Euro Security Watch with Mathew J. Schwartz

Anti-Money Laundering (AML) , Data Loss Prevention (DLP) , Governance & Risk Management

If You Hide It, They Will Hack

What the 'Panama Papers' Tell Us
If You Hide It, They Will Hack

When it comes to articulating lessons to be learned from the so-called "Panama Papers" leak, the top takeaway would seem to be a no-brainer. To riff on the famous Kevin Costner fantasy-baseball flick "Field of Dreams" line: "If you hide it, they will hack."

See Also: 5 Requirements for Modern DLP

In other words, don't hide - or help hide - money in illegal, offshore shell companies, and don't let your friends and family do so either. Otherwise, you may face some difficult questions. Indeed, as everyone from the government of Pakistan and the now-former prime minister of Iceland to British Prime Minister David Cameron and Russian President Vladimir Putin have discovered, transparency is a bitch.

Of course telling many politicians or owners of mega-corporations - as well as other, more garden-variety insanely rich types - to not dodge taxes is a bit like telling governments to avoid land wars in Asia. But in what might seem like a rare occurrence, these shadowy dealings have been brought into the light, thanks to the leak of data from Panama-based law firm Mossack Fonseca, which has reportedly helped numerous individuals and organizations create offshore shell companies.

Cue Cyber-Class Warfare

If you cast the Panama Papers leak in terms of class warfare, this isn't the first time that a faceless few have acted for what they perceive to be the good of the proletariat, in a bout of hacker - or insider - vigilantism.

Love them or loathe them, you could say the same about:

  • Chelsea Manning: The former Private Manning leaked a classified U.S. Army video of an Apache helicopter crew in Baghdad firing on and killing 11 adults - including two Reuters reporters - and seriously injuring others, including two children. Also leaked an archive of 251,287 sensitive U.S. State Department cables.
  • Edward Snowden: Leaked National Security Agency documents that detailed secret - and likely illegal - mass surveillance programs in the United States, United Kingdom and other countries.
  • Impact Team: Hacked into pro-infidelity dating service Ashley Madison, then leaked details of more than 30 million customers, including evidence that now-former CEO Noel Biderman had multiple extramarital affairs, despite claims to the contrary (see Top 10 Data Breach Influencers).
  • PhineasFisher: A person or group operating under that name hacked the Italian surveillance software maker Hacking Team, and dumped 400 GB of corporate data. Those records show that the company sold its surveillance software to dozens of governments, including the United States and Spain, as well as Russia, Bahrain and Sudan. PhineasFisher had previously claimed credit for hacking and leaking data from former FinFisher surveillance software vendor Gamma Group.

Who would ever have predicted someone might try to steal and leak those organizations' information?

The same goes, of course, for Mossack Fonseca, since it helps individuals create shell companies. And there are good and legal uses for shell companies. But according to a review of the records over the past year spearheaded by the International Consortium of Investigative Journalists, the firm helped sell "financial secrecy to politicians, fraudsters and drug traffickers as well as billionaires, celebrities and sports stars."

Setting aside allegations of enabling illegal activities, one of the Mossack Fonseca's primary errors - yes, besides getting caught out - was failing to safeguard its stored information. Because there seems to be no other, more charitable explanation for how an attacker - potentially an insider, although his or her identity remains unknown - managed to leak 2.6 terabytes of data to journalists over the course of more than a year.

Cue a rare case of wealth and accountability colliding.

Of course, not all of the world's shell companies have been created by Mossack Fonseca. And it's a sure bet that more have been - or will be - targeted by people who wish to expose the activities of these firms, as well as their customers, to say nothing of any other high-profile organization engaged in illegal or distasteful activities.

The revolution may not be televised. But it will be leaked.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.