How a Bulgarian WikiLeaks Copycat Got the Scoop of a Lifetime

Innovation, the Internet, gadgets, and more.
Sept. 28 2012 9:45 AM

How To Leak a Secret in Bulgaria

An excerpt from Andy Greenberg’s This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim To Free the World’s Information.

Wikileaks founder Julian Assange addresses the press and his supporters.
WikiLeaks founder Julian Assange on the balcony of the Ecuadorian Embassy in London earlier this year

Photo by Carl Court/AFP/Getty Images.

The following is the second of three articles adapted from Andy Greenberg's This Machine Kills Secrets: How WikiLeakers, Cypherpunks, and Hacktivists Aim To Free the World’s Information, out now from Dutton. Read the first part here.

When Assen Yordanov ended his career as a buffalo shepherd and became an investigative reporter, one of his early scoops involved sneaking into to an illegal cigarette factory north of his hometown of Burgas in 1995. Yordanov’s story led to the factory’s shutdown and a two-year police investigation, but no arrests. He did, however, receive his first death threat, a letter warning him to “reserve a place in the cemetery for his tomb.” And he made his first acquaintance with Bulgaria’s most powerful man.

“One of those men involved in this factory that I exposed was Boyko Borisov,” Yordanov told me when we met in a sunny café in the Bulgarian Black Sea resort town of Varvara. Yordanov is a broad-shouldered man in a black T-shirt, with a half-week’s worth of stubble, and he’s taken off his pair of scuffed Oakley knockoffs to show me the serious expression behind them. “Today, he is the prime minister of Bulgaria. And sixteen years ago I showed that he is a criminal.”

In 1995, Yordanov’s accusations against Borisov hadn’t stuck. In 2011, with the help of WikiLeaks’ model of anonymously leaked documents, he would have another shot.

Yordanov and his smaller, techier partner Atanas Tchobanov met in 2008, when Tchobanov, a Bulgarian expatriate in Paris working with Reporters Without Borders, interviewed Yordanov about a knife ambush that had nearly killed Yordanov outside his home in the eastern Bulgarian city of Burgas.

Yordanov believed the attackers were linked with a story about corrupt real estate deals he had written. But he had no intention of backing down. Instead, he wanted Tchobanov to help him go further, to launch their own investigative news website. They called it Bivol, the Bulgarian word for Yordanov’s favorite animal, the buffalo. And despite running it with near-zero budget, the rare independent Bulgarian media outlet had immediate impact. Rumiana Jeleva, Bulgaria’s foreign minister, was set to be confirmed as a representative of the European Commission. Yordanov and Tchobanov helped to uncover financial ties she had failed to disclose, showing that she continued to own a consulting company long after she had claimed to have no interests in it. The story contributed to an investigation of Jeleva that was picked up in foreign media and finally led to her resignation from not only the EU post, but also her ministry position.

But Tchobanov could sense that Yordanov’s traditional breed of muckraking was endangered: In September of 2008, the journalist Ognyan Stefanov had been stopped outside a Sofia restaurant one night and brutally beaten with hammers and steel bars, left for dead with broken arms and legs and a severe concussion that he barely survived. In this case, the attack had a new twist: The victim had attempted—and failed—to remain anonymous.

Stefanov was secretly the editor of the blog Opasnite Novini—“Dangerous News”—that 10 days before had published a story based on a leak that showed officials in the new intelligence agency DANS were involved in a smuggling ring. DANS, whose name translates to “National Security Agency,” had been formed the same year, supposedly to fight organized crime. Somehow it had identified Stefanov.

In a government investigation that followed Stefanov’s beating and through more anonymous leaks to the press, DANS was revealed to be engaged in mass wiretapping of journalists and government officials. (By 2010, the Bulgarian government would perform around 15,000 wiretaps annually, close to 200 times the number per capita reported in the United States that year.) The mass surveillance and intimidation tactics of the Communist-era Darzhavna Sigurnost were alive and thriving.

Tchobanov knew that Bivol needed new ways to protect itself and its sources. So he simply typed “anonymous submissions” into Google. Soon he began to discover the cypherpunks’ many gifts to journalists: the email encryption program PGP, Off-the-Record encrypted instant messaging, the anonymity software Tor. And WikiLeaks.

The Bulgarian technophile was immediately fascinated by the site’s technical methods and utter fearlessness. He began to monitor its leaks closely, and even experimented with uploading an unverified document that a source had sent him, in the hopes that this mysterious group might be able to authenticate it and publish it to a global audience. The document, written in Bulgarian, never surfaced on the site.

