At the beginning of 2015, the German Bundestag was offline for days.
Hackers stole thousands of MPs' emails and documents, and the entire IT infrastructure was paralyzed.
The office of Chancellor Angela Merkel was not spared either.
Five years later the Federal Criminal Police Office (BKA) has a lead.
An arrest warrant against an agent of the Russian military secret service has been available since May.
From phishing emails in the workplace to major infrastructure attacks - the BKA has been training its own cybercriminals since 2018 in order to better investigate attacks on the Internet.
One of them is Robin Brandt, who actually has a different name.
The 27-year-old is in his second year of training, and he and his seven colleagues have been preparing for service at the BKA since April.
Cybercriminals are supposed to uncover frauds on the internet, follow the digital traces of criminals and investigate organized crime and terrorism.
The authority is looking for computer scientists, physics and mathematics graduates, fresh from university or with professional experience, for their new training course.
Because anyone who wants to join the BKA as a cyber criminal should have previous knowledge: be able to program a little, for example, or be familiar with encryption techniques and the analysis and defense against network attacks.
Thorsten Reil, Deputy Head of the Criminal Police Department at the Federal University of Public Administration, puts it in a police-correct manner: "In the fight against cybercrime, special expertise and specialist knowledge is central to the success of the investigation."
Anyone who has already gained professional experience and initially worked in the private sector after graduating has a good chance at the BKA.
Interested parties can apply up to the age of 43.
Investigators work together internationally
Since the mid-1990s, the BKA has been focusing on the subject of cyber crimes for the training of its detectives.
Up until two years ago, however, there were only a few special training courses for employees.
If IT expertise was lacking in investigations, the agency hired external specialists.
In 2013, the BKA founded a cybercrime group within the Serious and Organized Crime Department.
Over the years, the unit has added more and more tasks, so since April 2020 there has been a separate department for cybercrime.
Because the Internet knows no borders, the officials work particularly closely with international authorities.
In November 2016, for example, the BKA investigated a major hacker attack on the Telekom network.
Some time later, the British National Crime Agency arrested the perpetrator in London - they had worked closely with the BKA.
The perpetrator admitted to attacking several Telekom routers.
Thereafter, more than a million customers were temporarily unable to use their Internet connection.
The budding cybercriminalist Brandt studied computer science like most of his colleagues.
Even during his studies it became clear to him that he did not want to do a classic IT job.
Tinkering with programs for hours or advising companies on digitization: "I quickly realized that this was not for me at all."
With his degree in his pocket, he looked for alternatives and came across a position at the Lower Saxony state police.
Brandt worked for the police as an IT specialist for two years and supported the investigation; he liked the job.
"I immediately found working for the police very exciting." When he heard about the new training at the BKA, he immediately applied.
The apprenticeship classes start in April and October.
The authority does not reveal how many young people apply for the cybercrime unit each year.
Department head Reil says only this much: The number of applicants is increasing.
So far there are hardly any women among the trainees.
There is no woman in Brandt's year, and there was only one budding cybercriminalist in the first year.
This is mainly due to the fact that there are still significantly fewer female computer scientists.
Cybercriminals don't just work in front of the screen
Applicants can expect a three-day admissions process.
A first psychological test examines the ability to think and concentrate, a second examines previous IT knowledge in the areas of network technology, scripting, programming, encryption, databases and data analysis.
On the following days, applicants take a sports test, they have to see a doctor for a health check, and there are individual and group interviews.
“The personal conversation should not be underestimated,” says Brandt, looking back.
He advises applicants to prepare well and to know exactly what the agency is doing.
In the first few months of the new training, the candidates then learn everything that classic detectives need to know and be able to do: for example, law, forensics and service customers are on the schedule, as well as shooting training.
Because even if, as cybercriminals, they later sit in front of the computer most of the time, they still have to do house searches or arrest suspects every now and then.
After the theory, it goes into practice: At the BKA locations in Wiesbaden, Meckenheim or Berlin, the junior police officers gain two internships for a total of around ten months of work experience.
He doesn't yet know where Brandt is going for his practice stations.
“There are too many interesting areas of work in the Federal Criminal Police Office,” says the 27-year-old.
He finds state security, i.e. the fight against extremism and terrorism, particularly exciting.
The starting salary after the two-year training is currently 3232.31 euros gross.
Brandt and his colleagues are then officials in the high-level criminal service.
A cyber criminal, he says, has to stand clearly behind the work of the BKA, enjoy working in a large agency and be able to work in a team.
"After all, we should later build the bridge between IT experts and the investigators." Brandt already practiced this during his time with the state police.
Now he wants to hunt down criminals himself.
"I was totally enthusiastic about the investigative work from the start."