Shanghai: Panama law firm Mossack Fonseca, the victim of the biggest data leak in history, said Yesterday a hacker stole more than 11.5 million documents that have caused worldwide controversy by linking political leaders with offshore tax evasion. The law firm’s founding partner Ramon Fonseca filed a complaint with the office of Panama’s attorney general alleging the 2.6 TB of data that German newspaper Sueddeutsche Zeitung used to publish the so-called “Panama Papers” was stolen by a hacking attack from abroad, Reuters reports.
“We rule out an inside job. This is not a leak. This is a hack,” Fonseca told Reuters. “We have a theory and we are following it.” Mossack Fonseca told Spanish news site El Español that the data was taken by a breach in its email server that likely occurred last year. But Justin Harvey, chief security officer Fidelis Cybersecurity, says he is skeptical that only the email server was breached. “Perhaps an email server was the way into their enterprise, but you don’t get millions of documents from just compromising that,” Harvey says. “The size of this points to it being an insider in my opinion.”
The 2.6 TB amount of data taken from the law firm is a staggering amount. The breach is larger than the trove of Wikileaks government and corporate documents that have been published online in recent years. It would be difficult to move that much data at once from the servers for the law firm without causing suspicion, so it was likely siphoned off over a long period of time. Tom Patterson, chief trust officer at Unisys, says he suspects the law firm does not encrypt its email server or compartmentalize the information, making it possible for anybody who breached the server to get access to the entire database. “Hacks like these are very common, when the firewall is the only line of defense,” he says. “They would have to be cautious taking the data from the server, but once they had it online there are any number of places they could have stored it, depending on the encryption used to hide it.”
The leaked financial documents analyzed by the International Consortium of Investigative Journalism have raised concerns that 12 former or current heads of state are involved in high-level money laundering, corruption or other forms of financial fraud. The allegations also include 60 other people directly linked to heads of state are involved. Iceland’s Prime Minister Sigmundur Gunnlaugsson became the first casualty of the investigations on Tuesday, after losing a no-confidence vote in that nation’s parliament. The vote came after accusations arose that he and his wife hid millions of dollars in offshore accounts. Mossack Fonseca defended the legality of its work to help people set up offshore financial holdings in a press release published on Monday.