For years, a mysterious figure has been stealing books before their release. Is it espionage? Revenge? Or a complete waste of time?

Illustration: by Madison Ketcham

Illustration: by Madison Ketcham

Illustration: by Madison Ketcham

This article was featured in One Great Story, New York’s reading recommendation newsletter. Sign up here to get it nightly.

Update: On January 5, 2022, the U.S. Attorney’s Office for the Southern District of New York announced that it had arrested Filippo Bernardini, a 29-year old Italian man, for allegedly conducting the scheme outlined in this story.

On the morning of March 1, 2017, Catherine Mörk and Linda Altrov Berg were in the offices of Norstedts, a book publisher in Sweden, when they received an unusual email. A colleague in Venice was asking for a top-secret document: the unpublished manuscript of the forth-coming fifth book in Stieg Larsson’s “Millennium” series. The books, which follow hacker detective Lisbeth Salander, have sold more than 100 million copies. David Lagercrantz, another Swedish writer, had taken over the series after Larsson’s death, and his latest — The Man Who Chased His Shadow — was expected to be one of the publishing events of the year.

Norstedts was guarding the series closely. Lagercrantz wrote his first “Millennium” book on a computer with no connection to the internet and delivered the manuscript on paper, at which point Norstedts mailed a single copy to each of the book’s international publishers. With the new title, Norstedts wanted to streamline the process — Lisbeth Salander’s publisher, they figured, should be able to protect itself from hackers and thieves. Mörk and Altrov Berg, who handle foreign rights at Norstedts, consulted with other publishers of blockbuster books. The translators working on one of Dan Brown’s follow-ups to The Da Vinci Code, for instance, were required to work in a basement with security guards clocking trips to the bathroom. Norstedts decided to try sharing the new “Millennium” book via Hushmail, an encrypted-email service, with passwords delivered separately by phone. Everyone would have to sign an NDA.

The unusual email came from Francesca Varotto, the book’s Italian-edition editor, and arrived shortly after Norstedts sent out the manuscript:

Dear Linda and Catherine,

I hope you are well. Could you please re-send me the link to the manuscript of The Man Who Chased His Shadow?

Thank you!

Best,

Francesca

Minutes later, and a few blocks away from Norstedts headquarters in Stockholm, Magdalena Hedlund, the agent representing the book, received a similar email from Varotto. It was strange that Varotto had lost something so valuable, but she and Hedlund were old friends, and the email struck a familiar tone. Plus everyone was scrambling: The book was set for release in 27 countries simultaneously, and the translators had to get started. Hedlund sent her friend the link to the manuscript.

Varotto replied instantly. “I’m sorry M,” she wrote. Varotto said that her password was “disabled/expired.” Could Hedlund send a new one?

Back at Norstedts, Mörk also received an email from Varotto. “Sorry Catherine,” the message read. “Could you please give me the Hushmail code?” Altrov Berg dashed off a separate message to Varotto, asking if everything was okay.

Suddenly, her phone rang. “Why are you sending me this?” Varotto asked. Altrov Berg explained what was happening. Varotto was confused. She hadn’t sent any emails to Norstedts all day.

With Varotto on the phone, the two Norstedts employees scrolled through the messages. The emails looked like ones Varotto would send: The text used the same font, and the signature at the end was styled just like hers. Then, with Varotto still on the line, Mörk got yet another email asking for the password.

They scanned the messages again. Only now did Varotto notice that the signature listed her old job title; she had been promoted two months earlier. The subject line also misspelled the name of her company. Finally, they realized the email address wasn’t hers at all: The domain had been changed from @marsilioeditori.it to @marsilioeditori.com.

Everyone deleted the emails. What other malicious tricks were lurking inside? The IT department at Marsilio Editori began investigating and found that the fraudulent domain had been created the day before through GoDaddy. It was registered to an address in Amsterdam and a Dutch phone number. When an employee tried calling, it went straight to a recording: “Thank you for calling IBM.”

The “Millennium” team was in a panic. The thief didn’t yet have the password, as far as they knew, but was clearly determined to get it. Publishers around the world depend on a best seller like this, and an online leak of the manuscript could derail its release.

