author photo
By Bruce Sussman
Tue | Mar 10, 2020 | 1:03 PM PDT

What did America's cyber adversaries gain when U.S. Department of State communications were leaked online in 2010?

New documents reveal part of the WikiLeaks impact was this: Attackers appear to have gained a period of heightened advantage over the U.S. and perhaps other organizations.

This came to light through a new document obtained by the National Security Archive through a Freedom of Information Act request.

Here is a description of the recently revealed NSA Situational Awareness Report:

The assessment predicted that adversaries would, as a result, be able to more effectively shift their TTPs (tactics, techniques, and procedures) to evade detection by U.S. agencies.

The analysis specifically mentions that the leak revealed U.S. awareness of "specific adversary TTPs, including malware, toolsets, IP addresses, and domains used in intrusion activity." These TTPs form the bulk of what digital forensic investigators rely on to identify, track, and attribute advanced persistent threats (APTs) conducting offensive cyber operations.

While defenders may at critical moments find it advantageous to intentionally reveal their knowledge of an attacker's TTPs, forcing the adversary to "burn" the tools and infrastructure which have become part of their identifiable signature, unplanned release of the intelligence used by a defender while building knowledge on a threat plays to the attacker's advantage.

In this case the USCYBERCOM analysis states that actors "are expected to modify their current infrastructure and intrusion techniques," hampering the ability of U.S. agencies to track attacker activity until new intelligence on threat signatures can be developed. The WikiLeaks release in practice appears to have granted attackers a period of heightened advantage over the U.S.

Related interviews: nation-state cyber threats

The WikiLeaks leak and the continued analysis of its fallout point to what is on the line as the difference between cyber war and traditional war fades.

Which nation-state threat actors are probably continuing to pop champagne corks over the WikiLeaks posts?

On the list, we're sure, are the top nation-state threats to the U.S.

Listen to our interview with CNN Military Analyst Col. Cedric Leighton (USAF, Ret.) for more on China, North Korea, Iran, and Russia:

Comments