On the morning of March 1, 2017, Catherine Mörk and Linda Altrov Berg were in the offices of Norstedts, a book publisher in Sweden, when they received an unusual email. A colleague in Venice was asking for a top-secret document: the unpublished manuscript of the forth-coming fifth book in Stieg Larsson’s “Millennium” series. The books, which follow hacker detective Lisbeth Salander, have sold more than 100 million copies. David Lagercrantz, another Swedish writer, had taken over the series after Larsson’s death, and his latest — The Man Who Chased His Shadow — was expected to be one of the publishing events of the year.
Norstedts was guarding the series closely. Lagercrantz wrote his first “Millennium” book on a computer with no connection to the internet and delivered the manuscript on paper, at which point Norstedts mailed a single copy to each of the book’s international publishers. With the new title, Norstedts wanted to streamline the process — Lisbeth Salander’s publisher, they figured, should be able to protect itself from hackers and thieves. Mörk and Altrov Berg, who handle foreign rights at Norstedts, consulted with other publishers of blockbuster books. The translators working on one of Dan Brown’s follow-ups to The Da Vinci Code, for instance, were required to work in a basement with security guards clocking trips to the bathroom. Norstedts decided to try sharing the new “Millennium” book via Hushmail, an encrypted-email service, with passwords delivered separately by phone. Everyone would have to sign an NDA.
The unusual email came from Francesca Varotto, the book’s Italian-edition editor, and arrived shortly after Norstedts sent out the manuscript:
Dear Linda and Catherine,
I hope you are well. Could you please re-send me the link to the manuscript of The Man Who Chased His Shadow?
Minutes later, and a few blocks away from Norstedts headquarters in Stockholm, Magdalena Hedlund, the agent representing the book, received a similar email from Varotto. It was strange that Varotto had lost something so valuable, but she and Hedlund were old friends, and the email struck a familiar tone. Plus everyone was scrambling: The book was set for release in 27 countries simultaneously, and the translators had to get started. Hedlund sent her friend the link to the manuscript.
Varotto replied instantly. “I’m sorry M,” she wrote. Varotto said that her password was “disabled/expired.” Could Hedlund send a new one?
Back at Norstedts, Mörk also received an email from Varotto. “Sorry Catherine,” the message read. “Could you please give me the Hushmail code?” Altrov Berg dashed off a separate message to Varotto, asking if everything was okay.
Suddenly, her phone rang. “Why are you sending me this?” Varotto asked. Altrov Berg explained what was happening. Varotto was confused. She hadn’t sent any emails to Norstedts all day.
With Varotto on the phone, the two Norstedts employees scrolled through the messages. The emails looked like ones Varotto would send: The text used the same font, and the signature at the end was styled just like hers. Then, with Varotto still on the line, Mörk got yet another email asking for the password.
They scanned the messages again. Only now did Varotto notice that the signature listed her old job title; she had been promoted two months earlier. The subject line also misspelled the name of her company. Finally, they realized the email address wasn’t hers at all: The domain had been changed from @marsilioeditori.it to @marsilioeditori.com.
Everyone deleted the emails. What other malicious tricks were lurking inside? The IT department at Marsilio Editori began investigating and found that the fraudulent domain had been created the day before through GoDaddy. It was registered to an address in Amsterdam and a Dutch phone number. When an employee tried calling, it went straight to a recording: “Thank you for calling IBM.”
The “Millennium” team was in a panic. The thief didn’t yet have the password, as far as they knew, but was clearly determined to get it. Publishers around the world depend on a best seller like this, and an online leak of the manuscript could derail its release.
But the book’s publication came and went without a hitch. The manuscript never reappeared. What was Fake Francesca Varotto after? Much more than Lisbeth Salander’s best-selling exploits, it turned out. On the same day as the “Millennium” emails, Fake Francesca asked someone else in publishing for an early look at Lot, Bryan Washington’s story collection, as well as a debut novel about an accountant who becomes a fortune teller. Even stranger, the thief had other identities. Later that day, a fake Swedish editor went to the Wylie Agency in London to request a copy of Louise Erdrich’s just-announced novel, and someone pretending to be Peter van der Zwaag, a Dutch editor, asked a colleague in New York for the same fortune-teller book. Fake Peter then introduced his new assistant to request that she be added to a private mailing list filled with confidential publishing information. The assistant followed up with a friendly note: “It’s so busy and overwhelming now with the London Book Fair, isn’t it?” The assistant didn’t exist.
This was a setup Stieg Larsson would have admired: a clever thief adopting multiple aliases, targeting victims around the world, and acting with no clear motive. The manuscripts weren’t being pirated, as far as anyone could tell. Fake Francesca wasn’t demanding a ransom. “We assumed it was the Russians,” Mörk said. “But we are the book industry. It’s not like we’re digging gold or researching vaccines.” Perhaps someone in publishing, or a Hollywood producer, was desperate for early access to books they might buy. Was the thief simply an impatient reader? A strung-out writer in need of ideas? “In the hacker culture that Stieg Larsson depicted, they do a lot of things not for financial benefit,” Mörk pointed out this spring, “but just to show that they can do it.”
When I first heard about the scheme in February, four years after the attempted “Millennium” heist, the thief was still on the loose, exhibiting behavior that was even bolder and more bizarre as they chased after everything from Sally Rooney’s latest to novels by obscure writers never published in English before. This sounded like a fun challenge, a digital mystery to obsess over at a time when the real world was shut down. I texted a friend in publishing to find out more. She quickly replied, “The culprit has been identified.” This was unexpected. The New York Times had two reporters on the case last year, and the FBI had been called in to investigate, but no charges or accusations had been leveled publicly. One of my colleagues, Lila Shapiro, looked into the scam in 2019 but dropped the story after concluding the case might be too baffling to crack. Many in publishing were too paranoid to discuss it. One literary agent, who had become obsessed with solving the mystery, had declined to talk because she feared Lila herself might be the thief.
And yet my contact was certain — or “like 85 percent sure” — that the thief was a particular person, a man who had worked in New York publishing for a decade. He was an outsider in the industry with a reputation for becoming pushy when he didn’t get what he wanted. He seemed to conduct his business almost entirely over email.
Link to the rest at Vulture