On 14 August 2014, at around ten in the morning, a man walked into a cafe near Tishinskaya Square in Moscow. He ordered a coffee, sat down in the cafe’s far corner, and opened up a cheap laptop. Next, he launched a few applications: a text editor, an app for encrypted chat, and a web browser. Then he connected to the free wi-fi and accessed the internet through a VPN using his own private server, in order to make tracking his actions impossible. He opened Twitter in the web browser and entered the login and password that were saved in a separate document. His first tweet read, “I’m resigning. I am ashamed of this government’s actions. Forgive me.” The note immediately appeared on Prime Minister Dmitry Medvedev’s official Twitter account, visible to his 2.5 million subscribers.

Taking a sip of his coffee, the man in the cafe wrote a few more tweets: I will become a free photographer. I’ve dreamed about it for some time. I’ve wanted to say this for the longest time: Vova [Putin]! You are wrong!; and I like reading @Navalny [prominent opposition figure Alexei Navalny].

The man didn’t think anything unusual or extraordinary about his task. He hadn’t even planned on coming to the cafe that day to write on the Prime Minister’s account. It just so happened then that he was the only one not at work among the members of the group Anonymous International, better known as Shaltay Boltay. The programmers at Shaltay had gained access to Medvedev’s Twitter account long before, when downloading from iCloud copies of three of Medvedev’s smartphones (the Prime Minister kept his social media passwords in a note on one of his iPhones). “We monitored Medvedev for two years, but nothing interesting ever happened, so we decided we’d just troll him instead,” one of Anonymous International’s members told me, explaining the reason for the Twitter hack.

“Fly to Bangkok. Buy a local SIM card, and email us the number”

Thirty minutes after the first phony tweet, Vladimir Putin’s press secretary, Dmitry Peskov, announced to reporters, “I can say with high probability that we’re looking at a hacker attack.” The government soon confirmed it: “The Prime Minister’s Twitter account has been hacked. The last few messages posted to his micro-blog are untrue.” Medvedev’s press service started deleting some of the tweets, but the man in the cafe managed to publish a few more: We might be returning to the 1980s. It’s depressing. If this is what my colleagues in the Kremlin are after, they might soon get their wish; and Russians shouldn’t have to suffer because the country’s leadership has problems grasping common sense. Additionally, the man in the cafe retweeted Anonymous International’s Twitter account, @b0ltai (blocked inside Russia since April 2014): “The circus has ended and the clowns have scattered. Ban electricity! 😊.”

The “creative technician,” as he’s called at Anonymous International, was able to scribble as many tweets as he pleased — nobody was able to kick him out of the account. To stop what was happening, Medvedev’s press office would have needed to ask Twitter’s administrators to block the account. Instead, after an hour, the man wrote to his colleagues over chat, saying, “I’m bored. I’m getting out of here.” He closed his netbook and walked out of the cafe.

One of Anonymous International’s heads told me this story in the city of Bangkok, in early January 2015. He didn’t tell me his name, he refuses to let me describe his appearance, and he forbade me from recording our conversation. For the sake of convenience, I’ll call him Lewis. (After all, Lewis Carroll’s Alice in Wonderland, with its inside-out logic, most accurately captures the world of Russian politics, Shaltay’s members have said). It took three months of emailing to arrange a meeting with Lewis. At first, the meeting was supposed to take place in Istanbul, then in Kiev, and later, in November 2014, Anonymous International’s representative informed me that they could only meet in the Thai capital, where “it’s warm and the booze and women are cheap 😊 😊 😊.”

The final instructions regarding our meeting arrived in my inbox just a day before they expected to meet: “Fly [to Bangkok]. Buy a local SIM card, and email us the number. You’ll be called back within a few hours, and we’ll agree about the meeting.” A day later, after doing this, Lewis himself was the one to call me. He said the meeting would take place a few hours later on Khao San Road, the most crowded area of the city.

“We don’t do this thing because it’s permitted. We do it because we’re compelled”

A little more than a year before this meeting, on 12 December 2013, Anonymous International registered its website on Wordpress.com (its newer site, b0ltai.org, appeared later, in the summer of 2014). On 31 December 2013, these online activists published the full text of Putin’s New Year’s national address — several hours before it aired on television. Over the next 12 months, Anonymous International released what was mainly correspondence lifted from email accounts and mobile phones belonging to Russian politicians of varying degrees of influence.

In the spring of 2014, Shaltay leaked documents about several high-profile people and events in Russia and Ukraine: the state’s gameplan for a supposedly grassroots mass demonstration in Moscow in support of Russia’s actions in Crimea, documents about how the Kremlin prepared Crimea’s secessionist referendum.

