How Did The Panama Papers Leak Happen?

The recent revelations about just some of the contents of the leaked ‘Panama Papers’ detailing the names of those allegedly involved in suspected offshore tax evasion and clandestine banking schemes have just started to cause major ripples in high places and have been nothing short of a gift for the world’s media.

Those named include many powerful, rich and famous persons such as politicians and their associates, and the leak has already claimed its first high profile resignation in the form of the Prime Minister of Iceland.

One important point that has been overshadowed by the newsworthy high public profile of many of those named is how the leak itself, which appears to have been an IT Security matter i.e. a data breach, actually occurred.

Email Server Attack

In this latest in what appears to be a long line of large-scale IT security breaches it is believed that a possible 2.6TB of data, including 4.8 million email messages and 2.2 million PDFs have been obtained from the Panamanian law firm Mossack Fonseca in what has been popularly described as a ‘leak’.

Computerworld have reported on their website that a representative of Mossack Fonseca indicated that the leak actually resulted from an email hack, and that tests from outside security researchers appear to show that the Panamanian law firm did not encrypt its emails with Transport Layer Security Protocols. These are cryptographic protocols that are designed to provide privacy and data integrity between two communicating computer applications over a computer network.

A spokesperson for Cyber Security Consultancy MWR InfoSecurity is reported by Computerworld as suggesting that the actual email server itself rather than individual email boxes was compromised, and that this may have been achieved by an attack on the network that used elevated privileges e.g. to a domain administrator or email administrator in order to gain access to and download all of the data.

The Leak

Once the data had been obtained it was leaked (presumably by the attackers) to German newspapers. It has been reported on Wired.com that a reporter at German newspaper Suddeutsche Zeitung had some communication with the source via encrypted channels e.g. Signal, Threema and PGP-encrypted email, and that all of the 11.5 million documents were leaked piecemeal over time.

Breaking the news of the leak is reported to have been co-ordinated by a U.S. investigative journalist consortium to over 100 media outlets worldwide, hence the shock of a massive fully formed story hitting the UK media all at once (with no apparent leaks itself).

What Does This Mean For Your Business?

This is another example of the need for businesses to prioritise their data and cyber security.

Personal / customer / sensitive data has a real value to cyber criminals e.g. to sell on the dark web, to extort money, and to use to commit other cyber crimes. In the case of this leak there has been and is likely to be more serious damage to reputations and it serves as a reminder that this can be just one of the serious and long lasting consequences of a data handling breach.

In the UK your business has legal obligations under the Data Protection Act and will have more obligations when the new EU regulations (GDPR ) come into force in 2018.

Seeking professional advice and help to ensure that your company is compliant and secure both now and going forward could save you damage to reputation, lost customers, loss of competitive advantage, fines and other costs.