But the book’s publication came and went without a hitch. The manuscript never reappeared. What was Fake Francesca Varotto after? Much more than Lisbeth Salander’s best-selling exploits, it turned out. On the same day as the “Millennium” emails, Fake Francesca asked someone else in publishing for an early look at Lot, Bryan Washington’s story collection, as well as a debut novel about an accountant who becomes a fortune teller. Even stranger, the thief had other identities. Later that day, a fake Swedish editor went to the Wylie Agency in London to request a copy of Louise Erdrich’s just-announced novel, and someone pretending to be Peter van der Zwaag, a Dutch editor, asked a colleague in New York for the same fortune-teller book. Fake Peter then introduced his new assistant to request that she be added to a private mailing list filled with confidential publishing information. The assistant followed up with a friendly note: “It’s so busy and overwhelming now with the London Book Fair, isn’t it?” The assistant didn’t exist.

This was a setup Stieg Larsson would have admired: a clever thief adopting multiple aliases, targeting victims around the world, and acting with no clear motive. The manuscripts weren’t being pirated, as far as anyone could tell. Fake Francesca wasn’t demanding a ransom. “We assumed it was the Russians,” Mörk said. “But we are the book industry. It’s not like we’re digging gold or researching vaccines.” Perhaps someone in publishing, or a Hollywood producer, was desperate for early access to books they might buy. Was the thief simply an impatient reader? A strung-out writer in need of ideas? “In the hacker culture that Stieg Larsson depicted, they do a lot of things not for financial benefit,” Mörk pointed out this spring, “but just to show that they can do it.”

When I first heard about the scheme in February, four years after the attempted “Millennium” heist, the thief was still on the loose, exhibiting behavior that was even bolder and more bizarre as they chased after everything from Sally Rooney’s latest to novels by obscure writers never published in English before. This sounded like a fun challenge, a digital mystery to obsess over at a time when the real world was shut down. I texted a friend in publishing to find out more. She quickly replied, “The culprit has been identified.” This was unexpected. The New York Times had two reporters on the case last year, and the FBI had been called in to investigate, but no charges or accusations had been leveled publicly. One of my colleagues, Lila Shapiro, looked into the scam in 2019 but dropped the story after concluding the case might be too baffling to crack. Many in publishing were too paranoid to discuss it. One literary agent, who had become obsessed with solving the mystery, had declined to talk because she feared Lila herself might be the thief.

And yet my contact was certain — or “like 85 percent sure” — that the thief was a particular person, a man who had worked in New York publishing for a decade. He was an outsider in the industry with a reputation for becoming pushy when he didn’t get what he wanted. He seemed to conduct his business almost entirely over email.

Even more intriguing: Someone, I was told, had proof.

Illustration: by Madison Ketcham

On the spectrum of cyberattacks, this one wasn’t very complex. There was no malicious software or actual hacking involved. Some of the earliest victims used Gmail accounts for work, which were easy and free to spoof. Registering an alternate domain and setting up an email server was only slightly more involved, and the possibilities were endless: t’s became f’s (@wwnorfon.com), q’s replaced g’s (@wylieaqency.com), r’s and n’s cornbined to make m’s (@penguinrandornhouse.com). The domains suggested someone who liked to play with words as much as code. Books became bocks, unless the company was Dutch, in which case boek was Anglicized to book.

What did seem sophisticated was the thief’s knowledge of the business. The culprit wrote like someone in publishing, abbreviating to “MS” for manuscript and “WEL” for world English-language rights, while exchanging insider chatter, telling one victim that a publisher was pitching a book as a comp to Pachinko and expressing surprise to another that a novel had recently sold for a shocking amount. The thief sent messages in the wake of announcements on Publishers Marketplace, a subscription website that tracks deals, but they also asked about books that the thief’s marks didn’t even know existed. The mimicry wasn’t always perfect — an assistant at the talent agency WME realized her boss was being impersonated because she would never say “please” or “thank you” — but the impression was good enough.

What’s more, the thief seemed to have a strong grasp of the rarefied world of international publishing. The first emails, in the fall of 2016, traveled almost exclusively among the small group of people who handle the flow of manuscripts between countries, including a foreign-rights manager in Greece, an editor in Spain, and an agent selling international writers in the Chinese market. In the attempted “Millennium” heist, only a few dozen people in the world knew the book was being shared with foreign publishers and that Mörk and Altrov Berg controlled access to it.