On 27 July 2014, acting on orders from Roskomnadzor, Russia’s federal agency for media oversight, Russian ISPs blocked access to the domain b0ltai.org. The group’s main Twitter account, @b0ltai, was also blocked. Today, Shaltay’s website is accessible in Russia only via VPN or a mirror site. The group also runs @b0ltai2, a duplicate Twitter account, still unblocked in Russia, that reproduces all the first account’s posts, down to its retweets.

“To get information, sometimes you need to persuade people”

In August 2014, Anonymous International released archives from three different email accounts allegedly belonging to Dmitry Medvedev, as well as correspondence from Duma deputy and United Russia member Robert Schlegel about an organized “troll” attack on the websites of major American and British news media (including The New York Times, CNN, the BBC, USA Today, and The Huffington Post).

In December, Shaltay posted a photograph of Kristina Potupchik, the former press secretary of the pro-Kremlin youth group Nashi, apparently depicting her sitting in an office inside the Kremlin beside a bag full of cash.

The photo of Potupchik was meant as a tease, Shaltay implied, and two weeks later they leaked emails (about an orchestrated media campaign against opposition leader Alexei Navalny) and SMS records supposedly belonging to Timur Prokopenko, a former head of the pro-Putin youth group Molodaya Gvardiya (Young Guard), and now an official in the Kremlin.

“We have a small circle of regular clients. Our prices start at $30,000. I won’t say how high they go”

In an interview conducted over encrypted chat, Anonymous International’s press secretary asserted that the group publishes leaks because it is “dissatisfied with the restrictions on free speech online and with Russia’s aggressive foreign policy”. It has complaints about Russian domestic policy, too: “They only let the convenient candidates participate in elections,” and it’s “impossible to work peacefully in a small or medium business”. Shaltay’s stated mission is “to change the world for the better, helping to bring greater freedom and social awareness”.

One of the group’s members even quoted the 2009 film Watchmen, saying, “We don’t do this thing because it’s permitted. We do it because we have to. We do it because we’re compelled. Once a man has seen society’s black underbelly, he can never turn his back on it.”

Shaltay Boltay, if Lewis is to be believed, is only a “side project”. The group’s main work is getting hired to dig up information about private and public individuals. The whole company consists of a dozen people. Apart from the technical staff, there are Shaltay and Boltay, who manage communications with the outside world, two co-founders (one of whom is Lewis), and a woman named Alice. “She’s a field officer doing extremely important work. For instance, when needed, she follows Prokopenko to a cafe and sits down behind him, to see what he types on his computer,” Lewis explains.

“We have about two terabytes of data. A lot of those files are about people close to Vladimir Putin”

The company’s structure, Lewis says, resembles an “online gaming clan”: the staff don’t know each other in person, but they spend hours chatting together every day. No one collects a regular salary, and the size of one’s earnings depends on how much he or she contributes to an operation. They pay these fees in cash, and sometimes in bitcoins. They’ve hired no new staff since they started publishing documents under the Anonymous International brand.

Lewis says all the group’s employees, except for Shaltay and Boltay (who are based in Bangkok), live inside Russia. Lewis himself moves between Moscow, St Petersburg, and Kazan (though he never explains why he goes to Kazan specifically).

Every time before crossing the Russian border, Lewis wipes his hard drive of all its files. He came to Bangkok for just one day, arriving from a neighbouring Asian country.

Lewis confuses the subway stations, and we have to get out of our car and backtrack on the next train. Leaving the subway, we head for a European-style cafe because he “doesn’t like Asian food”. Lewis suggests walking there through a back alley, where, in almost total darkness, among the shacks and puddles, we find no passage and turn around. Finally, we sit down at the first cafe we can find.

Lewis is quiet. When he speaks, he doesn’t make eye contact. Talking to him isn’t easy. When I ask him questions about specific people and situations, he smiles and usually says, “Let’s leave that without any comment.”

We leave the cafe.

I ask him if I can photograph his laptop or his hat. Lewis hangs his hat on a fence, so that none of the signs in the picture’s background are visible. “It would be easy to come here later, pay someone some money, and get the camera footage from this area,” Lewis explains, as he buys some orange juice from a street vendor. He takes out a small bottle of gin from his bag and has a sip. Then he fishes out from his pocket the disposable phone he used to call me. With a handkerchief, he rubs off the fingerprints and removes the SIM card and battery, tossing them in different trash bins.

Then he runs off to catch a train to the airport.

Text: Daniil Turovsky for Meduza
A longer version of this article was originally published on Meduza English