Vulnerabilities: A Biography

of Alisa “Esage” Shevchenko

Chapter 1, Part One

“Full time hot chocolate aficionado. Part time security threat. Don’t believe everything they say.” — Alisa Shevchenko

When I first contact Alisa Shevchenko it will via encrypted email. I’ve seen an article on her in The Guardian Online and am intrigued, not just by the stunning and obviously iconic picture of her wearing a red shawl, staring intensely over dark glasses pulled down just below the bridge of her nose; though I have to admit, the picture peaked my interest. Rather, Alisa somehow perfectly fits the narrative of a generation, and a subculture. From her fashion sense, to her mercurial personality; from her often baffling and cryptic writings to her rebelliousness and complex distrust of authority and technology, Alisa seems to sum up the wonder and confusions of the new, informed digital age. A representative of steadily growing communities who no-longer passively engage with the internet, but are empowered to take the code for themselves, to act as they see fit. A focal-point for all the instruments of authority who see this new culture as a threat to their collective internet identities, and to the very nature of their power, as channelled through the online landscape.

When I first decided to contact to her, Alisa had just been included in a US sanctions list. Or rather, her company, ZorSecurity, had, along with a number of Russian intelligence agencies and a few career criminals. The inclusion was unexpected and drew some initial attention. Forbes covered the story first, though rather dryly, and the amount of attention generated would be best described as modestly significant. It was only when the Guardian placed her on the front page next to the devastatingly culturally aware picture I described previously, that the story really began to capture the public imagination. The Guardian article bore the title: Young Russian denies she aided election hackers: ‘I never work with douchebags’ and the article opened as follows:

“Alisa Shevchenko is a talented young Russian hacker, known for working with companies to find vulnerabilities in their systems. She spends her winters in Asia, meditating and training in Thai kickboxing.

She is also, the White House claims, guilty of helping Vladimir Putin interfere in the US election.”

I now believe this story to have deeply underestimated the reach and importance of someone I now understand is woman of considerable influence, skill and knowledge. A person whose newest tweet reads almost like an internet-age call to arms, and is either a coded call to a group of online activists, likely within the malware or ‘hacker’ communities, or at least an affectation of such.

I will not go into the likely meaning of this tweet, partly because I do not fully undertand it yet. Instead I will track back, to note that after I’d finished reading the ‘douchebags’ article in The Guardian, I began to look over Alisa’s website, as well as a few of her security related articles. They were interesting in and of themselves; all were at least five years old, some ten or more, and seemed to paint a picture of a demure, professional women within an established industry. Very different to the image she presents currently. Many of the articles I found within barely concealed sections of her site, which I found by running the Linux command wget -r follow by the name of her website, which recursively lists all public files and folders within a given web domain.

But I found something even more interesting when, after browsing through these, I returned to her website and clicked through links titled, interestingly enough: proof of identity, which linked to her Twitter (www.twitter.com/badd1e) and her Instagram (https://www.instagram.com/alisaesage/). Indeed, the content there was by turns fascinating, bizarre, saddening, confusing and largely outright strange. But the one thing it did brilliantly was to interest you in not just Alisa the hacker, or Alisa the newly created media starlet, but with an Alisa who is vulnerable, complex and deeply human…

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.