Russia failed to take down Ukrainian computer systems with a massive cyber-attack when it invaded this year, despite many analysts’ predictions. The work of a little-known arm of the US military which hunts for adversaries online may be one reason. The BBC was given exclusive access to the cyber-operators involved in these global missions.
In early December last year, a small US military team led by a young major arrived in Ukraine on a reconnaissance trip ahead of a larger deployment. But the major quickly reported that she needed to stay.
“Within a week we had the whole team there ready to go hunting,” one of the team recalls.
They had come to detect Russians online and their Ukrainian partners made it clear they needed to start work straight away.
“She looked at the situation and told me the team wouldn’t leave,” Maj Gen William J Hartman, who heads the US Cyber National Mission Force, told the BBC.
“We almost immediately got the feedback that ‘it’s different in Ukraine right now’. We didn’t redeploy the team, we reinforced the team.”
Since 2014, Ukraine has witnessed some of the world’s most significant cyber-attacks, including the first in which a power station was switched off remotely in the dead of winter.
By late last year, Western intelligence officials were watching Russian military preparations and growing increasingly concerned that a new blizzard of cyber-attacks would accompany an invasion, crippling communications, power, banking and government services, to pave the way for the seizure of power.
The US military Cyber Command wanted to discover whether Russian hackers had already infiltrated Ukrainian systems, hiding deep inside. Within two weeks, their mission became one of its largest deployments with around 40 personnel from across US armed services.
In January they had a front-row seat as Russia began paving the way in cyberspace for a coming invasion in which Ukraine’s cyber-defences would be put to an unprecedented test.