency of the Russian government system.” 

He said: “We found all the structure, how the government controls media in Russia, how they spread their messages through members of parliament and loyal TV channels or newspapers. How they start criminal investigations against [the] opposition or journalists without any real basis.”

However, Samuel Greene, head of the Russia Institute at King’s College London (KCL), urged caution.

“It’s not gospel,” he said. “So, there’s reason to doubt the veracity of some or any of the documents that are involved because first of all, they can be tampered with prior to publication. We don’t know what’s left out and what can be inserted.

“I would never want to use these sorts of documents as the only source on a story or piece of analysis. They”re helpful to identify questions that need to be asked.”

The leaks do give some insight into Russia’s influence in Ukraine – showing its material support and financial control of separatist leaders. A document labelled “Operation Troy” detailed a Russian plan to create a land bridge to Crimea by having Russian forces dress as Ukrainian nationalists in order to take over the southern regions of Dnipro and Zaporizhia.

Similarly, further hacks of figures inside the “Donetsk People’s Republic” (DNR) – a pro-Russian group designated as a terrorist organisation by Ukraine –  show the inner workings of Russia’s proxies, including internal discussions as to which journalists should be given accreditation to visit Donetsk. 

Conversations in the hacked emails of Tatiana Yegorova, a DNR communications employee, showed how British BBC correspondents were described as “NATO propagandists” but were allowed accreditation on the basis that the broadcaster was “influential”.

Why were the documents leaked now?

Best explained that the release made all the information “available in one place in a way that prevents censorship or it being lost to the memory hole.” The group, she says, is self-funded from the collective’s members’ own pockets.

Separately, one of the DDoS servers was mysteriously wiped shortly before last month’s release, prompting them to upload the files “sooner, rather than later, to nullify attempts to censor it.” 

There is no evidence to suggest who was behind the wipe, but Best said it gave the group an “incentive to not wait.”

Is this leak connected to the DNC dump, via WikiLeaks?

An important distinction for DDoS is that the Kremlin leaks are not revenge for the 2016 DNC and John Podesta email dump, which prompted the US to accuse of Russia of interfering with its electoral process. 

Best concedes, saying it may “add a layer of irony” to the emails, but maintains that this wasn’t their motive.

Is all the information new?

Most of the leaks have been available on the dark web for some time.

Despite this, Dobrokhotov estimates at least a dozen investigations were completed on the Presidential Administration hacks alone.

There have been relatively few conducted by English-language media, however.

He says the leak would be “super-interesting for Western media”, adding that there are better resources now for probing the information compared to when the documents were first hacked, explaining that now is “the best time” for investigative journalists.

Greene, of KCL, explained: “In terms of what’s been released – most of it is old enough at this point that the Kremlin will see it as ‘water under the bridge’ – they’re not worried about the fallout of anything that might be revealed.

“But, the Kremlin, in general, has proved fairly Teflon to a lot of revelations over the years. There are domestic investigators and whistleblowers – people like Alexei Navalny with his anti-corruption investigations that uncover tremendous amounts of wrongdoing and it never really has any consequence for anybody in power. They’re not necessarily inclined to be worried about revelations.”

What does the leak reveal about Russia?

Chatham House Academy Fellow Anna Korbut, a former journalist from Ukraine, said Western observers could learn from the leaks how Russian “active measures” – the opaque activities of their people and proxies – have created a paradigm shift in terms of how states act beyond their borders.

By analysing the leaks, observers could understand “a problem they used to hardly notice or think of as very regional and very isolated to Ukraine and between Russia and Ukraine.”

What will happen next? 

It remains unclear, but Russia has punished hackers and cracked down on sharing information before.

Several hackers were detained by the Russian Federal Security Bureau in 2016 at the time of the original leaks. Two later left Russia, while a third – Vladimir Anikeev of Shaltai-Boltai – was jailed for two years in 2017.

More recently, the Russian Ministry of Defence banned its soldiers from using social media.

Dobrokhotov says the government now pays close attention to its cybersecurity, but believes it still has “so many holes” because of “corrupted” Russian institutions.

Korbut thinks that leaks will continue “on both sides” given the increased skill of hackers globally and relatively easy access to digital tools.