Panama Papers Could Fall Through Old Versions of Drupal and WordPress

Journalists unearthed technical details related to Mossack Fonseca ’s messy information security, which has become the central figure of the recent scandal. The revelation, called “ Panama Dossiers ” by journalists, is associated with offshore billions of powerful people, which this company has helped to hide from tax inspections and other prying eyes.

As a result of a possible hack, 11.5 million documents with a total volume of 2.6 TB containing information on 214,000 dummy companies leaked to third parties and stretched in time from 1977 to 2015, which in principle was the largest event in the history of leakage. information.
')
But, despite the fact that the Internet did not appear yesterday, history repeats itself all the time. Apparently, the Russian historian Vasily Osipovich Klyuchevsky was right, who wrote: “History is not a teacher, but a guard: she teaches nothing, but severely punishes for not knowing the lessons.”

Journalists from Forbes found at Mossack Fonseca an elementary disregard for the simplest security measures. On April 1, the company sent a letter to customers informing them that their email server had been hacked.



Access to the server through the outdated Microsoft Outlook Web Access from 2009 . E-mail was transmitted from the company to the clients unencrypted. On the main website of the company there is still a WordPress version of three months ago. And the customer portal has been running CMS Drupal 7.23 - this version has been in general for three years. To date, it counted 25 known vulnerabilities .

Although negligence in ensuring the computer security of the company is obvious, these vulnerabilities have caused information leakage - it is impossible to say. All data was transmitted by an anonymous source who communicated with journalists via encrypted chats (initially with reporter Bastian Obermayer from Süddeutsche Zeitun newspaper).

The journalists placed the data on several hard drives, in encrypted form. Encryption was provided by the program VeraCrypt - the heir of the well-known product TrueCrypt. After that, to provide access to a consortium of more than 400 journalists (International Consortium of Investigative Journalists), the “dossier” was uploaded to the cloud storage from Amazon.

Now several hundreds of selected journalists have the opportunity to gradually study the database - the Solr platform from Apache was installed to search through it. The precautionary measures, including two-factor authentication on the companion site, where journalists can share with each other the pearls found in the sea of ​​information, appear to be superior to those taken in Mossack Fonseca itself.

The consortium of journalists continues to replenish the special site of the Panama Dossier, where it is presented in a visual form, "who is who" in the world of big offshore money. In the free access of all the millions of documents , only 150 have so far appeared . A full list of companies mentioned in the dossier consortium promises to publish in May 2016.

The response of the media to the largest leak in history has been different. Many Western publications were quick to declare “billions of Putin”, although his name is not mentioned in the documents. A journalist from The Guardian has calculated that the money of American politicians and rich people hidden in offshore taxes could well provide an unconditional income for all US citizens. Some analysts believe that the whole scandal is only a PR company of offshore new generation - controlled by the United States.