How a Wikileaks dump alerted foreign hackers to U.S. tactics

By Lidiia Royalty-free stock vector ID: 1110770507 

An internal assessment at U.S. Cyber Command concluded that diplomatic cables published by Wikileaks probably revealed details that resulted in operational security changes by foreign, state-aligned hacking groups targeting the United States.

In 2010, Wikileaks began publishing hundreds of thousands of diplomatic cables between the State Department and 274 of its consulates, embassies and diplomatic missions stationed around the globe. The documents provided an unvarnished look at internal conversations between diplomats abroad and policymakers in Washington D.C.

The Situational Awareness Report -- obtained through a Freedom of Information Act request by the National Security Archives at George Washington University -- was drafted in early December 2010 by Fusion Cell, an intelligence arm of U.S. CyberCom just days after the cables began to leak. It determined that the release would likely provide foreign intelligence services and their hacking arms with "lessons learned" about how their activities were being tracked by the U.S. government.

"The release of the latest set of classified data will likely result in observable changes in [operational security] procedures, coordination and collaboration among Computer Network Operations organizations, Tactics, Techniques and Procedures and overall sophistication levels [redacted]" the report stated.

Though it is significantly redacted, the CyberCom report detailed how the National Security Agency and other agencies rushed to identify documents contained in the dump that "may disclose cyber operations equities" and urged other organizations to do the same. It provided a number of categories of information that were "likely exposed" by the leak, all of which are redacted in the version released to the public.

"The [redacted] cables clearly state that U.S. Government entities have knowledge of specific adversary [tactics, techniques and procedures], including malware, toolsets, IP addresses and domains used in intrusion activity," the report stated.

The document suggested that the release of the cables "led to a period in which the U.S. government was hindered in its ability to track the activities of at least one of the most sophisticated APTs operating on the geopolitical stage," wrote Michael Martelle, a research fellow at the National Security Archive's Cyber Vault Project.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • innovation (Sergey Nivens/

    VA embraces procurement challenges at scale

    Steve Kelman applauds the Department of Veterans Affairs' ambitious attempt to move beyond one-off prize-based contests to combat veteran suicides more effectively.

  • big data AI health data

    Where did the ideas for shutdowns and social distancing come from?

    Steve Kelman offers another story about hero civil servants (and a good president).

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.