The Panama Papers Leak
In 2015, a personal information leak took place that affected over 214,488 entities and over 19 countries. This event is regarded as the Panama Papers leak. This leak released over 11.5 million documents that dealt with the e-mails, pdf files, photo files, and excerpts of an internal Mossack Fonseca database. Mossack Fonseca was a Panamanian law firm and a corporate service provider that used to be the fourth largest provider of offshore financial services. This leak gave detailed personal client-attorney information and personal financial information. One would think that a huge event like this would have a person who is responsible; however, the source remains anonymous. The attacker remained anonymous because he contacted a well-known German newspaper known as the Süddeutsche Zeitung (SZ). The SZ, along with the Consortium of Investigative Journalists (ICIJ), are responsible for breaking this story to the public. So, this begs the question; why did the attacker do such a thing like this? Well, as reported by the SZ, it is said that the anonymous hacker’s motives simply because was he “understood enough about their contents to realize the scale of the injustices they described.” This is because Mossack Fonseca dealt with shell companies which are companies that have no office or employees so that they can be used as money laundering and tax evasion. Mossack Fonseca also dealt with tax havens. The Panamanian government have denounced the name since it deals with more of the company Mossack Fonseca.
From a cyber security perspective, this is an awful thing to have occurred. When leaks like this happen, it sometimes puts more people in danger than informing the masses about secret knowledge. Generally speaking, leaks can come from many different sources. They can come from hackers that break into databases, attackers breaking into sessions to collect information, stealing internet cookies from high level information, etc. This leak specifically came from an insider that gave out sensitive information for anyone to see. This leak was leaked by a person not a machine. These people are called whistleblowers. These people will take sensitive information and then give it to journalists for them to publish them to the masses bringing a whole other side to cyber security. Organizations and governments can protect themselves against leaks from attackers from the outside with different aspects of cyber defense like firewalls and event viewers, but an insider that takes and downloads the information is another aspect of defense. This defense is known as physical defense.
Organizations and governments use physical defense to guard sensitive information that is located on site. They will use things like fences that have a paint on them that will not allow a person to successfully climb them, barbed wire, security guards, CCT, man traps, RFID scanners, and so on. What makes this different is that the person who leaked this information must have been a person who was high up in the chain of command, received access from someone who is high in the chain of command or he went beyond his level and received high level information. Every business, organization and even governments have something called privilege levels. With privilege levels, only certain people can have access to certain things, meaning that a person who is a starting intern cannot have access to the same information as a system administrator. This model reduces the probability of sensitive information leaking. Unfortunately, with this leak, we have no idea what the attacker did to receive sensitive information. So, as a result, the whole privilege level model and the physical security measure both need to be reevaluated.
With each of these leaks being exposed, where does this leave international cyber security? In the recent years, international cyber security has been brought to the forefront. Because that many countries are linked together because of the internet, it brings along new threats. The internet is more of a free place than the world we know. In our world we have laws and regulations that protect us while the internet has less restrictions on what you do. This means that it is ever so difficult to regulate the internet. The United States could get attacked from a country and the attacking country can get away with it without repercussions. So, driving into the future I predict that we will see the UN establish international laws and regulations on the internet so that people can feel safer as a result