The Dirty Secrets of a Smear Campaign

At the same time, Brero acknowledged violating Swiss law. He said that he’d paid phone-company employees for bills listing customer calls, sometimes using another private intelligence agent as an intermediary. “I know that the work done by these sources is illegal,” Brero testified. He refused to name his sources in court, but Swiss prosecutors subsequently arrested the agent and three phone-company employees in connection with the sale of call histories, and Le Monde suggested that Brero had betrayed his accomplices to protect himself. The trial also exposed other unseemly assignments that Brero had discussed with Areva—such as spying on Greenpeace—and some embarrassing e-mails. Brero had written to a client, “Despite my large size, I have the flexibility of a cat combined with that of a Bolshoi ballerina.” (Brero did not respond to detailed questions from me, including some about the Areva case.)

The scandal transformed his business. Although the French court imposed only a token penalty on Brero, he was convicted of inducing a phone-company employee to disclose customer data and of disseminating information acquired by illegal means. Former employees told me that the verdict drove away reputation-conscious law firms, banks, and corporations, along with international corporate-investigations giants, such as Kroll, that had previously subcontracted to Brero. At the same time, the Areva affair brought Alp less squeamish customers: oligarchs from the former Soviet Union, politicians and businessmen from small African states, sheikhs and tycoons from the Middle East. “They came from the East and the South,” a former Alp employee told me. “And they were very demanding.”

Brero recast his sales pitch, talking up his ability to spread negative information instead of merely collecting it. He now described his specialty as “offensive viral communication campaigns.”

After Nada met with the Swiss police officer, he fired off an e-mail to the general mailbox listed on Alp’s Web site, complaining of “fraud and prank calling to obtain private information regarding our company” and proposing to resolve the matter “amicably.” He received no response, and he was too busy settling the claims of Lord Energy’s creditors to follow up immediately. But the name Alp Services never escaped his mind. In early 2021, Nada e-mailed the company again, threatening “personal and professional repercussions on your agents and firm” if Alp did not correct the false allegations it appeared to have spread. By that April, his wife was about to give birth to their second child, and the stress of Lord Energy’s collapse was straining his marriage.

“It’s madness! This is no way to create an N.B.A. power forward!” Cartoon by Nick Downes Copy link to cartoon Copy link to cartoon Shop Shop

That is when he received an encrypted message from an unfamiliar French number. The sender, who refused to give a name, claimed to speak for a group of vigilante hackers who had penetrated the online accounts of Alp Services. As proof, the sender presented Nada with a copy of the threatening e-mail that he’d sent to the Alp in-box. His head was spinning: Was this a ruse by Alp itself? Then the contact showed Nada internal Alp e-mails directing operatives to write the online articles calling him an extremist. Nada could scarcely control his rage. “If I did not have a family, I think I would have gotten a gun and driven all the way to Geneva,” he told me.

The hackers sent him messages in an idiosyncratic English sprinkled with French and Italian cognates, and the style varied over time. Nada assumed that he was dealing with a group of Europeans. “The guys,” as Nada thought of them, sometimes sounded righteous, as if they were activists out to expose Brero’s wrongdoing, but their main motive was clear. “They asked me to pay them,” Nada told me. Had the hackers targeted Alp as part of some unrelated dispute and then discovered something that they thought they could sell? Or had they targeted a Geneva private detective on the hunch that he must hold valuable secrets?

Either way, they offered to sell Nada their Alp files—terabytes of stolen material, including e-mails, proposals and reports, photographs, invoices, and recorded phone calls—for thirty million dollars in crypto. He told the hackers that he was neither willing nor able to pay them for their information, but the messages kept coming. After about two weeks, the hackers made a different request: they wanted Nada to act as a messenger, relaying their sales pitch to a wealthier potential buyer. Thieves were pressing Nada to fence their stolen treasure. Yet the chance for revenge was hard to resist.

