Attacks/Breaches

4/4/2016
12:50 PM
100%
0%

Panama Papers Leak Exposes Tax Evasion -- And Poor Data Security, Data Integrity Practices

Whether an insider leak or an outsider hack, an exposure of 11.5 million documents definitely falls under the infosec umbrella.

An enormous store of 11.5 million documents -- mostly emails -- leaked from Panamanian law firm Mossack Fonseca, has exposed illegal practices used by the rich across the globe to hide their wealth, disguise how they obtain that wealth, and avoid paying taxes. The 2.6 terabytes of data reveals secret information about the offshore holdings of political leaders and crime lords alike.

According to the report by the International Consortium of Investigative Journalists (ICIJ), published after a yearlong study of the documents by a collaboration of over 100 news organizations:

Reporters at [German newspaper] Süddeutsche Zeitung obtained millions of records from a confidential source and shared them with ICIJ and other media partners. The news outlets involved in the collaboration did not pay for the documents.

Before Süddeutsche Zeitung obtained the leak, German tax authorities bought a smaller set of Mossack Fonseca documents from a whistleblower, a move that triggered the raids in Germany in early 2015. 

From Reuters:

The head of Mossack Fonseca, Ramon Fonseca, has denied any wrongdoing but said his firm had suffered a successful but "limited" hack on its database. He described the hack and leak as "an international campaign against privacy."    

Whether or not the documents were simply leaked by a privileged insider or obtained through a hack of a database or email server, the exposure falls within the purview of information security. 

According to the ICIJ report, Mossack Fonseca's data integrity and retention practices were willfully noncompliant -- the firm regularly backdated documents and also destroyed them to evade a US government investigation. According to ICIJ

...the firm took steps to wipe potentially damaging records from phones and computers to keep details of their clients from the United States justice system. ... The documents even show that a firm employee traveled from Panama to [Las] Vegas to whisk paper documents out of the country.

For more, see the ICIJ report and The Guardian's guide to the report.

Related stories:

 

Interop 2016 Las VegasFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Click here for pricing information and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
paul.curran
50%
50%
paul.curran,
User Rank: Author
10/7/2016 | 12:06:50 PM
Re: It's an insider job for sure, otherwise theseamount of data can't be frisked out of the vaults
There could have been some insider help coupled with the critically insecure Drupal release and Wordpress image slider plugins that had not been updated/patched so safer versions in quite some time. In any case, it will be interesting to see the further international fallout that will occur as more of the dust settles.
hewenthatway
50%
50%
hewenthatway,
User Rank: Strategist
4/5/2016 | 5:18:08 PM
Re: It's an insider job for sure, otherwise theseamount of data can't be frisked out of the vaults
Whoa.

So much fanciful and sensationalized coverage on that ICIJ site w/ the report.

Either way, I'm amazed that they were able to keep the investigation under wraps while under review for over a year without it blowing up on the net.  Media is constantly adapting I guess.  I guess its nice to have a breakdown of findings after careful analysis rather than jumping to conclusions.  The raw data is so organized though.  Seems to be insider as another commenter had expressed.
Shawn@HomeSecurityList
50%
50%
[email protected],
User Rank: Apprentice
4/5/2016 | 8:15:23 AM
It's an insider job for sure, otherwise theseamount of data can't be frisked out of the vaults
Experts say this is the largest leak ever. As a security analyst it seemed there's more into it than simple hacking. Such a huge information can't be leaked without having the involvement of someone/some people who have access to such sensitive data and that's too in these tax havens. Though I've no sympathies for those who evade tax and park their money by opening false companies, it's absolutely true that there were supposedly no protocol followed in securing data. Though Ramon Fonseca has denied any wrongdoing, this amount of data can't be frisked out without serious security breach or insider job. Period.
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
4/5/2016 | 7:50:43 AM
Re: 100 Journalists and a Year? Does not smell right
That's an interesting one. It's obvious from the way Snowden has been treated that any leaker is not going to get much government protection, so it makes sense to stay in the shadows. 
WilliamM405
100%
0%
WilliamM405,
User Rank: Apprentice
4/4/2016 | 5:12:40 PM
100 Journalists and a Year? Does not smell right
More like an insider leaking data aka Snowden and the journalists are using a cover story and sharing the information to protect the leaker - how else does 2.5 terabytes leak out in a coordianted fashion?
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
7 Ways to Keep DNS Safe
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-15137
PUBLISHED: 2018-07-16
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
CVE-2017-17541
PUBLISHED: 2018-07-16
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
CVE-2018-1046
PUBLISHED: 2018-07-16
pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow ...
CVE-2018-10840
PUBLISHED: 2018-07-16
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
CVE-2018-10857
PUBLISHED: 2018-07-16
git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.