How the Panama Papers Hack Happened

The data breach at Panamanian law firm Mossack Fonseca is being touted as the biggest data breach ever in terms of the sheer volume of data leaked.

The leaked data points out the ways in which many high-ranking government officials, their family members, relatives, or close partners in more than 40 nations have used offshore companies to hide income and avoid taxes. Identified nations include the U.K., Russia, France, India, and China.

Some of the high profile public figures embroiled in the leak are Iceland’s Prime Minister David Gunnlaugsson, the late father of British Prime Minister David Cameron, and Vladimir Putin.

The leaks purportedly cover 11.5 million confidential and private documents from the 1970s through 2015. The 2.6 terabytes of leaked information incorporate 4.8 million email messages, 3 million database file records, 2.2 million PDF files, 1.1 million images, and 320,000 text file documents.

The so-called Panama Papers were first shared with the German newspaper Sueddeutsche Zeitung by an anonymous source and then with the International Consortium of Investigative Journalists (ICIJ).

A representative from Mossack Fonseca has confirmed news reports saying the leak happened from an email hack. It’s unknown how the email attack actually happened, yet tests run by outside security specialists suggest Mossack Fonseca did not encrypt its email messages with Transport Layer Security protocols.

The volume of information made available seems to indicate the server itself was compromised, rather than individual mailboxes. Zak Maples, a senior security expert at MWR InfoSecurity, says an email server attack could have happened in multiple ways.

Maples also states this security breach is quite possibly a broader compromise of the organization. The hackers might have broken down the Mossack Fonseca network system and elevated the privileges to that of a domain administrator account or email administrator account and used these privileges to get access to information and download all information present on the email server.

The company informed all its customers that its email server had been compromised. One of the founders of the firm stated the company has ruled out an insider accomplishing the breach.

Mossack Fonseca said it opened an investigation with the help of external security expert consultants as soon as it discovered that it had suffered an outside attack on its email server. The company further said that it is taking all necessary and additional measures, including strengthening its network systems, to prevent a data leak from happening in the future.