The whole Panama Papers data leak may be hard to grasp by many people because of the sheer size and the tremendous amount of information dumped on the public at once.
We’re not going to attempt to discuss its consequences, but we’re going to focus on a series of clues left online that may lead some “smart” people to deduce how the hack took place in the first place.
While German newspaper Süddeutsche Zeitung didn’t reveal any information that would explain how the attacker obtained the data, security researchers easily discovered a few weak points in Mossack Fonseca’s Web infrastructure.
Mossack Fonseca used outdated WordPress, Drupal versions
The law firm was apparently using two different websites. A WordPress-powered presentational site and a Drupal-powered private client portal.
Researchers discovered that vulnerabilities in the Revolution Slider plugin used on the WordPress site allowed attackers to gain access to the firm’s email server from where they stole sensitive emails.
The biggest issues were found in the client portal, though, which was running on a three-year-old Drupal version (7.23), for which 25 different vulnerabilities currently exist.
Customers used this portal to upload and download personal documents, which means that, if compromised, attackers would have had access to Mossack Fonseca’s file server, from where the massive 2.5 TB of information could have originated.
Hackers stole EVERYTHING
All in all, 11.5 million files and documents for Mossack Fonseca’s entire company history were stolen, going back 40 years, to the moment when the company was founded.
Of course, all is just speculation at this point, and outside the “insider threat/whistleblower” scenario, this looks like the second best guess for what really happened.
Below is an infographic from Web security firm Barricade, which aggregates information from various sources and presents the Panama Papers leak in a much-simplified manner.
Originally posted 2016-04-19 06:42:00.