Panama Papers: How a website slider may have brought down governments

One of the biggest stories in the news recently concerns the Panama Papers—millions of leaked emails, databases, and documents detailing the use of offshore banking and tax havens by various wealthy individuals and politicians to hide their assets. The data itself belonged to Mossack Fonseca, a law firm and corporate services company based in Panama.

The data was leaked by an anonymous source to a newspaper in Germany. The nearly 2.6 Terabytes of data (2,600 Gigabytes) were then analyzed and scrutinized, using a variety of software applications, by the International Consortium of Investigative Journalists (ICIJ). This group included 400 journalists from over 70 countries. Several heads of state were named in the documents, including the Prime Minister of Iceland. He has now stepped down due to the information contained within the leaked data. All of this, possibly because of a small, outdated piece of software on a website (we’ll get to that).

Once the data was publicized in April 2016, the media and data security experts were left asking the same question. How did this leak happen?

hacking secret data

How Did the Panama Papers Hack Happen?

Movies have typically portrayed hacking as an intense sequence of someone sitting at a keyboard in a dark room with dramatic music playing in the background, speed typing commands into all sorts of windows with gibberish green text on black backgrounds. Though this surely happens, there are a lot of different kinds of hacking that aren’t as exciting, though equally effective.

In this case, it wasn’t nearly as complicated as one might think, and it was completely preventable (if this was, in fact, the cause of the leak). It seems that Mossack Fonseca did not take even the most basic precaution, keeping their website and customer portal up-to-date with the latest versions of WordPress, Drupal, and one component in particular—Revolution Slider. The last item may have been the key to the whole leak.

Wordfence, the makers of a security plugin for WordPress, have excellent breakdowns here and here of the potential path the anonymous whistleblower may have taken to retrieve this data, using an outdated version of Revolution Slider that was on the Mossack Fonseca website. No hacking through firewalls or decrypting security was required to access their servers, only a publicly-known and published exploit of old software.

Preventable Measures

protecting your computer from threats

The odd thing is that these exploits were easily preventable, especially for an organization with the kinds of resources that Mossack Fonseca has at its disposal. Some of the steps they could have taken were to:

  1. Keep their web software updated with the latest versions
  2. Patch software immediately when exploits are found and released
  3. Not run their email servers on the same network as externally accessed resources like their website and client portal
  4. Encrypt their emails
  5. Have a server/network security expert audit their infrastructure, and apply even the most basic web hosting security procedures

As we’ve seen above, even large, multinational companies make these mistakes, and it should be a warning to anyone with sensitive data. Make sure you keep your web assets up-to-date and secure.

At Top Draw, we don’t want you to end up in this situation, no matter how sensitive your data might be. That’s why one of the services we provide to our clients is to keep their WordPress sites updated with the latest WordPress core and plugin updates. It’s an easy way to make sure there is one less point of exploit for a website.

Reach out if you need help maintaining your site!