Suspicion quickly fell on literary scouts, whose work involves getting early access to books in order to advise foreign publishers and Hollywood studios whether to buy the rights. “We’re the ghost in the publishing machine,” Jon Baker, who works as a scout, said. “If anybody is going to be randomly asking you about something that’s coming out, it’s a scout.” The job requires finding books that match a client’s taste — a German publisher that wants historical fiction, a streaming service looking for strong female protagonists with a drinking problem — but scouts mostly try to get everything. Because agents often want to control who sees a book and when, a scout’s ultimate coup is a “slip,” or a manuscript obtained surreptitiously from a friendly source, cultivated over cocktails and coffees, giving the scout’s client a few extra days, or hours, to consider a book before the competition gets ahold of it. The most common shorthand is to say that scouts are the book world’s spies.

If the thief were a scout using digital espionage to get books that couldn’t otherwise be acquired, then that narrowed the list of suspects. “I always joke that scouting is like 40 people on earth,” said Kelly Farber, a New York–based scout. “It’s probably more like 60, but it’s not in the triple digits.” People eyed less-established players with suspicion. “I just thought it was a very bad scout who couldn’t get manuscripts,” Lucy Abrahams, a scout who lives in Tel Aviv, told me.

The person I’d been urged to look into was also a scout. The charges against him were vague — bad email manners, unusually aloof among his peers — but a source told me they had heard that a literary agency in New York had “hired an investigator” to look into the case and found something damning. My source was light on details, but the suspect had apparently been sloppy, attaching his real name and email to one of the fake domains registered early on in the scheme. Intrigued, my colleague Lila agreed to take up the case again with me. If the evidence was good, the mystery could be solved.

Actual proof was harder to come by. No one I spoke to at the literary agency seemed to know anything about it. Other domains were being registered with enough security to protect the thief’s identity, and when people reached out to GoDaddy about shutting them down, the company often did so, but declined to share any information, citing its privacy policy. It did seem curious that some of the domains appeared to be registered in the Netherlands and that the thief wrote to one person in passable Dutch. Several scouts noticed that a former colleague had recently started an e-book company that would presumably need content. He happened to be from Holland.

But the registrations appeared to be a red herring. Domains popped up with no clear pattern, registered to the address for a gay men’s health clinic in London, an H&M in Copenhagen, a housing development in Harlem, a bookstore in Melbourne. The scouting theory also had considerable holes. Many of the books were ones that any scout could get without much trouble. While agents and publishers tightly guard big titles like the “Millennium” series, which prop up the entire business, the challenge with most books is getting anyone to read them. One of the thief’s early targets — “a modestly selling author’s fifth novel,” as the book’s agent put it — sold fewer than 2,000 copies. The scheme seemed like a lot of work for little reward. And it came with great risk.

While riding the TGV from Paris to Germany in October 2018, a scout I’ll call Natasha — she requested a pseudonym in order to more freely discuss industry spywork — sent an excited email to her clients. A few days earlier, she had received a message from a scout named Jane Southern offering a trade. Southern had Ian McEwan’s new novel, Machines Like Me, and said she would slip it to Natasha, perhaps in exchange for another big release.

Scouts don’t often swap manuscripts, which amounts to giving intelligence to the enemy, but this was an unusual case. The foreign rights to a title by a big-name writer like McEwan are spoken for well in advance, which made the book less valuable to Southern’s clients around the world. Natasha, however, was among a growing number of scouts who work exclusively on behalf of Hollywood producers and studios, and the film rights to a new McEwan could be snatched up fresh each time. The book would be a trophy for Natasha to show her clients as she arrived at the Frankfurt Book Fair, international publishing’s Davos, and she was especially grateful to Southern for the offer because they had never met in person. Natasha saw Southern at a dinner and thanked her for the slip.

Southern had no idea what she was talking about.

After a quiet summer, the thief was back with a new tactic. They didn’t just want the McEwan. The McEwan was bait. And if the thief were trading in books that were of great interest to Hollywood, the money involved might change the risk-reward calculus for a scout. Studios and production companies depend on their film scouts for early access to books in order to start wooing a director and identifying star-worthy roles that would make for an enticing package. Maria Campbell, the scouting world’s biggest player, made her name in part by getting Michael Crichton’s Jurassic Park in front of Steven Spielberg; today, she scouts for Netflix. The thief’s earliest emails hit just as the streaming wars began and the hunger for content with a built-in audience ramped up. A producer landing early access from the thief would still need to buy the rights through proper channels, but a head start would make them ready to pounce when the time came.

