A mystery figure seized control of the email account at the centre of the Yes Scotland hacking row and taunted the organisation's board members.
The Sunday Herald can reveal the hacker got into a personal account used for Yes business and emailed senior political figures including Deputy First Minister Nicola Sturgeon.
The person warned: "This is yet another exposé of the poor security and user practices in place by individuals associated with Yes Scotland."
The hacker may be linked to an individual who repeatedly emailed Yes about an earlier alleged breach of the pro-independence campaign group's security.
In August, Yes chief executive Blair Jenkins contacted Police Scotland after believing that a personal email account belonging to a senior staff member had been illegally accessed.
Jenkins believed that an email showing that Yes had controversially paid academic Elliot Bulmer to write a newspaper article had been accessed from the BT Yahoo account.
His suspicions had initially been raised after newspapers contacted Yes about the Bulmer fee.
It is understood BT provided evidence that the email account may have been accessed from Ireland.
However, critics believed the police complaint was an attempt by Yes to take attention away from the Bulmer row.
The Sunday Herald can now provide the clearest evidence yet that the personal email used by the Yes employee has been illegally accessed.
On August 20, daily newspapers reported that Yes had called in the police about the alleged unauthorised access of the email account.
On the same day, an anonymous emailer contacted Jenkins about the hacking row.
The individual wrote: "If you want to rein in the officials and in return be granted a full disclosure of my 'intrusion' then I shall be more than happy to comply. In addition you can be assured that there will be no publication of documents."
The person added: "Let me know if there's a compromise to be reached."
This was the first of several emails to Jenkins over the next 24 hours.
The emailer, who was now claiming to be a supporter of independence, wrote: "My offer to disclose all remains, thereby ensuring you have full comfort and control of all the facts."
"My find was purely by accident, however I will have absolutely no hesitation in releasing this in full.
"There is sufficient public interest for disclosure and that in itself would work to my advantage."
A threat was then made to contact Scotland's charity watchdog about the Constitutional Commission, which at that point had Bulmer as its research director, unless Yes responded to the emails.
The emailer also noted: "I shall have no option but to make enquiries as to the likelihood of obtaining support for my disclosures to those with an interest in becoming aware of the underhand tactics endorsed by Yes Scotland."
Matters escalated when, on August 21, members of the Yes advisory board received an email from the personal account at the centre of the Bulmer row.
Although it was sent from the account of the senior Yes staffer, it was actually from someone who had got into the employee's email.
It said: "As previously discussed, this is not a hack. This is yet another exposé of the poor security and user practices in place by individuals associated with Yes Scotland."
"Please do ensure that the advisory board is aware of all the communications to date, where I have sought to reassure."
The hacker said the intervention was "not politically motivated", adding: "Do ensure all are aware that I've approached Blair many times within the past 24 hours, but no response … "
"Best wishes and of course no harm intended to the campaign."
The hacker concluded by making clear he or she was not the senior Yes staffer.
Board members include Sturgeon, Scottish Socialist Party co-convener Colin Fox, Green MSP Patrick Harvie and Gleneagles chef Andrew Fairlie.
Yes has passed these emails to the police, while the personal email account has been closed.
The row was aggravated recently after Police Scotland claimed that "no criminality linked to a 'Yes Scotland' email account has been established".
After Yes complained, the police force put out a revised statement: "Police Scotland has investigated a complaint regarding unauthorised access to a private email account where communications with Yes Scotland were illegally accessed.
"Inquiries to date have revealed no indication the access of this material was the primary motive of the culprit.
"Yes Scotland has assisted Police Scotland at every stage of the inquiry, which continues in relation to the offence committed against the private individual."
A Yes Scotland spokesperson said: "The police investigation is and always has been into the illegal hacking of email from the personal account of a senior Yes Scotland team member, an account used for Yes business.
"Given that this investigation is ongoing, it would be inappropriate for us to comment further."
A Police Scotland spokesperson said its initial statement was deemed "too general" and resulted in a clarification.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereComments are closed on this article