The question that nobody seems able to answer following the cyberattack on the Australian Parliament is, was any
information stolen and how would we know if it was?
According to Leroy Terrelonge III, Director of Intelligence and Operations at business risk intelligence firm
Flashpoint, the use of Deep and Dark Web (DDW) monitoring services is a key part of any organisation’s response to a
cyberattack, even when nation state actors are suspected.
“As a general practice, but particularly following a breach, organisations should invest in Deep and Dark Web (DDW)
monitoring services so they can be alerted when data on their clients, employees, suppliers, contractors, etc. is found
in criminal online communities,” says Terrelonge.
“It is important to highlight that nation state actors typically have different motivations from the archetypal
financially motivated actors that dominate the underground economy. Nation state actors are mostly interested in
espionage and intelligence gathering. Consequently, information stolen by nation state actors is much less likely to
show up in DDW communities.
“However, credible reports have shown overlap between cybercriminals and intelligence services, most notably in Russia
where in 2014 investigators observed a cybercriminal cooperating with Russian intelligence to steal classified
information from Turkey, Ukraine, Georgia, and other countries that have had a tense relationship with Russia.
“Thus, while nation state actors are suspected of being behind the recent cyberattack on Australian lawmakers,
monitoring criminal communities for mentions of the impacted organisations and their people/assets is an important
component of the response to this potential data theft.”