Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Panama Papers: Massive Data Leak Exposes Corrupt World Leaders and Tax Havens

2.6 Terabytes of Leaked Documents From Panama Law Firm Mossack Fonseca Expose World Leaders, Tax Havens and Shell Companies

2.6 Terabytes of Leaked Documents From Panama Law Firm Mossack Fonseca Expose World Leaders, Tax Havens and Shell Companies

We knew something big must be coming when the Kremlin started pre-emptive damage limitation last week. A report from the RBC news agency quoted in the Moscow Times quoted Putin’s spokesman Dmitry Peskov warning, “Another hoax [article], pretending to be objective is due to be released in the coming days” with an attack on President Putin.

We now know from the Panama Papers, a massive leak of documents from the Panamanian firm Mossack Fonseca, that Putin is just one of a large number of world leaders, businessmen and celebrities allegedly involved in tax avoidance through off-shore companies. The legal, political and financial ramifications from this leak will rumble on for years; but our concern here is not what was leaked, but by whom, how and to a lesser degree, why.

The basic facts are these. An anonymous source contacted Süddeutsche Zeitung (SZ)  more than a year ago and provided encrypted internal documents from Mossack Fonseca. In the following months the supply grew to a massive 2.6 terabytes of data, containing 4.8 million emails, 2.2 million PDFs, and millions more database formats, images and text documents.

Size of Panama Papers Leak

These documents needed to be anlayzed, and Süddeutsche Zeitung called on the International Consortium of Investigative Journalists (ICIJ) to help.

“First, the data had to be systematically indexed to make searching through this sea of information possible,” explains SZ. “To this end, the Süddeutsche Zeitung used Nuix, the same program that international investigators work with. Süddeutsche Zeitung and ICIJ uploaded millions of documents onto high-performance computers. They applied optical character recognition (OCR) to transform data into machine-readable and easy to search files.”

The initial analysis uncovered details on more than 214,000 offshore entities, the offshore holdings of 140 politicians and public officials, and 12 current and former world leaders. In particular, the ‘hoax’ that worried the Kremlin documents “$2 billion in transactions secretly shuffled through banks and shadow companies by associates of Russian President Vladimir Putin.”

In cyber security terms, the worrying question is how 2.6 terabytes of data can be exfiltrated without Mossack Fonseca being aware. It claims it had been hacked. If, as Süddeutsche Zeitung claims, the leak started more than a year ago, then the hackers were inside the network for even longer. This means it was a very sophisticated hack by very disciplined hackers. That alone will make some people point fingers at a state-sponsored hack.

Two features jump out from the initial reports from the leak. Firstly, there is a deal of information about Putin’s off-shore dealings. Secondly there is a dearth of accusations against American politicians or businesses. Put these together and it is not surprising that people are already crying, ‘CIA’.

But that is just conjecture, and it is too early to jump to any conclusions. The Snowden documents have taken years, and things are still being unearthed. Reports from the Panama Leaks will take even longer indeed, as this report was being compiled, Georgi Kantchev of the Wall Street Journal tweeted, “No U.S. individuals in #PanamaPapers? ‘Just wait for what’s coming next…,’ says editor of @SZ which got the leak”.

The reality is that we will need to wait for the reports from forensic investigators before any conclusion can be reached on who hacked Mossack Fonseca and even then we may not get the whole truth.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

CommandK announced that it has raised $3 million in a seed funding round for a solution designed to help organizations secure sensitive data.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...