This blog was updated on October 18, 2017.

A Brief History of the Panama Papers

Much attention was paid to the political fallout and tax implications associated with the spring 2016 data breach of Panamanian corporate services firm Mossack Fonseca. It was one the largest data breaches in global history, even earning it a special nickname in the media: the Panama Papers.

Although the full scope of the data breach could take years to unravel, published reports confirmed that an anonymous source using the alias John Doe began providing German newspaper Süddeutsche Zeitung with Mossack Fonseca’s documents in early 2015. The documents chronicled how wealthy individuals leveraged offshore companies to conceal the ownership of valuable assets and/or to reduce their tax liability.

How Massive Was the Breach?

Eventually, the German newspaper enlisted the help of the International Consortium of Investigative Journalists (ICIJ) to analyze the volume of data that had been received. This was a truly massive amount of data, including:

  • 11.5 million confidential documents;
  • 4.8 million emails;
  • 3 million database format files;
  • 2.2 million PDF documents;
  • 1.1 million images; and
  • More than 320,000 text documents.

The newspaper received more than 240,000 company folders from John Doe. Individual company folders included email correspondence, PDF documents, pictures, passport copies and certificates. Süddeutsche Zeitung first published news of the data breach and the corresponding Panama Papers on April 3, 2016.

How Did This Happen?

The technical reasons behind the data breach have never been crystal-clear. However, analysis of Mossack Fonseca’s infrastructure revealed a few key issues:

  • A security test conducted by Christopher Soghoian and replicated by ITPro revealed that Mossack Fonseca did not encrypt its emails with Transport Layer Security (TLS) protocols. In a nutshell, TLS protocols protect emails from potential tampering or eavesdropping.
  • Wired reported that Mossack Fonseca’s mail system, Microsoft Outlook Web Access, was last updated in 2009. The analysis of the IT change log for the firm’s Client Information Portal revealed that it was last updated in August 2013. Security best practices dictate that infrastructure upgrades, software updates and patches should be applied promptly to address rapidly evolving vulnerabilities.
  • Wired’s research also revealed that Mossack Fonseca’s version of Drupal, an open-source content management system (CMS) used by the company’s Client Information Portal, contained at least 25 vulnerabilities, including a high-risk SQL injection vulnerability that could permit attackers to remotely execute arbitrary commands on the firm’s site.
  • According to published reports, Mossack Fonseca’s internal review of the incident indicated that it originated from an unauthorized breach of its email server.

Learn How to Effectively Manage Application Security Risk in the Cloud

Protecting Your Organization From Potential Attacks

The intention of this blog is not to assign blame or debate the legitimacy of international tax shelters. Rather, the purpose is to help you:

  • Evaluate your level of security preparedness from a potential cyberattacker’s perspective.
  • Protect your organization’s email communications from possible tampering.
  • Install software updates and patches more efficiently.
  • Reduce the likelihood and impact of SQL injection attacks.
  • Realize the value of an incident response team should a worst case scenario or hack occur.

In this way, you can be better prepared and hopefully prevent similar situations from happening to you.

10 Convenient Resources to Expand Your Security Knowledge

1. Watch Our On-demand Webinar, “Overcoming the ‘Alternative Facts’ on Web and Mobile Application Security”

In this on-demand session, IBM Executive Security Advisor Etay Maor explains why primitive security solutions such as anti-virus software can lure you into a false sense of security. He also recaps top security threats to be aware of from the OWASP Top 10 application security vulnerabilities listing and shares his unvarnished perspective on how hackers collaborate and share your information for their personal gain.

2. Consult a Complimentary Ponemon Institute Study on Application Security Risk Management

This IBM-sponsored Ponemon Institute study reveals organizations’ current application security risk management practices so you can benchmark your security maturity against theirs. Our companion blog provides straightforward recommendations about how you can improve your application security effectiveness.

3. Learn About ‘The 10 Most Common Application Attacks in Action’

This blog, written by Paul Ionescu, expands discussion of potential attacks beyond SQL injection to address all the Open Web Application Security Project (OWASP) top 10 vulnerabilities. There are links to detailed YouTube videos associated with each of the attack vectors so you can learn more about them.

4. Watch ‘OWASP Top 10 Vulnerabilities: No. 1 Injection’

You will recall that analysis of Mossack Fonseca’s Client Information Portal showed that the company’s IT infrastructure may have been vulnerable to SQL injection attacks. This detailed video provides you with an overview of the SQL injection attack vector and explains how you can protect your applications from such attacks.

5. Take Advantage of the Complimentary e-Guide: ‘Mitigate Business Risk Strategically With Application Security Management’

This comprehensive e-guide provides five convenient steps you can follow to effectively manage application security risk.

6. Check Out ‘A Security Protocol for the Internet of Things’

You will recall that the lack of TLS protocols may have made Mossack Fonseca more susceptible to potential cyberattacks. “A Security Protocol for the Internet of Things” discusses the importance of TLS protection, particularly as organizations expand rapidly into IoT.

7. Listen to ‘Is Your Security Staff Addressing the Top Three Data Challenges Today?’

In this on-demand webinar, Mark Wah and Anshul Garg, from IBM’s Data Security team, discuss how you can more effectively protect mission-critical data and overcome three data security-related challenges that many organizations face: people, process and technology.

8. Consult ‘The Importance of Having an Effective Incident Response Team’

This article by Kevin Joseph, a Cybersecurity Strategist at IBM, discusses the value of investing in an incident response team prior to a potential cyberattack.

9. Review ‘Silver Bullets to Address Emerging Threats and Maintain Your Security Posture’

In this blog, IBM’s Umesh Yerram provides seven clearly defined silver bullets to focus on as you bolster your long-term security strategy.

10. Read a Case Study Detailing How a Major Retailer Manages Patching More Effectively

In this case study, you’ll learn how a major U.S. retailer reduced the time it took to patch its 27,000 endpoints from a matter of days to a matter of hours.

Learn How to Effectively Manage Application Security Risk in the Cloud

More from Application Security

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…