The thief did possess a tenacity more common in Hollywood than the book world. If a target didn’t respond, the thief would often follow up with an identical request several hours later. One person received nine emails from the thief in a single day. Some insiders speculated the thief was servicing multiple Hollywood clients — scouts, producers, studios — none of whom knew, or wanted to know, where the material was coming from. “Maybe it’s another level do wn,” one literary agent whispered. “A subcontracted service.”

By the fall of 2018, the thief had made off with dozens of books, although no one knew how many times people had fallen for the scam, so the total haul was likely much higher. A literary agent in New York didn’t realize until this summer, when I helped her look through her inbox, that for seven months she had been sending manuscripts to the thief, rather than a scout she thought was simply dying to read her books.

Several people decided it was time to ask for outside help. A scout broke the news to The Bookseller, a British trade publication, and Publishers Weekly spoke to Ziv Lewis, who works for an Israeli publisher and said that he had threatened the thief with “Mossad-style cyberwarfare.” Erin Edmison, a scout in New York, even approached someone at the state attorney general’s office, only to be told that the potential for criminal rather than civil charges, not to mention the jurisdictional quagmire — how do you prosecute someone impersonating a Romanian asking a Swede for an American novel? — meant she might be better off trying the FBI.

To many in the industry, the case felt like one that book people, having sold no shortage of spy novels, could solve on their own. “There’s a bunch of us amateur Nancy Drews and Hardy Boys who have made our versions of the Claire Danes Homeland wall,” said Baker, the scout. In the spring of 2019, Baker conducted a sting. After the thief emailed a European client asking for Of Women and Salt, one of the season’s hottest novels, Baker mocked up a PDF with the book’s cover page — followed by the text of Pride and Prejudice. Baker told his client to slip the Austen mash-up to the thief and then alerted others to their plan. If the thief was a scout, Baker hoped, they would unwittingly send the fake book to their clients. But the PDF never turned up. Others tried similar gambits to no avail.

Three years into the crime spree, an industry based on trust and relationships faced a growing paranoia. Agencies started password-protecting minor books. (“I got a 70-page Dutch novella with an NDA,” one scout said. “An NDA for a 70-page Dutch novella!”) A scout and an agent developed a code word they included in emails to authenticate their conversations. People were suddenly distrustful of colleagues they had worked with for years.

The attacks felt personal. It was violating to men and women of letters to have their words appropriated — especially once authors themselves became targets. Many writers were vulnerable to the ruse, eager to please someone they thought was their agent or editor. Others experienced it as yet another letdown. The thief reached out to an Icelandic author, expressing interest in representing that person’s work abroad, only to disappear with their manuscript.

In 2019, the thief found out that Eka Kurniawan, an Indonesian novelist who was nominated for the Man Booker International Prize, had a deadline looming and decided to impersonate his agent. “You told me the manuscript would be ready before the 18th of July and it’s now the 14th,” the thief wrote, applying pressure on Kurniawan to hand over the draft. Kurniawan is now two years late, and his agent, Maria Cardona, said the stress was partly responsible. “He’s been quite stuck,” she said.

Multiple people told me they were convinced the thief was someone they knew pursuing a personal vendetta. But the breadth of the scheme suggested a grudge against the entire industry — perhaps an underling whose career hadn’t panned out was spoiling a party they weren’t invited to. A few months after his foiled sting, Baker sent a snarky reply to the thief in which he concocted another fake book. “There’s a new submission over here that’s the talk of the town,” Baker wrote. The book, he said, was called Anatomy of a Fraud. Baker told the thief it was “epistolary, a series of email exchanges.” The thief’s response suggested they were either oblivious to the innuendo or taking a sly delight in the chaos they were creating. They asked, “Can you share the MS pls?”

Our investigation was moving slowly. More leads were coming in, each less helpful than the last. A new suspect would surface, only for the evidence to fall apart under minimal scrutiny. The smoking gun I’d been promised remained elusive. The closest I could get was a former assistant at the literary agency in question who recalled the damning domain registration, but only in part. The domain had been registered to an address in Manhattan, somewhere above Central Park.

