Publishers around the world depend on a best seller like this, and an online leak of the manuscript could derail its release.īut the book’s publication came and went without a hitch. The thief didn’t yet have the password, as far as they knew, but was clearly determined to get it. When an employee tried calling, it went straight to a recording: “Thank you for calling IBM.” It was registered to an address in Amsterdam and a Dutch phone number. What other malicious tricks were lurking inside? The IT department at Marsilio Editori began investigating and found that the fraudulent domain had been created the day before through GoDaddy. Finally, they realized the email address wasn’t hers at all: The domain had been changed from to deleted the emails. The subject line also misspelled the name of her company. Only now did Varotto notice that the signature listed her old job title she had been promoted two months earlier.
Then, with Varotto still on the line, Mörk got yet another email asking for the password. The emails looked like ones Varotto would send: The text used the same font, and the signature at the end was styled just like hers. With Varotto on the phone, the two Norstedts employees scrolled through the messages. She hadn’t sent any emails to Norstedts all day.
Altrov Berg explained what was happening. “Why are you sending me this?” Varotto asked.
“Could you please give me the Hushmail code?” Altrov Berg dashed off a separate message to Varotto, asking if everything was okay.
Varotto said that her password was “disabled/expired.” Could Hedlund send a new one?īack at Norstedts, Mörk also received an email from Varotto. Hedlund sent her friend the link to the manuscript.
Plus everyone was scrambling: The book was set for release in 27 countries simultaneously, and the translators had to get started. It was strange that Varotto had lost something so valuable, but she and Hedlund were old friends, and the email struck a familiar tone. Minutes later, and a few blocks away from Norstedts headquarters in Stockholm, Magdalena Hedlund, the agent representing the book, received a similar email from Varotto. Could you please re-send me the link to the manuscript of The Man Who Chased His Shadow? The unusual email came from Francesca Varotto, the book’s Italian-edition editor, and arrived shortly after Norstedts sent out the manuscript: Norstedts decided to try sharing the new “Millennium” book via Hushmail, an encrypted-email service, with passwords delivered separately by phone. The translators working on one of Dan Brown’s follow-ups to The Da Vinci Code, for instance, were required to work in a basement with security guards clocking trips to the bathroom. Mörk and Altrov Berg, who handle foreign rights at Norstedts, consulted with other publishers of blockbuster books. With the new title, Norstedts wanted to streamline the process - Lisbeth Salander’s publisher, they figured, should be able to protect itself from hackers and thieves. Lagercrantz wrote his first “Millennium” book on a computer with no connection to the internet and delivered the manuscript on paper, at which point Norstedts mailed a single copy to each of the book’s international publishers.
Norstedts was guarding the series closely. David Lagercrantz, another Swedish writer, had taken over the series after Larsson’s death, and his latest - The Man Who Chased His Shadow - was expected to be one of the publishing events of the year. The books, which follow hacker detective Lisbeth Salander, have sold more than 100 million copies. A colleague in Venice was asking for a top-secret document: the unpublished manuscript of the forth-coming fifth book in Stieg Larsson’s “Millennium” series. On the morning of March 1, 2017, Catherine Mörk and Linda Altrov Berg were in the offices of Norstedts, a book publisher in Sweden, when they received an unusual email. Attorney’s Office for the Southern District of New York announced that it had arrested Filippo Bernardini, a 29-year old Italian man, for allegedly conducting the scheme outlined in this story. Update: This article was published on August 17, 2021.