US IT experts and military have been defending Ukraine’s cyber infrastructure since last year. According to insiders, the secret mission is partly responsible for the fact that the Ukrainian internet is still largely standing.
In October and November last year, a major operation was launched: US soldiers and employees of tech companies were given the mission to search for hidden malware in Ukraine. Sources familiar with the details say to the Financial Times that there was clearly urgency behind the mission: it already seemed at that time that war was inevitable.
Russia probably planned a large-scale cyber attack that had to run simultaneously with the physical invasion of Ukraine. According to some experts, it could still be there. But due to the large-scale US mission to strengthen Ukraine’s cyber defense, it may well be that such an attack would not be as effective as Russia hoped.
Multiple foiled cyber attacks could have affected Ukrainian citizens, the newspaper’s sources say. For example, the US team discovered a piece of malware at the Ukrainian Railways that could have shut down the entire network.
More than a million people used the railways to escape from the conflict zone. Had the malware not been discovered, it could have been ‘catastrophic’ according to a Ukrainian source.
Other new malware, which was not detected in time, disabled computers on the border with Romania last week. That happened while thousands of refugees tried to flee the country, which greatly complicated the process.
Shortly after the war began, the networks of the Ukrainian National Police and other government agencies were also attacked. This was done through distributed denial-of-service attacks (DDoS), in which a network is shut down by a large amount of traffic.
That attack was quickly resolved by the American company Fortinet, which sells software specifically designed to counter DDoS attacks.
According to insiders, the risk of a major Russian cyber attack still exists. A European official told The Financial Times that Russia has probably not yet deployed its best hackers. Perhaps that was not done yet because it would have underestimated the Ukrainians.
A concrete indication of this is the fact that Russian commanders sometimes simply communicate via Ukrainian mobile phone networks and sometimes even simply use their own mobile phones. “There is nothing sophisticated about it. It’s rather puzzling.”