It was only after the Cablegate release that Tchobanov began to consider the full power of WikiLeaks’ model—not just to protect journalism, but potentially to advance it. In a Skype chat with a few other journalists and technologists who worked on and off with Bivol, they proposed the idea of a leaking site that would publish locally focused documents that WikiLeaks wouldn’t, a leaking syringe targeted at the Balkans and its neighbors rather than a hose aimed at the world at large: BalkanLeaks. Within days, they had registered the URL and set up an SSL-encryption-protected site and a Tor Hidden Service in an OVH data center in the French city of Roubaix, the same one that briefly housed WikiLeaks’ publications until they migrated to Sweden.

To Tchobanov and Yordanov’s delight, the documents flowed into BalkanLeaks’ submissions portal immediately, from the nuclear power agreement to the judicial bribery tapes: solid, irrefutable primary-source evidence obtained with cryptographic anonymity.

But the Bulgarians, like Julian Assange, weren’t merely seeking to prove the power of cryptography and anonymity to slice through institutional secrecy; like all good journalists, they were on the scent of the biggest possible stories—and they smelled them hidden deep in the still-unpublished majority of the WikiLeaks cables, a trove of documents that, as Bradley Manning had promised in his leaked chat logs, affected every country in the world.

In February of 2011, nearly three months after Cablegate began, only 5,000 of the quarter million cables had actually been leaked. WikiLeaks lacked the necessary manpower to read the endless memos and redact the names of at-risk sources, and had put out a call on its Twitter feed for more media organizations to participate. Tchobanov emailed a plea to a WikiLeaks contact to give the 978 cables from the embassy in Sofia to Bivol. No response.

One released cable in particular had tantalized and galled Tchobanov and Yordanov: It was a 2005 briefing by U.S. Ambassador James Pardew on the state of organized crime in Bulgaria and its extraordinarily cozy ties to government. But after the memo’s redactions by WikiLeaks’ partners at the Guardian, it contained no specific names of Bulgarians. The Guardian had used the cable to construct a story on Russian influence in Bulgaria’s mafia world, but hadn’t been able to confirm any of the allegations against Bulgarians themselves. So the paper simply snipped huge portions of the text, mostly from a section titled “Who’s Who in Bulgarian Organized Crime.” Of the cable’s original 5,226 words, all but 1,406 were missing.

Luckily for Tchobanov and Yordanov, WikiLeaks’ control of the cables was itself beginning to spring leaks. One of the group’s erstwhile partners, a freelance journalist and controversial Holocaust denier named Israel Shamir, had obtained a portion of the unredacted cables and was using them to write stories for the Moscow magazine Russian Reporter. Tchobanov wrote him an email in February asking about the contents of the Bulgarian cable. To his surprise, Shamir soon responded with the full text. A few days after the Guardian’s Bulgaria story, the Norwegian newspaper Aftenposten announced that it had also inexplicably gained access to the full set of cables. So Tchobanov wrote to Aftenposten, asking the papers’ editors to verify the text that Shamir had sent him. They wrote back, confirming that Shamir’s slice of the megaleak was the real deal.

The unredacted cable was an encyclopedia of Bulgarian organized crime, with entries for every major group: gangs with names like Multigroup, Intergroup, TIM, the Union of Former Commandos, and the Amigos. It cataloged their involvement in all flavors of crime from tax fraud to smuggling, extortion to sexual slavery. It followed the flow of money to every major political party, and named government officials who openly consorted with the groups or had made the transition from mafioso to politician. The cable named towns like Svilengrad and Velingrad that were controlled entirely by mafia-cum-government.

Bivol published a story on the report, titled simply “Bulgarian Organized Crime, Uncensored.” Other Bulgarian newspapers picked up on the story. One, the paper Capital, headlined it simply “Black and White”; the cable had confirmed in stark terms all the corruption that had been suspected for years. As usual, no one was indicted, perhaps the strongest evidence of all of the government’s symbiosis with criminals.

For Bivol, the most important reaction came from WikiLeaks itself. The group published the unredacted version of the cable on its site rather than the version of the cable that had been gutted by the Guardian, and accused the newspaper on its Twitter feed of “cable cooking.”

Tchobanov wrote to WikiLeaks again, suggesting that instead of the Guardian, the group hand all of its Bulgarian cables to Bivol. This time WikiLeaks’ staff wrote back, asking for time to look into Bivol’s background and to learn more about Tchobanov and Yordanov.

Three weeks later, they got their response: an invitation to Ellingham Hall in the U.K. for a meeting with Julian Assange.

Monday: BalkanLeaks obtains and publishes Bulgaria’s own Watergate—and tests the limits of the media’s power to fight a fundamentally corrupt government.

Andy Greenberg is a technology reporter for Forbes Magazine, covering information security, privacy, digital civil liberties, and hacker culture. This Machine Kills Secrets is his first book.