I turned to the emails themselves. Textual analysis came naturally to the industry’s sleuths, some of whom claimed to detect a Germanic cadence in the thief’s writing or an idiomatic French syntax. But each victim had only a tiny glimpse of the thief’s body of work. I started collecting dozens and eventually hundreds of emails, from all over the world, hopeful that patterns would emerge.

It was difficult to find anything meaningful. The thief largely emailed on weekdays, during New York working hours, but there were exceptions. They asked for “favours” and spread “rumours,” but also wished American victims a Happy Fourth of July. They wrote poorly in many languages: Hebrew, Icelandic, Korean, Swedish. (A Brazilian caught on when the thief wrote to him in European Portuguese.) The thief’s English, meanwhile, could be crisp and formal; clumsy and stilted; playful and clever; sometimes unreadable. They mostly wanted to get their hands on adult fiction, with occasional forays into YA and just enough nonfiction to make their taste in books inscrutable. Their favorite emoticon was ;).

With no pattern emerging, we looked to one of the thief’s biggest attacks for clues: an attempt in 2019 to steal The Testaments, Margaret Atwood’s sequel to The Handmaid’s Tale. Over several months, emails were sent almost every day to pretty much anyone associated with the book: Atwood’s agent, her publishers, their assistants, even judges for the Booker Prize — along with many others who had no connection to the book at all. “If it is a scout, then they’re often getting it spectacularly wrong,” Karolina Sutton, Atwood’s agent, said of the spray-and-pray approach. “It’s almost like they’ve hired someone else to do it.”

The attack presented new wrinkles. The thief began employing a devious deception that involved creating a fictional exchange between two people — an editor and an agent, say, talking about changes to a manuscript — then including the imaginary back-and-forth at the bottom of their email as if the thief were forwarding a conversation. The attacks concerned Atwood’s agency so much that it decided not to share the final version of the book with some publishers until after its domestic release, disrupting the book’s global unveiling.

Atwood’s representatives assumed that piracy was the goal. Her foreign publishing rights were spoken for, and Hulu was airing The Handmaid’s Tale, meaning the streamer was likely first in line for the film-and-TV option. An IT consultant for Atwood’s agency developed a related theory, positing that snippets of the manuscript were being used as bait to trick readers to turn over their credit-card information. But, yet again, no pirated manuscript appeared online. (The only leak came from the industry’s other disruptor: Amazon accidentally shipped 800 copies early.)

Some in publishing were beginning to question whether manuscripts were even the end goal. How else to explain why the thief would want sample pages of Bong Joon Ho’s Parasite storyboards and a ten-page book proposal for Michael J. Fox’s memoir? After a rights manager in Germany got hit, she speculated that a security company was stress-testing publishers in the hopes of later selling them protective software. Several friends I spoke to who consider themselves the good kind of hackers said this sounded like a cybergang’s training program: The stakes were low, the targets weren’t especially tech savvy, and there was a deliverable target — the MS — that a new recruit could bring home before moving on to stealing login credentials from employees at a nuclear reactor. In the wake of North Korea’s alleged leaking of emails from Sony Pictures, could this be another attempt to destabilize western culture? Dramatic, perhaps — but then again, I had found nearly 200 companies in more than 30 countries that the thief had impersonated, and none of them was Russian.

If the thief were really multiple thieves working from a dark warren somewhere, how did they know so much about book publishing? In early 2020, an explanation presented itself. Virginia Ascione, an Italian editor, sent an email to Mira Trenchard, her scout in the U.K. Minutes later, another scout Ascione works with received an identical email — only this one was sent by the thief impersonating Ascione. Somehow, the thief had instantly re-created a private message between two real people. Several months later, Trenchard was emailing with an editor friend when she realized her friend was being impersonated. Trenchard sent a separate email asking if she knew about the scam. “I didn’t!” the friend wrote back. “How sinister.” The thief then replied to the message Trenchard had sent to her friend with a gonzo version of the same response. “NO, I didn’t!!!” the thief wrote. “How sinister!!”

