The Scandal Panama Papers: as 2.6 TB of Confidential Documents Were Leaked

security breaches, old software and e-mails accessed are involved in the case

In recent days, you must have seen many people in your timeline commenting on the scandal Panama Papers, which is already considered the largest leak of classified documents in history. 2.6 TB were published data containing bank details of offshore accounts and important politicians. But how all this leaked?

There are indications that it all started when an anonymous contacted Bastian Obermayer, the German newspaper reporter Süddeutsche Zeitung (SZ) , asking if there was interest in the publication “some data”. The conversation moved to an encrypted chat and, over a year, Obermayer received more than 11.5 million confidential documents Mossack Fonseca law firm, Panama.

The hacker, also known (for obvious reasons), said the newspaper SZ that communication between the two should be encrypted. “There are some conditions. My life is in danger. We will speak to us through encrypted chats. No personal encounter, ever, “demanded anonymous.

As pointed out by the BBC Brazil, Ramon Fonseca, one of the founders of Mossack Fonseca, denied that the company or its employees have leaked documents, giving the publication the “external hackers.” The company has registered a complaint and expect to find the culprits.

The volume of documents received by the German newspaper was so great that they had to ask for help to the International Consortium of Investigative Journalists (ICIJ, the acronym in English) guide them in investigations. The consortium shared the information with over 109 media outlets from 76 countries, including Brazil UOL , O Estado de S. Paulo and RedeTV! .

But how this unknown hacker gained access to the files, which were encrypted disks, and sent them to a simple structure as Amazon’s cloud? A special report security expert of the Forbes indicates that the failures were the very Mossack Fonseca, who wore outdated software internally, triggering in easily accessible loopholes.

Faults and More Security Holes

The infamous encryption (or lack thereof) apparently was a key player for hackers get into the system. Internal the Mossack Fonseca e-mails were not encrypted, as discovered security expert and privacy Christopher Soghoian.

Additionally, the firm sites have vulnerabilities caused by old software. According to Forbes, the main page of Mossack Fonseca ran a version of WordPress that was already passed three months ago. Worse still was the portal version that consumers accessed sensitive data that was running Drupal 7:23, launched three years ago (!).

In 2014, Drupal has warned consumers that if they rodassem some older than the 7:32, released at the time, should have to assume that were hacked. Version 7.23 has over 25 vulnerabilities, and two easy access to server data by hackers that can send the platform your own code.

It is estimated that this vulnerability is in force in the firm for two years and a half site, compromising the information of customers Mossack Fonseca, who did not even know of the failures. On April 1 (no lies involved), customers received a statement warning that the e-mail servers had been hacked.

According to WikiLeaks, which released the letter, Mossack Fonseca warned that it was taking the necessary steps for the case does not happen again. But this may have been only a final event, since Ramon Fonseca told news agency Reuters that the failure was “limited.” He also complained of an “international campaign against privacy,” the company has been heavily criticized.

Still, for nearly a year, the company did not warn its customers of other possible failures in the system – and they may not have noticed. After the documents were obtained, they were passed by an encryption made by VeraCrypt program, which is open-source.

Once encrypted, the files were transferred to Amazon’s servers subsequently shared among 400 journalists around the world, with more security measures such as two-step authentication and protection against brute force attacks. To search more than 11 million files and 2.6 TB of data in record time, they were used several research software and optical scanning image.

One was the Nuix, a tool used to sift through evidence in huge repositories of data. AtForbes , the president of Nuix said the software has already been used to dig up to 400 TB of information. There is storage!

Why the Scandal Is Important

You should be asking yourself why a bunch of journalists and some developers have mobilized to scour information contained within a company in Panama? The answer is simple: are documents coming from an offshore company, commonly used for money laundering or concealment of assets.

To contextualize, an offshore company works to store resources and hide the real owner’s name. They can be used for good things, how to protect the identity of a company to keep secret their corporate plans. But they are usually used for their owners to avoid paying taxes, keeping their fortunes in tax havens.

Panama is a tax haven, and Mossack Fonseca made use of low application regulations of foreign capital in the country, to establish your contacts. The firm was used by customers with a large amount of money they wanted to open businesses abroad confidentially, without paying tax.

The revelation of who are the people behind the businesses that keep money with Mossack Fonseca, then, is important. Documents obtained by journalists involving 12 current heads of state and 60 relatives, as well as personalities who used the company to hide assets.

It was discovered, for example, that the prime minister of Iceland, Sigmundur Gunnlaugsson, owned a company that had accumulated investments of his wife. This week he resigned. Other politicians like Vladimir Putin, president of Russia, and Petro Poroshenko, President of Ukraine, are also involved.