• Home
  • /
  • Security
  • /
  • Panama Papers data leak took patience, resources

Panama Papers data leak took patience, resources

Lauren Kate Rawlins
By Lauren Kate Rawlins, ITWeb digital and innovation contributor.
Johannesburg, 05 Apr 2016

ITWeb Security Summit 2016

Don't miss the definitive event for security professionals:
17-18 May (conference and expo), 19 May (workshop)
Vodacom World, Midrand
Book today!

Panama-based law firm Mossack Fonseca made global headlines this week when 2.6TB of its internal information, linking prominent world figures to offshore companies, was leaked to the media.

Over 100 news organisations from around the world, including the amaBhungane Centre for Investigative Journalism and ANCIR from SA, investigated the data leak.

The media outlets simultaneously published stories exposing the dodgy dealings of politicians, criminals and celebrities - all of whom dealt with Mossack Fonseca, which specialises in creating offshore businesses.

'Panama Papers' is the name given to the global investigation and the culmination of a year's work by nearly 400 journalists. This is according to German newspaper S"uddeutsche Zeitung (SZ), to which the data was originally leaked by an unknown source, early last year.

SZ journalist Bastian Obermayer, who first spoke to the source, explains in a video that they never met in person and spoke over encrypted chat.

He said the newspaper had never dealt with such a large amount of data before, so enlisted the help of the International Consortium of Investigative Journalists (ICIJ) and then other news organisations, such as The Guardian, BBC and Le Mode.

There were approximately 11.5 million documents, dating as far back as the 1970s, all submitted in raw data, another SZ journalist, Frederik Obermaier, said in the same video. It had to be transformed into readable text before the journalists could work with it, he explained.

"First, the data had to be systematically indexed to make searching through this sea of information possible," the newspaper said in a statement. "To this end, the SZ used Nuix, the same program that international investigators work with.

Mossack Fonseca director Ramon Fonseca says the law firm is the victim of an "international campaign against privacy". (Photograph by Reuters)
Mossack Fonseca director Ramon Fonseca says the law firm is the victim of an "international campaign against privacy". (Photograph by Reuters)

"SZ and ICIJ uploaded millions of documents onto high-performance computers. They applied optical character recognition to transform data into machine-readable and easy to search files. The process turned images - such as scanned IDs and signed contracts - into searchable text. This was an important step: it enabled journalists to comb through as large a portion of the leak as possible, using a simple search mask similar to Google."

Secrets exposed

The law firm's leaked internal files contain information on nearly 215 000 offshore companies connected to people in more than 200 countries, ICIJ reported. The consortium will release the full list of companies and people linked to them in early May.

Reuters reported the firm denied any wrongdoing, with its director saying Mossack Fonseca had fallen victim to "an international campaign against privacy".

Ramon Fonseca told Reuters the "vast majority" of companies formed by his firm have been used for "legitimate purposes". Fonseca emphasised the firm is not responsible for the activities of the companies it incorporates.

"We believe there's an international campaign against privacy. Privacy is a sacred human right [but] there are people in the world who do not understand that and we definitely believe in privacy and will continue working so that legal privacy can work," he said.

A Web site page, created by ICIJ, lists all 12 country leaders found in the firm's leaked documents and the offshore companies they are linked to. The leaders include the presidents of Argentina, UAE and Ukraine, the prime minister of Iceland, the king of Saudi Arabia, and former leaders of Georgia, Iraq, Jordan, Qatar, Sudan and Ukraine. There is a further list of all politicians exposed, as well as relatives and people linked to them.

President Jacob Zuma's nephew, Clive Khulubuse Zuma, is listed for being authorised to represent an offshore firm that was accused of questionable oil field deals in the Democratic Republic of Congo.

Two of the South African businessmen involved in the Fidentia scandal of the late 2000s used the Panama-based law firm to create offshore companies, reported ICIJ. The consortium also said the leak reveals Mossack Fonseca was willing to help one of the fraudsters protect his money even after authorities publicly linked him to the scandal. The scandal involved the businessmen stealing over R1 billion from a fund meant for mine workers' widows and children.

ICIJ reported that in the rest of the world, over $2 billion worth of transactions through banks and offshore companies is linked to associates of Russian president Vladimir Putin.

The report also claims the leaked files show Iceland prime minister Sigmundur Gunnlaugsson and his wife owned an offshore firm that held millions of dollars in Icelandic bank bonds during that country's financial crisis.

More to come

"Right now it's a significant undertaking to hack into a system and make such a huge data transfer," says Arthur Goldstuck, MD of World Wide Worx. "Whoever did it had enormous patience, and not insignificant resources."

Goldstuck says one of the unspoken implications of the case is how much more commonplace such data dumps will become in future.

"As Internet speeds ramp up globally, as cloud computing becomes more pervasive, efficient and secure, and as storage becomes dramatically cheaper and more plentiful, the ability to transfer massive amounts of data will also increase exponentially," says Goldstuck.

"Add to this that the corporate world is often clueless about the growing sophistication of hackers and their tools, and we can look forward to a leak-fest that will make this one seem almost benign."

Adrian Schofield, director and VP of the Institute of IT Professionals SA, says: "In the last century, you could pretty much rely on documentation being locked in a safe or a vault somewhere. Now, digitisation and global operations mean the data is only electronically secure instead of physically secure.

"Without debating the morality of companies that facilitate use of tax havens and secret accounts, those who wish to hide their wealth and other activities by using such services must recognise they are increasingly likely to be exposed due to 'leaks' like this."

Schofield saysthe difference between this and previous leaks, such as that by Edward Snowden, "is that the latter [Snowden] was all about 'intelligence' data and whether we felt threatened by the Big Brother syndrome. Innocent people would probably feel their governments should be taking steps to protect their citizens from terrorists and criminals. In this case, the 'victims' are pretty much shown to be self-interested, greedy and disloyal - and therefore unlikely to gain much sympathy from the majority."




Leaked to:





Offshore leaks




Luxemburg leaks




Swiss leaks




Panama Papers