The thief, it seemed, was somehow reading Trenchard’s emails. (Trenchard has changed her password and hasn’t had any such incidents of late.) Several people told me about similar experiences with other publishing companies. Perhaps the thief had seemed at home in the publishing world not because they were a part of it but because they had been lurking inside people’s inboxes all along.

This suggested an operator that textual analysis wasn’t going to unmask. W e had no choice: Bring in the hackers. We consulted several cybersecurity experts, who found that the thief had upgraded their security starting in 2019, albeit only slightly. They had registered more than 300 fake domains — 13 for the Wylie Agency alone — using digital security certificates for an additional layer of privacy. This was enough to prevent our hackers from identifying the thief, but it didn’t suggest a sophisticated operation. For one thing, the certificates confirmed that the domains were controlled by a single entity, if not a single person. Many of my fellow sleuths asked me if there was credit-card information to find, not to mention how much the thief was spending on all this. But GoDaddy confirmed it had repossessed a number of the domains, many of them likely owing to payment fraud — the thief seemed to be using stolen credit cards.

Others decided it was time to bring in the big guns. Last summer, several people approached the FBI, sharing the thief’s emails with the bureau. But if this were a crime of which the primary consequence was annoyance, it wasn’t clear how high the case would rank on the FBI’s priority list. (The bureau declined to comment.) The names of the two G-men publishing people spoke to — Clay Chase and Boris Klyuchnikov — highlighted the absurdity of it all, as if we were living out a cheap le Carré imitation in which none of the clues added up.

The pandemic disrupted the book business just like everything else. The only constant was email, and the thief took advantage. After learning that a British agent had contracted the virus, the thief emailed the agent’s assistant — “[He] told me he has caught COVID, jeez, that’s awful!” — to ask if the assistant might have Joshua Ferris’s new novel. The thief began sending intra-office messages between colleagues who could no longer see each other face-to-face and buttered up targets by asking the difficult questions facing publishing’s elite: “Are you staying in the city now or have you gone upstate?” In another message, the thief explained that speaking on the phone was out of the question because they were only working European mornings before taking over child-care duty in the afternoon. To their victims around the world, the thief expressed empathy:

“I hope the situation is getting better in Norway!”

“Are you in Italy now? I heard things are now opening up there which is great!!”

“How’s working from home for you? For me it’s getting a bit stressful …”

For most of the pandemic, the thief’s scheme looked like a game, a way to pass the time. During the height of lockdown restrictions in London, the thief impersonated a U.K. scout to ask for Kevin Kwan’s forthcoming sequel to Crazy Rich Asians. “I’d like to take a look at it over the weekend,” the thief wrote. “Getting bored here.”

I was getting bored, too, and had to admit the investigation had become a welcome distraction from the state of the world. Every day brought a new domain to investigate, and I now had my own version of the Homeland wall: a spreadsheet filled with 400 of the thief’s emails and counting, organized into dozens of categories I hoped would reveal something before the scheme swallowed me whole.

I did find one unusual sequence of events. During the third week of last August, the thief seemed to snap. It was six months into the pandemic, and for the first time I could see, they were angry. On multiple occasions that week, they emailed literary agents threatening to leak unpublished manuscripts they claimed to already have unless the agents handed over another book the thief was after. In several cases, they pasted text from the manuscripts they had in order to make the threat real. They signed one such email “xxx.”

The most menacing message came on August 17. Linda Altrov Berg, who had dealt with the “Millennium” attack back in 2017, received an email impersonating an editor in Spain, asking for a book that Altrov Berg instantly knew that particular editor would never want. The thief, it seemed, didn’t actually know her world all that well. Altrov Berg sent a defiant reply: “Keep on dreaming!”

In the past, the thief had retreated from confrontations, skulking back into the digital shadows once the jig was up. This time, however, they shot back a reply: “Hoppas att du dör av coronaviruset.”

In English, the message translated to: “Hope you die of the coronavirus.”

COVID was bringing out a more vicious side of the thief. They convinced several translators to write reports on manuscripts in various languages, promising to pay $150 per book, then ghosting the translators once the work was done, an attack on some of the field’s lowest-paid people. There was no telling who they might go after next.

In late April of this year, a scout named Liz Gately, whom I had recently interviewed, received an email from the thief impersonating another scout named Bettina Schrewe:

Dear Liz,

Someone named Reeves Wiedeman contacted me to talk about the publishing scammer and he said you gave him my name. Who is he? Do you know him? Is he someone legit?

