On 25 October, a hacking group, claiming to be based in Ukraine, released thousands of emails reportedly pilfered from the inbox of a high-ranking Kremlin official called Vladislav Surkov – known in some circles as Russia's "grey cardinal."
The hacking group – known as CyberHunta – published over 2,330 emails covering the period of September 2013 to November 2014, a turbulent and controversial period when Russian military invaded Ukraine and annexed the territory of Crimea.
Surkov, who many consider to have contributed to the electoral victory of Putin in 2004, was one the main architects of the current Russian political system – and previously served as Russia's deputy prime minister from December 2011 to May 2013.
One of the main revelations of the leak, as reported by The Hill, is that it appears to show a strategy to politically destabilise Ukraine while also working closely with major opposition leaders. The documents allegedly include a planned timeline that runs into March 2017.
"Achievement of the aforementioned objectives requires destabilisation of political life in Ukraine, and must be followed by immediate Parliamentary and presidential elections," one document, released alongside the main email trove, notes.
According to analyst Aric Toler from the Digital Forensic Research Lab, the hacked inbox was email@example.com and was likely managed by Surkov's assistants as a work account. The hackers reportedly accessed the account by infiltrating the popular Yandex web portal.
Ukraine's National Security Service (SBU) has claimed the contents of the leaks are real, although its experts warned the files may have been altered or tampered in some way. Surkov hasn't yet publicly commented on the leak.
Yet, as Bloomberg reported, none of the emails were directly sent from Surkov and he "always corresponds through intermediaries." This means that even if emails in his inbox are legitimate, there is no way to tell if he received them, asked to receive them, or ever replied.
In a blog post published on Twitter's Medium platform Toler was able to verify the contents of the leaked emails by correlating their contents to real news stories, conferences and events. The researcher took a deep dive into the leak and came to the conclusion they were legitimate.
"With the publication of a nearly 1GB [Microsoft] Outlook data file including the inbox, outbox, drafts, deleted email, spam, etc., it is fairly clear that the emails are authentic," he said.
"It is quite easy to fake screenshots, PDF documents, and other files, but faking email inboxes is quite difficult," he wrote. Within the email files is header information, which shows us the 'history' of each email – where it originated, which servers it moved through, and so on."
Upon analysis, Toler found that most of the emails were of little-or-no interest. However this, he wrote, "helps lend credibility to the email's authenticity." Some emails did include political briefings on the situation in Ukraine and a "calendar of announced events."
While none are likely to worry the Russian state too much, some emails do stand out. As noted by AP, the cache includes correspondence sent to Surkov by a separatist leader called Denis Pushilin. The email consisted of casualty lists and expenses for the management of a press centre in the rebel capital of Donetsk.
Meanwhile, a separate note, this time from a rebel-linked Russian billionaire called Konstantin Malofeev, appears to contain a list of ministers in the separatist government prior to their official announcement.
The Russian government has denied the authenticity of the leak. Putin's spokesman Dmitry Peskov – as reported by the Tass state news agency on 26 October – brushed off the accusations of a hack by claiming Surkov "doesn't use electronic mail."
"Someone must have sweated quite a bit to compose this document," Peskov said without clarifying which document he was referring to. "I can tell you: This is not him," he added. However, some phone numbers and email addresses in the leak checked by AP did turn out to be genuine.
Two sources within Ukraine's security apparatus told Radio Free Europe they do not believe the alleged destabilisation plan is authentic and said: "The PDF files do look strange. That's why we would like to see the originals. Then we could do forensic analysis and make a final conclusion."
Now, as analysis of the Russian-language emails continues, speculation is rising the leak may be related to recent comments by US government officials who touted a CIA plan to mount "unprecedented cyber covert action" against Russia in retaliation for alleged cyberattacks against the US political system.
"It's not impossible, but unlikely that Ukrainian hackers would be able to break into Surkov's government email account and download a huge collection of files from 2014," Mark Galeotti, senior researcher at the Institute of International Relations in Prague, told The Guardian.
"Given that the Americans have been hinting at a response, I cannot help but wonder if this was a US government shot across Putin's bows, a warning that it also has the capability to intrude and embarrass and a willingness to use it if Russia persists."