Anti-war activist Grigory Sverdlin says hackers have paralyzed Russia’s military draft database for several months
On December 11, anti-war activist Grigory Sverdlin reported on Telegram that an anonymous hacking group had breached the systems of Mikord, one of the key developers behind Russia’s military draft database. Sverdlin explained that the hackers had contacted his organization, Get Lost, claiming responsibility for the attack and handing over a trove of data. “They were in the system for several months and gave us a huge amount of materials from the register,” he said. “We turned all the documents over to journalists at iStories. A major investigation will come out soon. After that, the documents will be made publicly available.” Sverdlin also claimed that the hackers had caused enough damage to disrupt the functioning of Russia’s digital draft system. “For several more months, this behemoth (with 30 million records!) won’t be able to send people off to kill and die,” he claimed. To learn more about the hack and what it could mean for Russian draftees and draft dodgers, Meduza spoke with Grigory Sverdlin of Get Lost. Here is what he told Meduza.
Known as the Unified Military Register, Russia’s digital draft system collects data on citizens from various government databases. The Defense Ministry, which operates the register and uses it to issue summonses, can then exchange this information with other agencies, including the Federal Security Service (FSB), the Federal Tax Service, and the Interior Ministry.
Once the Defense Ministry issues a draft notice, which happens either electronically or by registered mail, the recipient is obliged to report to a military enlistment office. When a summons is considered delivered, recipients are automatically barred from leaving the country until they do. Draft dodgers can also be subjected to additional restrictions, such as losing the legal right to drive a car, register real estate, or take out loans.
That’s how the system is supposed to work, at least. But according to Sverdlin, Russia’s Unified Military Register won’t be operational “for at least several months” due to a cyberattack on one of its key developers, a company called Mikord.
Grigory Sverdlin
In an interview with Meduza, Sverdlin declined to comment on why the hackers contacted Get Lost, the organization he founded in 2022 to help Russians evade military service during the war against Ukraine. “These are Russian hackers. They are people with anti-war leanings,” he said.
Sverdlin said his claims about the damage to Mikord’s systems were based on assessments by Get Lost’s IT specialists. “This is serious damage, and the register’s developers will need at least several months to recover both the documentation and the pieces of source code. The hackers erased everything the developer had,” he maintained. “There were backups, but now they’ve been destroyed. That’s why we say that the recovery will take a long time.”
Meduza is the world’s largest independent Russian news outlet. Every day, we bring you essential coverage from Russia and beyond. Our independence lets us tell the stories others can’t and help you make sense of one of the world’s most enigmatic regions. Explore our reporting here and follow us wherever you get your news.
Promising that a forthcoming iStories investigation would provide further details, Sverdlin claimed that the poor quality of the register’s digital infrastructure “made it easy to hack.” The entire system was down until the evening of December 10, and its website had not been working for five days at the time of the interview. “They’ve already recovered the register itself. It’s currently functioning as a basic database,” Sverdlin told Meduza. “The automatic bans on leaving the country, obtaining bank loans, and driver’s licenses are not working,” he added, noting that these restrictions can still be imposed on draftees manually.
Sverdlin believes that the cyberattack will significantly delay the full rollout of the Unified Military Register, which was being developed in accordance with a law passed in April 2023. At the time of the hack, he said, the database included more than 30 million records, each with around 100 data fields. Asked if the database could still facilitate another wave of mobilization, Sverdlin declined to go into detail. “[You’ll] have to wait for the iStories investigation,” he told Meduza. “I can only say that the functionality needed for that won’t be working in the near future.”
Sverdlin noted that Get Lost has seen a sharp increase in requests for help since the digital draft system launched in July, surpassing 100 per day. “This was mainly in connection with people’s anxiety over the launch of the register,” he explained. “In July and August, they started receiving notices that their data had been added to the register, and then the electronic summonses arrived.”
While Sverdlin did not say when iStories plans to publish its investigation, he promised that the “huge” trove of data from Mikord would eventually be made public, including information about companies and individuals involved in developing the Unified Military Register. “We know all the people who made money on this and continue to make even more money on government contracts,” he told Meduza. “This information will be made publicly available so anyone who wants to can dig into it too — because there’s plenty to dig into.”