Best,

Bettina

The email wasn’t accurate. Gately hadn’t given me Schrewe’s name. How did the thief know I was on the case? I had spoken to more than 50 people in publishing, some of whom were suspects themselves. And earlier that week, I had emailed with Mira Trenchard, the scout whose inbox had seemingly been compromised. However they knew, the thief was aware of my efforts and reached out directly a day later:

Hi Reeves,

We might know who the phisher is! Apparently a few days ago he sent an email asking for a manuscript but he forgot to sign with the agent/victim’s name and put his own …

Best,

Bettina

Even in my heightened state of alertness, I had to scrutinize the phony email address several times to see that the “r” and “h” in Schrewe had been swapped. I called Lila to workshop a response. Should we let the thief know we were onto them? Or play along?

We chose the latter. “It definitely makes me feel anxious,” Fake Bettina wrote back when I asked about the effect of the ongoing scheme. (She said that she had recently heard that “the phisher got hold of an early draft of Taffy Brodesser-Akner’s new novel from the production department at PRH here in NY.”) Fake Bettina declined to say anything over email about the name in question, other than to note that it was a common one. She wanted to print the damning email and send it via FedEx; when I suggested our company mailroom, she said the material was too sensitive for that. Could we provide a home address? “I’ll pay the postage of course,” the thief wrote.

After a brief silence — when I followed up several days later, my email bounced back — the thief returned wearing a new costume. Now impersonating a Dutch editor, they sent four different emails: one each to my personal and work accounts and to Lila’s. Each was a warped but nearly identical version of the others. Three of the four cut off mid-sentence; one ended in the middle of a word, reading in full:

Dear Reeves,

I heard you’re working on an article on the publishing scammer and I w

What on earth was going on? I continued to play dumb, still hoping to glean something revelatory. But the thief quickly dismissed all of this as pointless. “It’s stupid and ridiculous,” the thief wrote. “Only a waste of time.”

Was the thief referring to our investigation, I asked, or the caper itself?

“The third option,” they wrote. I asked what they meant. “It’s only a publicity stunt set up by the Publishers and Editors Association,” the thief said, citing an organization that doesn’t exist. “They’re f ooling you.”

As the conversation stretched over several days, other strange things occurred. The thief impersonated my book agent for the first time. Anonymous accounts tried to connect with me on LinkedIn. One morning, I woke up to an overnight alert on my phone that someone was trying to log in to an online dating profile that had not been active for years.

Lila, meanwhile, had begun her own exchange with the thief. Our approaches diverged. While I was happy to methodically collect emails, hoping the next exchange would provide a case-breaking clue, Lila was eight months pregnant, and every time she returned from a doctor’s appointment, she grew more exasperated at my increasingly chaotic Homeland wall.

She wanted to be more direct. “Would you be up for a phone call?” she wrote to the thief. The thief suggested an in-person meeting instead. When Lila said she lived in Brooklyn, the thief said they did, too. Lila then suggested meeting in Cobble Hill, at which point the conversation turned.

“How about Fuck You Hill?” the thief wrote back. “Or can I meet you at Silly Cunt Square?”

The message went on. “TAKE MY ADVICE,” the thief wrote. “DROP THIS STUPID ARTICLE AND STOP WITH IT IMMEDIATELY!!!”

The thief wasn’t the only one who wanted me to stop. Two of this magazine’s editors sat me down and said that I couldn’t spend all year investigating a crime with no real victims. The world was sick and on fire with actual cyberattacks knocking hospitals and pipelines offline. It was time to write the ending.

In the course of reporting this story, more than a dozen people in publishing told us they believed a single suspect was behind the whole thing: the person I’d been told about at the outset. Most people couldn’t tell me much about him, but the details they shared fit the thief’s profile. He was from another country, and his English wasn’t great. His manner, in person and in writing, could be brusque. His client list was small, and his scouting business was sometimes a struggle: One former client told us that after parting ways with the scout, he sent her so many texts she had to block his number. He wasn’t on the literary social scene, which made people presume he was resentful. Then again, one scout admitted to me, “Do we all just think it’s him because he’s weird?”

