UNITED STATES STRATEGIC COMEAND United $tate Cyber Gammand Fusion Gall SAR 201 - Situational Awamness Remy 2916-SA-5025 WIkiLeaks Release 9f Classified Dewmants from a Department of State Database U Date 02 December 2010- 0 Table af Contents U Summary 2 UIIFGHQ Impact to Cyber Operations 2 UM-1999 Named Area of Interests MAI Adversary TTPs 3 LLS Government and Persanne 3 U Mitigaticn 4 UIIFQUQ Renaming of lntrusian Sets 4 UM-1989 Short term mitigatien strategiesti U Conclusien 5 U Additional lnfarmatien 5 U References 6 U Contact Infoma on 6 Page 1 Mp1 ugly 27 3 1234 U Summary WE om See me I Sec I W 59 1 4 a I WikiLeaks says the material will be posted in stagee' overthe next few months Diplomatic Security cables referencing him 59 Jere among the leaks-documents and have already been referenced by a US media organization SJINF During 201 ii WikiLeaks has already uploaded hundreds of thousands of classi ed documents known as thellbim 36 W33 1 in the recent months 10 3 58 Mia actors have shown increasing interest in obtaining sensitive documents posted on the WikiLeaks website In duty 2010 alibi Sec Mia Msited the WikiLeaks page and downloaded classi ed Department of Defense and Coalition documents and data associated with Gperation Enduring Freedom DEF and Operation Iraqi Freedom OIFL 0n 9 Qotober Sec Mia ogged into a compromised U S hop point and performed reconnaissance on the WlkiLeaks website IE 8 W The release of the latest set of elassi ed data will likely resuit in observable changes in OPSEC prooedores coordination and collaboration among Computer Network Dperations ONO organizations Tactics Techniques and Prooedores TTPs and overall sophistication levelslibximec We iuscc expects ibih ecidta eec 1 4 a 3 5113 Although the direct implications will be resident 3W USCG expeote that other Foreign lnteliigenoe Services F l8 active in CNO against the US will use this information to tailor their 53 Mia I m 59 as lessons learned UIIFQHQ impact to Cyber Operations W Go 16 November 2019 the provided an initial assessment of the- _believed to have been compromised from melon W Se hose documents have been in MkiLeak s possession Sec 1 4 a 39 We who SIPRNET version of diatom spasm-SQ has been temporarily suspended by State but the site at-is soosesible to everyone and should be used to identify equities speci c to or organization USCG NSA and components have 5% W3 database in an effort to identity documents that may disclose oyber operations equities The following sections summarize various categories of information relating to cyber operations that are likely to be exposed via WikiLeaks Pages Named Area of Interests SAME A number of cahlee were identi ed as having disclosed U S mgevemment s insight Sec 1 4 a SW5 At this time there is rte indication that infomatien an the U5 Govemment siblii 5601 4 010 1 Sec 1 4 3 U1925999 Adversety W The-cables clearly etete that US Gnvernrhent entitiee have knowledge at speci c adversary TTPs including malware tnelsete lP addressee and domaine used in intrueien activity One at the decumente else highLighted Deb s hnewled and tracking at advereeiy s use o bim 38 date In Particular the reports identifylibllil Sec 1 4 a I Ite ehnolngies The collected data also identi es x i Sec 1 4 3 I those systems The adversary TTPs and indicatore that were disclosed a b 1 Sec 1 4 a Ito meniter detect and mutate threats W expected to modify their sweet infrastructure and intrusion techniques Based on edeereery changesJibim Smith I 103 590 W3 1 Public discleeure of this infermatian may lmpeeiilblm 339 1 4 3 lei near and long term threete an 0 8 Government Entities and Personnel SWF Included in th- cables are detailed reports on the reeulte nf audits conducted at hm Sec 1 lgca ans mu See 1 4 a SWF Thelibili cablee included names contact infermation and jet Sec We i Sec 14 3 I 0210 See 1 4 a The IRTF also repent-ad that a signi cant number of reports originated fro 51 1 Sec i- ilai F8933 Sec 1 4 a W The impiicetiaee of 3 HS becoming aware of us Government and Deb involvementin cyber related and equitiee ielibiili Sec Mia I 033 39 The individuals referenced in the DOD eebieqlbl i Sec Mia I Sec 1 4 a I U Mitigation ll #999 Renaming ef trimeiori Sets W Ae eeneequence ef the pcseible eompremiee oi them Sec 1 4 3 hm Sec 1 4 jA permanent Inter-agency werking group will be established in manage intrueien eet names and indicator sets This e eri will result in improved eneiyeie end reperting across Team Cyber UM Shert term mitigation strategies WP Th3 spillage may result bill Seclqa hm See1 4 a Sec 1 4 a I Compenente eheuld consider the following mitigation ectiene These may be implemented tempererily ereund the release 01 this infenna iien er if feasible ieii permanently as Ensure eemplience with standing requirements fer email security epeci callyl bm Sec 1 4 a I 1 4 a I a Ensure cemplience with all emeii security guidance and requirements in Security Technique lmplemenietiee Guidee STle aridIlbilii 38 144 3 I I b 1 Sec 1 4 a I 0 Based on miseien Garrett-aims and Command riskioiereneeIeMUSec1 4 a hm Sec 14 3 him See me by experienced security-eenecieue edmieietreter Pages If an imr'nm 531 1331 3 3 Wit i a sheuld deny assess Sec 1-45 Sec 14 6 9 E-mail system admi istratcrs and Gamputar Network Defense Service Praviders should raview all email lags for suspicious email message characteristim This includes W11 Sec El 1 hm Sec 1 4 2 a Dot Compsnents shauld reinferce standard Awareness Training issues such as I Do net open attachments or click an links in emails from unknown senders a Cansider at I level Of It is always advisable Sec Mt 5931'4 5 an an attachment or URL link I Users mu$t be as vigilant when using persenal email acceunts tram heme as they are when using af cial email accaunts LI Genclusion SW5 The even-all impact t0 the Dot cyber 539' 4 81 babies are expected ta reveal 3103 $861 4 a I Sec 144 3 Sec 1 4021 1 It i8 imperative that all DOD and IQ arganizations remain vigilant to changes network traf c anomalies at an uctuations in malicious activity relativa ta status qua activity as this new trafarma on is released and circulated in the public domain All arganizatiang must be observant to patential efforts of our adversaries to leverage this naw infannatian against in efforts to further their cybe in i atweslwm Sec 1 U Additional lnt armatim ill W Fer mare information santact thallbim Sec 12 9 -directly and refarence this SAR Additional mutational awareness reports can be found 39 We Page 5 U References A S-10-022211RTF Review of State Department Cables for Department cf Defense Equi es 16 Sep 2516 mm 89015103 Dawnlaaded ClasSi ad D95 and Qualifier Dacuments fram Wikileaks in Juiy arid August 2010 22 Nev 2010 C U Cantact Infomatian For ail questions relating to network defame piease contac W E 1 SIPRNET E mai WW Phnne COMM For all questians relating ta intelligancg assessment please contact the J2 his Watch SIPRNET E mai me Phone COMM Derived from Mamas Declassify 017 29354429 M386 This document is from the holdings of The National Security Archive Suite 701 Gelman Library The George Washington University 2130 H Street NW Washington D C 20037 Phone 202 994-7000 Fax 202 994-7005 nsarchiv@gwu edu