Security Experts:

Panama Papers: Massive Data Leak Exposes Corrupt World Leaders and Tax Havens

2.6 Terabytes of Leaked Documents From Panama Law Firm Mossack Fonseca Expose World Leaders, Tax Havens and Shell Companies

We knew something big must be coming when the Kremlin started pre-emptive damage limitation last week. A report from the RBC news agency quoted in the Moscow Times quoted Putin's spokesman Dmitry Peskov warning, "Another hoax [article], pretending to be objective is due to be released in the coming days" with an attack on President Putin.

We now know from the Panama Papers, a massive leak of documents from the Panamanian firm Mossack Fonseca, that Putin is just one of a large number of world leaders, businessmen and celebrities allegedly involved in tax avoidance through off-shore companies. The legal, political and financial ramifications from this leak will rumble on for years; but our concern here is not what was leaked, but by whom, how and to a lesser degree, why.

The basic facts are these. An anonymous source contacted Süddeutsche Zeitung (SZ)  more than a year ago and provided encrypted internal documents from Mossack Fonseca. In the following months the supply grew to a massive 2.6 terabytes of data, containing 4.8 million emails, 2.2 million PDFs, and millions more database formats, images and text documents.

Size of Panama Papers Leak

These documents needed to be anlayzed, and Süddeutsche Zeitung called on the International Consortium of Investigative Journalists (ICIJ) to help.

"First, the data had to be systematically indexed to make searching through this sea of information possible," explains SZ. "To this end, the Süddeutsche Zeitung used Nuix, the same program that international investigators work with. Süddeutsche Zeitung and ICIJ uploaded millions of documents onto high-performance computers. They applied optical character recognition (OCR) to transform data into machine-readable and easy to search files."

The initial analysis uncovered details on more than 214,000 offshore entities, the offshore holdings of 140 politicians and public officials, and 12 current and former world leaders. In particular, the 'hoax' that worried the Kremlin documents "$2 billion in transactions secretly shuffled through banks and shadow companies by associates of Russian President Vladimir Putin."

In cyber security terms, the worrying question is how 2.6 terabytes of data can be exfiltrated without Mossack Fonseca being aware. It claims it had been hacked. If, as Süddeutsche Zeitung claims, the leak started more than a year ago, then the hackers were inside the network for even longer. This means it was a very sophisticated hack by very disciplined hackers. That alone will make some people point fingers at a state-sponsored hack.

Two features jump out from the initial reports from the leak. Firstly, there is a deal of information about Putin's off-shore dealings. Secondly there is a dearth of accusations against American politicians or businesses. Put these together and it is not surprising that people are already crying, 'CIA'.

But that is just conjecture, and it is too early to jump to any conclusions. The Snowden documents have taken years, and things are still being unearthed. Reports from the Panama Leaks will take even longer indeed, as this report was being compiled, Georgi Kantchev of the Wall Street Journal tweeted, "No U.S. individuals in #PanamaPapers? 'Just wait for what's coming next...,' says editor of @SZ which got the leak".

The reality is that we will need to wait for the reports from forensic investigators before any conclusion can be reached on who hacked Mossack Fonseca and even then we may not get the whole truth.

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.