The smoking gun — the mistaken domain registration teased by my friend — was meant to provide more substantial proof. After a seemingly endless game of tag, we finally got to the source. In the summer of 2017, Laila Lalami, the award-winning novelist, had been approached by the thief, who was impersonating someone at her literary agency. Lalami figured out something was wrong, and her husband, an IT engineer, looked into the domain and found that it was registered to a particular Gmail address. When Lalami shared the address with her agency, they saw the email seemed to belong to a scout — our original suspect.

But upon closer inspection, I found the proof was a mirage. The address wasn’t the suspect’s. It was yet another fake email, missing a single letter, the same one the thief had used to impersonate the suspect himself all the way back in 2016.

Lila and I scrambled for an explanation. Wasn’t it suspicious, at least, that the thief had used this particular address? Maybe our suspect was being framed? What a twist! But when I showed the evidence to Chad Anderson, a senior security researcher at DomainTools, he scanned some of the thief’s other domain registrations from the time and found that almost all of them were registered with fake Gmail accounts loosely connected to people and companies in publishing. Our smoking gun had misfired.

I had come too far not to close the loop. In early August, I spoke to the suspect on Zoom. He was sitting in the garden of his home wearing a blue polo shirt with the sun setting behind him, causing the screen to flare around him. He was shocked to hear that his colleagues in the industry suspected him and denied the accusation. Over the next 24 hours, he sent me 64 emails frantically laying out his case: messages that showed he could get books legitimately from agents all over the world, an email exchange from when he was impersonated and considered paying $2,000 to an anonymous hacker-for-hire for help, and several notes he had sent to the thief at the time: “I hope the new year brings you the end of your career and a big lawsuit. In other words, all you deserve.”

The suspect said he had a simple explanation for why people thought there was something odd about him. He was, by his own admission, kind of an odd guy. He was shy and had never fully assimilated into the New York scene he was supposed to become a part of. He rarely got invited to parties and wasn’t the type to crash them. His clients couldn’t spend big money, which meant sometimes agents ignored him, and he admitted that his position in the industry was sometimes frustrating. He had chosen a profession he thought was for bookish people like him, only to realize that in publishing, as in everything else, the extroverts still ruled. “Even if I’m an introvert,” he said, “I’m not a hacker.”

This felt like the final chapter. The suspect’s manner had been strange, but he had also presented more evidence in his defense than anyone had mustered in his prosecution. I felt less like Lisbeth Salander than one of M. C. Escher’s monks, wandering endlessly in circles. Maybe the thief was right. This was pointless.

Or … was the pointlessness the point? The one thing that seemed to tie all these tiny acts of deception together was a sense that the thief was in it for the pleasure of the act itself. Whoever they were — a disgruntled scout, a basement full of hackers laughing to themselves — they cared enough to keep at it for years, devoting countless hours to sending endless emails — all seemingly for nothing. I imagined that some in publishing could feel a certain empathy for a person engaged in an effortful obsession that produced little profit; after months of fruitless investigating, I certainly did. “If you try to find financial and economic gain, it’s of course hard to see,” said Daniel Sandstrom, the literary director of a Swedish publisher hit many times by the thief. “But if the game is psychological, a kind of mastery or feeling of superiority, it’s easier to visualize. This is a business full of resentment as well, and in that sense, it becomes a good story.”

Last week, in one final attempt at cracking the case, Lila and I sent an email to 89 different addresses the thief has used. Did they care to comment?

The thief hasn’t written back. But just a few minutes after the message went out, I got an unusual text from someone hoping to talk off the record — a person in publishing equally obsessed with solving the case. “It’s me!” they said, jokingly admitting guilt, after I asked whether they had just received my email. “Wouldn’t that be the best twist of all?”

I wasn’t kidding. I had walked so deep into the dark labyrinth of this mystery that rounding every bend seemed to reveal another uncertainty. Just last month, the thief expanded their scheme yet again: For the first time I knew of, they were impersonating someone in Hollywood rather than a book person.

And now, here was this source, beckoning me to join them even deeper in the maze. They were calling to tell me a story they hadn’t told anyone else. For two years, they had harbored a suspicion about a widely respected figure in the industry. The suspicion was based on one curious moment that could only make sense, they thought, if this new suspect were the thief. It could mean everything, my fellow obsessive said. Or it might mean nothing at all.

The Spine Collector