Whether an insider leak or an outsider hack, an exposure of 11.5 million documents definitely falls under the infosec umbrella.

Dark Reading Staff, Dark Reading

April 4, 2016

2 Min Read

An enormous store of 11.5 million documents -- mostly emails -- leaked from Panamanian law firm Mossack Fonseca, has exposed illegal practices used by the rich across the globe to hide their wealth, disguise how they obtain that wealth, and avoid paying taxes. The 2.6 terabytes of data reveals secret information about the offshore holdings of political leaders and crime lords alike.

According to the report by the International Consortium of Investigative Journalists (ICIJ), published after a yearlong study of the documents by a collaboration of over 100 news organizations:

Reporters at [German newspaper] Süddeutsche Zeitung obtained millions of records from a confidential source and shared them with ICIJ and other media partners. The news outlets involved in the collaboration did not pay for the documents.

Before Süddeutsche Zeitung obtained the leak, German tax authorities bought a smaller set of Mossack Fonseca documents from a whistleblower, a move that triggered the raids in Germany in early 2015. 

From Reuters:

The head of Mossack Fonseca, Ramon Fonseca, has denied any wrongdoing but said his firm had suffered a successful but "limited" hack on its database. He described the hack and leak as "an international campaign against privacy."    

Whether or not the documents were simply leaked by a privileged insider or obtained through a hack of a database or email server, the exposure falls within the purview of information security. 

According to the ICIJ report, Mossack Fonseca's data integrity and retention practices were willfully noncompliant -- the firm regularly backdated documents and also destroyed them to evade a US government investigation. According to ICIJ

...the firm took steps to wipe potentially damaging records from phones and computers to keep details of their clients from the United States justice system. ... The documents even show that a firm employee traveled from Panama to [Las] Vegas to whisk paper documents out of the country.

For more, see the ICIJ report and The Guardian's guide to the report.

Related stories:

 

Interop-las-vegas-small-logo.jpgFind out more about security threats at Interop 2016, May 2-6, at the Mandalay Bay Convention Center, Las Vegas. Click here for pricing information and to register.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights