Cybersecurity

How a Wikileaks dump alerted foreign hackers to U.S. tactics

By Lidiia Royalty-free stock vector ID: 1110770507 

An internal assessment at U.S. Cyber Command concluded that diplomatic cables published by Wikileaks probably revealed details that resulted in operational security changes by foreign, state-aligned hacking groups targeting the United States.

In 2010, Wikileaks began publishing hundreds of thousands of diplomatic cables between the State Department and 274 of its consulates, embassies and diplomatic missions stationed around the globe. The documents provided an unvarnished look at internal conversations between diplomats abroad and policymakers in Washington D.C.

The Situational Awareness Report -- obtained through a Freedom of Information Act request by the National Security Archives at George Washington University -- was drafted in early December 2010 by Fusion Cell, an intelligence arm of U.S. CyberCom just days after the cables began to leak. It determined that the release would likely provide foreign intelligence services and their hacking arms with "lessons learned" about how their activities were being tracked by the U.S. government.

"The release of the latest set of classified data will likely result in observable changes in [operational security] procedures, coordination and collaboration among Computer Network Operations organizations, Tactics, Techniques and Procedures and overall sophistication levels [redacted]" the report stated.

Though it is significantly redacted, the CyberCom report detailed how the National Security Agency and other agencies rushed to identify documents contained in the dump that "may disclose cyber operations equities" and urged other organizations to do the same. It provided a number of categories of information that were "likely exposed" by the leak, all of which are redacted in the version released to the public.

"The [redacted] cables clearly state that U.S. Government entities have knowledge of specific adversary [tactics, techniques and procedures], including malware, toolsets, IP addresses and domains used in intrusion activity," the report stated.

The document suggested that the release of the cables "led to a period in which the U.S. government was hindered in its ability to track the activities of at least one of the most sophisticated APTs operating on the geopolitical stage," wrote Michael Martelle, a research fellow at the National Security Archive's Cyber Vault Project.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • Workforce
    Avril Haines testifies SSCI Jan. 19, 2021

    Haines looks to restore IC workforce morale

    If confirmed, Avril Haines says that one of her top priorities as the Director of National Intelligence will be "institutional" issues, like renewing public trust in the intelligence community and improving workforce morale.

  • Defense
    laptop cloud concept (Andrey Suslov/Shutterstock.com)

    Telework, BYOD and DEOS

    Telework made the idea of bringing your own device a top priority as the Defense Information Systems Agency begins transitioning to a permanent version of the commercial virtual remote environment.

Stay Connected