Nada, concerned that he might be accused of having abetted the hacking, reported it to the Swiss authorities within two days of the first contact. A Swiss intelligence agent, Antonio Covre, went to the hospital where Nada’s wife was giving birth and took photographs of the encrypted messages. Nada showed me e-mails that he’d sent to the local police about the hack. Nobody followed up. (A lawyer for Alp asserted, without seeing the stolen files, that some were “obviously forged.” But the lawyer declined to specify which files he doubted, and I was able to corroborate hundreds of private details contained in the leak.)

To draw Nada in, the hackers let him browse through the stolen cache, restricting him only from downloading any of it. “The guys” made no effort to curate the leak by highlighting some files or hiding others, as many hackers do. Nada, unsure what to do, pored over it all with a mixture of fury and fascination. He stopped sleeping again as he scrolled endlessly through the trove. “I was really swimming in darkness, seeing all these bad plans and this evil machine,” he told me. “When I was in the car alone, I would start screaming in anger.” He rolled his eyes at the way Alp pitched prospective customers. “We are mercenaries but we have our ethics,” Brero sometimes wrote. “We only work with clients with whom we share the same values.”

If so, Brero shared the values of a remarkable array of characters. The files revealed that he had done intelligence operations for many foreign governments, or for individuals close to them. The list included Kazakhstan, Montenegro, Congo, Nigeria, Gabon, Monaco, Angola, Uzbekistan, and Saudi Arabia. He appeared to have done work on behalf of the Hollywood filmmaker Bryan Singer, the director of “Bohemian Rhapsody,” who has been accused several times of sexual assault. (A lawyer for Singer, who has denied the assault allegations, said that Singer was not available for comment.) Other revelations: Brero had done investigations for the French fashion tycoon Bernard Arnault, for the Israeli mining baron Beny Steinmetz, and for a roster of billionaires from Eastern Europe, including Bulat Utemuratov, of Kazakhstan, and Oleg Deripaska, Dmitry Rybolovlev, and Vladimir Smirnov, of Russia. (A spokesperson for Arnault declined to comment, and the other clients could not be reached.)

Nada sometimes felt like a Peeping Tom. Photographs stored in backups of Brero’s phone appeared to offer glimpses of his private life: giving flowers to his daughter, doting on a grandchild. Brero, though, clearly had few qualms about invading other people’s privacy. In the stolen files, Nada told me, he saw backups of various iPhones and BlackBerry devices, suggesting that Brero had hired hackers himself. There was a surprising amount of confidential banking information, and someone using a Proton Mail address had corresponded with Alp about obtaining details of client accounts at UBS. (Former Alp employees told me that a contact at UBS had sometimes leaked such information to Brero, who courted the source with gifts and meals.)

Nada also saw evidence of honey traps: images of a woman posing in fancy rooms wearing lingerie, and internal correspondence about sending a sex worker to compromise a Swiss tax official. A former Alp employee who wasn’t aware of the hacked material told me that Brero, while working for the Swiss art dealer Yves Bouvier, paid a sex worker to entrap a Swiss tax official. (A spokesperson said that Bouvier had no knowledge of such a scheme.) Two former Alp employees each described at least one other occasion when Brero had used the tactic.

When Nada first learned of the hack, “the guys” played coy about who had hired Alp to attack him. They made Nada guess. He named competitors in the oil trade. Wrong, they said. The true client was Sheikh Mohammed bin Zayed, the ruler of the United Arab Emirates.

Sheikh Mohammed, often referred to by the initials M.B.Z., was arguably the richest person in the world, thanks to his control of vast sovereign wealth funds. He commanded the Arab world’s most effective military, and paid large sums to lobbyists, think tanks, and former government officials to maximize his influence in the West. And, since the Arab Spring uprisings of 2011, M.B.Z. had led a campaign across the Middle East to restore and fortify authoritarian order in the region. “M.B.Z.’s picture flashed before my eyes,” Nada told me. “An oil trader just wants you out of a territory. But this was someone with the resources of a state.” The threat felt existential. (I sent numerous questions to U.A.E. representatives in Washington and Abu Dhabi who declined to respond.)