Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Panama Papers: How the Law Firm Was Hacked – and Other Law Firms Named

April 18, 2016

I have resisted reaching too many conclusions about how the Panamanian firm Mossack Fonseca was hacked because the dust has clearly not settled on the answers. It certainly appears that the firm had no intrusion detection or data loss prevention systems in place or they would have known about the breach. So that in itself is a disgrace given their clientele and the kind of work the firm was doing.

The Register reported that a SQL vulnerability was found at the firm.

Naked Security reported that, aside from the e-mail server hack which the firm acknowledged, the company's WordPress website included a buggy plug-in and that the firm's customer portal was running a long-outdated version of Drupal. Some experts still believe insiders were involved but the firm denies it and I have as yet seen no proof of it.

The New York Times reported on April 13^th that the government had raided the offices of Mossack Fonseca, accompanied by financial analysts and digital forensics experts, looking for evidence of illegal activities, including assisting clients in laundering money and avoiding taxes.

More firms have been named in connection with the Panama Papers, including JP Damiani & Associates (Switzerland), Child & Child (UK), Junod Muhlsteing (Switzerland) and Krinzman Huss (US). This should not be construed as an accusation of illegal activities by those firm. The dust hasn't settled on that either.

The New Yorker observed that other countries tended to use the services of Mossack Fonseca more than U.S. entitles; however, of the fourteen thousand intermediaries—banks, law firms, company-incorporation firms, and other middlemen—with which Mossack Fonseca worked over the years in order to set up companies, foundations, and trusts for its customers, six hundred and seventeen were based in the United States. Those names will no doubt be revealed in time – I imagine there are a lot of nervous people/companies awaiting the revelation of their identities and facts surrounding their relationship with Mossack Fonseca.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Panama Papers: How the Law Firm Was Hacked – and Other Law Firms Named

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer