How a Wikileaks dump alerted foreign hackers to U.S. tactics

By Lidiia Royalty-free stock vector ID: 1110770507 

An internal assessment at U.S. Cyber Command concluded that diplomatic cables published by Wikileaks probably revealed details that resulted in operational security changes by foreign, state-aligned hacking groups targeting the United States.

In 2010, Wikileaks began publishing hundreds of thousands of diplomatic cables between the State Department and 274 of its consulates, embassies and diplomatic missions stationed around the globe. The documents provided an unvarnished look at internal conversations between diplomats abroad and policymakers in Washington D.C.

The Situational Awareness Report -- obtained through a Freedom of Information Act request by the National Security Archives at George Washington University -- was drafted in early December 2010 by Fusion Cell, an intelligence arm of U.S. CyberCom just days after the cables began to leak. It determined that the release would likely provide foreign intelligence services and their hacking arms with "lessons learned" about how their activities were being tracked by the U.S. government.

"The release of the latest set of classified data will likely result in observable changes in [operational security] procedures, coordination and collaboration among Computer Network Operations organizations, Tactics, Techniques and Procedures and overall sophistication levels [redacted]" the report stated.

Though it is significantly redacted, the CyberCom report detailed how the National Security Agency and other agencies rushed to identify documents contained in the dump that "may disclose cyber operations equities" and urged other organizations to do the same. It provided a number of categories of information that were "likely exposed" by the leak, all of which are redacted in the version released to the public.

"The [redacted] cables clearly state that U.S. Government entities have knowledge of specific adversary [tactics, techniques and procedures], including malware, toolsets, IP addresses and domains used in intrusion activity," the report stated.

The document suggested that the release of the cables "led to a period in which the U.S. government was hindered in its ability to track the activities of at least one of the most sophisticated APTs operating on the geopolitical stage," wrote Michael Martelle, a research fellow at the National Security Archive's Cyber Vault Project.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.


  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

Stay Connected