How does Aust. Parliament (or others) track down stolen data
The question that nobody seems able to answer following the cyberattack on the Australian Parliament is, was any information stolen and how would we know if it was?
According to Leroy Terrelonge III, Director of Intelligence and Operations at business risk intelligence firm Flashpoint, the use of Deep and Dark Web (DDW) monitoring services is a key part of any organisation’s response to a cyberattack, even when nation state actors are suspected.
“As a general practice, but particularly following a breach, organisations should invest in Deep and Dark Web (DDW) monitoring services so they can be alerted when data on their clients, employees, suppliers, contractors, etc. is found in criminal online communities,” says Terrelonge.
“It is important to highlight that nation state actors typically have different motivations from the archetypal financially motivated actors that dominate the underground economy. Nation state actors are mostly interested in espionage and intelligence gathering. Consequently, information stolen by nation state actors is much less likely to show up in DDW communities.
“However, credible reports have shown overlap between cybercriminals and intelligence services, most notably in Russia where in 2014 investigators observed a cybercriminal cooperating with Russian intelligence to steal classified information from Turkey, Ukraine, Georgia, and other countries that have had a tense relationship with Russia.
“Thus, while nation state actors are suspected of being behind the recent cyberattack on Australian lawmakers, monitoring criminal communities for mentions of the impacted organisations and their people/assets is an important component of the response to this potential data theft.”