Breach, Data Security

Email server hack behind Panamanian law firm leaks

An email server hack is thought to be behind the leaking of top-secret documents from Panamanian law firm, Mossack Fonseca. As many as eleven million confidential documents may have been revealed detailing the firm's work supporting what is alleged to be covert operations to locate money in tax havens around the world.

BBC News details a report saying that Mossack Fonseca has helped clients launder money, dodge sanctions and evade tax. The law firm itself claims that it has “operated beyond reproach” for 40 years and has never been charged with criminal wrongdoing.

Some 2.6 terabytes of data in the 11.5 million records is made up of email content (primarily), but also includes PDFs, text files and other perhaps less structured information.

The news itself was obtained by south-German newspaper Süddeutsche Zeitung. The information was then subsequently shared by the International Consortium of Investigative Journalists other international media.

External sources

News reports highlight the fact that the largest information leaks carried out in world to date (WikiLeaks in 2010 and Chelsea Manning and Edward Snowden in 2013) have all been ‘insider jobs' or carried out within the original confines of the data's origin. The Panamanian Papers job (as it is being referred to) is almost certainly down to an external hack.

The firm confirms “an attack on its email server [and is undertaking] all necessary measures to prevent this from happening again" at this time.

The BBC lead report on this story explains that the documents in question have links to 72 current or former heads of state including the Icelandic Prime Minister Sigmundur Gunnlaugson. The data also points to a suspected billion-dollar money-laundering ring involving close associates of Russian President Vladimir Putin.

Mossack Fonseca has said that it defends its conduct and has done no wrong in operational terms. The Guardian newspaper has said that Mossack Fonseca complies with anti-money-laundering laws and carries out thorough due diligence on all its clients.

“It says it regrets any misuse of its services and tries actively to prevent it. The firm says it cannot be blamed for failings by intermediaries, who include banks, law firms and accountants,” writes The Guardian reports team.

What the industry thinks

President of Lieberman Software Philip Lieberman spoke to SCMagazineUK.com in line with this unfolding story to say that irrespective of the data itself and its implications,  the industry has seen a general increase in the cyber defence readiness of many law firms in the USA.

“Outside the USA there has been little interest by foreign law firms in investing in cyber-security and for mounting competent cyber-defence capabilities. This fact is of great value to many criminal and nation state activities in the exploitation of weak security within law firms. One should ask the value of confidentiality with a law firm if a hacker or nation state penetrates their perimeter and has full administrator access to all of the systems within a company,” he said.

Lieberman asked  how a law firm could make a client whole or even provide for their own defence if the breach was caused by their neglect, incompetence and greed? 

“Clearly we have seen in many cases of cyber-attacks, that the force majeure defence (unanticipated and impossible to protect from event (act of God)) only applies in a very tiny fraction of companies that have excellent cyber-defence capabilities. As lawyers are gleeful to explain: ignorance of the law is no defence, but this case provides a new maxim: ignorance of competent cyber-defence processes and technology is no excuse for allowing outside criminals and nation states access to your clients' data,” added Lieberman.

Interactive graphic

The International Consortium of Investigative Journalists has provided an interactive graphic linked here to explore the movers, shakers and so-called ‘power players' allegedly involved within the wider scope of the Panama Papers story.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.