Up until now, pretty much everybody knows about the Panama Papers. If you’re not living in a bunker with no connection to the outside world, there is no way you didn’t find out about the biggest data breach in history. It is bigger than WikiLeaks or the Snowden leak. While the media is extensively covering this subject, IT security industry experts have been more or less silent, maybe because it is a highly sensitive subject. It is the kind of happening that you do not know how to classify because there are too many implications and with each day passing by, the snowball effect is getting bigger and bigger.
We just want to express our thoughts about this massive breach and we’re summing up some of the discoveries, to keep you up to date.
So, here are the facts until now:
- Over a year ago an anonymous source started sending documents which gathered up to 11.5 million documents (2.6 terabytes of data) from the Mossack Fonseca database to Süddeutsche Zeitung which shared them with the International Consortium of Investigative Journalists (ICIJ); the consortium distributed the documents for investigation to approximate 400 journalists from 107 media organizations in more than 80 countries
- Mossack Fonseca is a law firm from Panama which deals with offshore transactions and also do wealth management; the company also has other business units like E-Volusoft for document management and storage as well as secure access to documents, according to their website
- There are 12 current or former heads of state and many more officials linked with the offshore entities according to with the investigations made by journalists, among other political characters, C-suites, and celebrities; Iceland Prime Minister, Gunnlaugsson, resigns after the leaked documents revealed his connection with an offshore company that contradicted his promises during the 2008 financial crisis and nullified his ethics, with the obvious conflict of interests; initially, he refused to resign, but the public pressure caused by protests forced him to do so; however, the most recent statement from the PM’s office says that “Gunnlaugsson has not resigned, but rather stepped aside for an unspecified amount of time and will continue to serve as the Chairman of the Progressive Party.”
- Chinese agency bans online mention of Panama Papers
- There are official investigations developing in more countries like Australia, Colombia, France, Ukraine and others
- It is not illegal (how about unethical?) to have offshore holdings, but in some cases, there are suspicions of tax evasion and corruption
- Mossack Fonseca response to the data breach consists of a denial of any illegal activity; moreover, their statement sent to The Guardian says that “Most of the persons mentioned by you are not our clients nor do they appear in our database as persons related to the companies we formed.”
Here are also the suppositions raised by different media outlets:
- The anonymous source that leaked the documents is an insider and was driven by moral reasons since he / she did not want any financial compensation and sent the documents to the media
- There was actually a hacker that broke into the Mossack Fonseca e-mail server, not an insider that stole information
- The whole series of allegations and disclosures is, in fact, a conspiracy against Russia and former soviet states
- US government is behind the leak since there are very few Americans on the exposed list
It will be interesting to see how this worldwide scandal is going to evolve and which are the next names to be published by the ICIJ and their partners. Also, if the Mossack Fonseca´s theory of an outsider attack, and not an insider job, is confirmed, then the question is, will there be the next target? This company is the fourth biggest offshore law firm, what about the first three?
Regardless if we look at this breach as an action of disclosing the unethical and illegal activities of world leaders and major corporations, or a political conspiracy, we cannot ignore the power of data and what a data breach can lead to. Are there such things as positive data leakages? Does security software have to tell the difference between them? If the leakage wouldn´t have happened and the source that leaked data would have been discovered before he / she actually managed to disclose enough data, what would have happened after all?
What´s impressive, among all the data revealed in the Panama Papers breach and other facts related to it, is how the ICIJ, the reporters and all the media involved managed to securely collaborate in the investigation of the documents during one year. According to Forbes, they used only encrypted communication, encrypted hard drives to store the huge quantity of data and open-source technology.
I guess we will see in the next period how the Panama Papers will influence the worldwide political scenery, if it will drive also economical instability, or what other secrets it will bring to the surface. We will surely have our noses stuck to our computers and smartphones screens to find out the latest news.
Sources:
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.