Attacks/Breaches
4/4/2016
12:50 PM
100%
0%

Panama Papers Leak Exposes Tax Evasion -- And Poor Data Security, Data Integrity Practices

Whether an insider leak or an outsider hack, an exposure of 11.5 million documents definitely falls under the infosec umbrella.

An enormous store of 11.5 million documents -- mostly emails -- leaked from Panamanian law firm Mossack Fonseca, has exposed illegal practices used by the rich across the globe to hide their wealth, disguise how they obtain that wealth, and avoid paying taxes. The 2.6 terabytes of data reveals secret information about the offshore holdings of political leaders and crime lords alike.

According to the report by the International Consortium of Investigative Journalists (ICIJ), published after a yearlong study of the documents by a collaboration of over 100 news organizations:

Reporters at [German newspaper] Süddeutsche Zeitung obtained millions of records from a confidential source and shared them with ICIJ and other media partners. The news outlets involved in the collaboration did not pay for the documents.

Before Süddeutsche Zeitung obtained the leak, German tax authorities bought a smaller set of Mossack Fonseca documents from a whistleblower, a move that triggered the raids in Germany in early 2015. 

From Reuters:

The head of Mossack Fonseca, Ramon Fonseca, has denied any wrongdoing but said his firm had suffered a successful but "limited" hack on its database. He described the hack and leak as "an international campaign against privacy."    

Whether or not the documents were simply leaked by a privileged insider or obtained through a hack of a database or email server, the exposure falls within the purview of information security. 

According to the ICIJ report, Mossack Fonseca's data integrity and retention practices were willfully noncompliant -- the firm regularly backdated documents and also destroyed them to evade a US government investigation. According to ICIJ

...the firm took steps to wipe potentially damaging records from phones and computers to keep details of their clients from the United States justice system. ... The documents even show that a firm employee traveled from Panama to [Las] Vegas to whisk paper documents out of the country.

For more, see the ICIJ report and The Guardian's guide to the report.

Related stories:

 

Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Click here for pricing information and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
paul.curran
50%
50%
paul.curran,
User Rank: Author
10/7/2016 | 12:06:50 PM
Re: It's an insider job for sure, otherwise theseamount of data can't be frisked out of the vaults
There could have been some insider help coupled with the critically insecure Drupal release and Wordpress image slider plugins that had not been updated/patched so safer versions in quite some time. In any case, it will be interesting to see the further international fallout that will occur as more of the dust settles.
hewenthatway
50%
50%
hewenthatway,
User Rank: Strategist
4/5/2016 | 5:18:08 PM
Re: It's an insider job for sure, otherwise theseamount of data can't be frisked out of the vaults
Whoa.

So much fanciful and sensationalized coverage on that ICIJ site w/ the report.

Either way, I'm amazed that they were able to keep the investigation under wraps while under review for over a year without it blowing up on the net.  Media is constantly adapting I guess.  I guess its nice to have a breakdown of findings after careful analysis rather than jumping to conclusions.  The raw data is so organized though.  Seems to be insider as another commenter had expressed.
Shawn@HomeSecurityList
50%
50%
[email protected],
User Rank: Apprentice
4/5/2016 | 8:15:23 AM
It's an insider job for sure, otherwise theseamount of data can't be frisked out of the vaults
Experts say this is the largest leak ever. As a security analyst it seemed there's more into it than simple hacking. Such a huge information can't be leaked without having the involvement of someone/some people who have access to such sensitive data and that's too in these tax havens. Though I've no sympathies for those who evade tax and park their money by opening false companies, it's absolutely true that there were supposedly no protocol followed in securing data. Though Ramon Fonseca has denied any wrongdoing, this amount of data can't be frisked out without serious security breach or insider job. Period.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
4/5/2016 | 7:50:43 AM
Re: 100 Journalists and a Year? Does not smell right
That's an interesting one. It's obvious from the way Snowden has been treated that any leaker is not going to get much government protection, so it makes sense to stay in the shadows. 
WilliamM405
100%
0%
WilliamM405,
User Rank: Apprentice
4/4/2016 | 5:12:40 PM
100 Journalists and a Year? Does not smell right
More like an insider leaking data aka Snowden and the journalists are using a cover story and sharing the information to protect the leaker - how else does 2.5 terabytes leak out in a coordianted fashion?
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Santa: "How about a unicorn coming out of a monitor instead?"
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.