FBI arrests social engineer who allegedly stole unpublished manuscripts from authors

The U.S. Department of Justice claims Filippo Bernardini leveraged knowledge gained by working at Simon & Schuster and other publishers to create fake identities and websites to steal intellectual property.

The shadow of hand unsettlingly hovers over a keyboard.
Dimitris66 / Getty Images

On January 5, 2022, the Department of Justice (DoJ) announced the FBI’s arrest of Italian citizen Filippo Bernardini at JFK International Airport in New York for wire fraud and aggravated identity theft. With the arrest of Bernardini, the DoJ unsealed a grand jury indictment dated July 14, 2021, of Bernardini that revealed a “multi-year scheme to impersonate individuals involved in the publishing industry in order to fraudulently obtain hundreds of prepublication manuscripts of novel and other forthcoming books.”

The indictment of Bernardini shares how over the course of the previous five years (August 2016 through July 2021) he created a personal ecosystem that served to dupe those within the publishing industry. The document shares how he defrauded or attempted to defraud hundreds of individuals and “obtained hundreds of unpublished manuscripts during the course of the scheme.”

Based on a review of Bernardini’s employment history, it appears that he launched his caper simultaneously with the launch of his career in the publishing world, following his receiving a master’s degree in publishing in 2016 from University College London.

Bernardini’s targeted surveillance aided intellectual property theft

A 29 year-old Italian polyglot, according to the NY Times, was an employee of Simon & Schuster until the firm suspended him from his position upon learning of his arrest. The company said in a statement they were shocked and horrified. Their statement continued, “The safekeeping of our authors’ intellectual property is of primary importance to Simon & Schuster, and for all in the publishing industry, and we are grateful to the FBI for investigating these incidents and bringing charges against the alleged perpetrator.“

A review of the period of 2016 to 2021 shows Bernardini to have bounced about with great frequency within the publishing industry, finally landing with Simon and Schuster in October 2019. To the untrained eye his flea-like bouncing from one entity to another, landing often as an intern, may strike one as an individual who is simply trying to find their place within the publishing industry and expand their network. A review of the various positions would easily check those two boxes.

  • Simon and Schuster, rights coordinator and rights assistant (2019 to present, 28 months)
  • Bloomsbury Publishing, royalties assistant (2019 for three months)
  • Hay House, foreign rights assistant (2018 to 2019 for six months)
  • Pole to Win Asia, localization and QA tester (2018, three months)
  • Mira Trenchard, literary scouting intern (2017, two months)
  • La Nave de Teseo, literary translator, Chinese to Italian (2017, five months)
  • Andrew Nurnberg Associates, foreign rights intern (2016, four months)
  • Granta Publications, editorial intern (2016, two months)

To the trained eye, working with the benefit of 20/20 hindsight and visibility into his activities via the indictment, his career path paints a much more nefarious picture. Simon & Schuster and the various entities which employed Bernardini from 2016 to 2021 were most likely clue-free how their intern/contractor/employee was going to school on how they operated to further his own cottage industry of manuscript theft.

Bernardini’s career path provided him direct, unencumbered access to key components used in his fraudulent efforts. He wasn’t trying to conduct surveillance of his target from outside in. He was inside and from the get-go apparently harvesting the many nuances of the various entities and individuals within the publishing industry. This allowed him, in the words of the DoJ, to create “fake email accounts that were designed to impersonate real people employed in the publishing industry, including literary talent agencies, publishing houses, literary scouts, and others.”

As an insider, who traversed through eight entities in five years, he would have the opportunity to learn:

  • The treasured authors in the stables of each
  • Contact information for authors, agents, and colleagues and competitors
  • How each individual and entity formatted their communications
  • Financial particulars
  • Publishing cadence and trajectories

No apparent collaboration among publishers to investigate scam

Credit the New York Times’ Elizabeth A. Harris and Nicole Perloth for sleuthing out Bernardini’s alleged skullduggery in late-2020 when they highlighted the phishing scams. They traced them back to 2017, which targeted the publishing industry in Sweden, Taiwan, Israel, Italy and the United States – all locales which, we now know, match the linguistic proficiency of the polyglot Bernardini.

Their efforts may have been sufficient inducement to get the authors and publishing houses to compare notes. Given Simon & Schuster’s surprise, it appears that there was little coordination or collaboration among publishers.

The DoJ, both in its statement and indictment, highlighted how Bernardini was able to create effective phishing emails and website watering holes through which he duped targeted individuals into sharing their intellectual property or to provide login information that would allow him to illegally gain such.

It was as if, during his period of master’s study at the University College London to study publishing, he also studied the modus operandi of the infamous couple Michael Haephrati and Ruth Brier-Haephrati, who from 2003 to 2005 created their own intellectual property theft cottage industry. The couple operated out of London and targeted entities in Israel, investing in target surveillance and then selling their illicit services to companies interested in the competitive intelligence they acquired. (See Chapter 1, Secrets Stolen, Fortunes Lost, Syngress 2008, Burgess/Power).

CISO takeaway on alleged Bernardini intellectual property theft

CISOs within the organizations that had a professional relationship with Bernardini should engage in an immediate damage assessment. Bernardini created 160 separate internet domains that he used to spoof real entities. These domains then provided him the means to create phishing emails from an apparently known email address, but which upon closer inspection showed “rn” for “m” and other combinations to trick the eye.

Authors, like many independent small businesspersons and independent contracts, are among the most vulnerable to these types of efforts as they as they lack infosec infrastructure. All entities, regardless of industrial sector, should review the Bernardini modus operandi and discuss the nuances of his multi-year success with both information security teams and anti-phishing vendors to ensure that the resident solution would not be vulnerable to the methodologies.

Those entities charged with the protection of intellectual property of a third party, such as is the case in the publishing world, should reach deep within the deal-flow and ensure that the protection provided to the more robust publishers, extend deep to the individual author in the form of education and provision of secure means to transfer the artistic works.

What’s next for Bernardini?

“Filippo Bernardini allegedly impersonated publishing industry individuals in order to have authors, including a Pulitzer Prize winner, send him prepublication manuscripts for his own benefit. This real-life storyline now reads as a cautionary tale, with the plot twist of Bernardini facing federal criminal charges for his misdeeds,” said U.S. Attorney Damian Williams.  

At his arraignment on January 6, 2021, Bernardini represented by a Federal Defender attorney, pleaded not guilty, his bond of $300,000 secured by his father who designated a London apartment as collateral. Bernardini was ordered to surrender his passport, was released on his personal recognizance, and ordered to remain in New York City with a GPS monitoring device attached to his person.

Copyright © 2022 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)