Blog

Who’s Minding the Data Store?

The massive Panama Papers data breach holds valuable lessons for anyone responsible for securing IT systems and data.

The recent publication of the Panama Papers – a trove of leaked confidential documents from a Panamanian law firm – has driven a torrent of media coverage. Most of the reporting has focused on the world leaders, business executives, and celebrities whose financial dealings were uncovered.

Overlooked in the furor is a question of vital importance to anyone concerned about data security, particularly data exfiltration.

How could anyone, let alone a law firm whose entire business is predicated on maintaining privacy, not notice that 2.6 terabytes of data – some 11.5 million documents – had been compromised?

A variety of plausible explanations have been offered for how Mossack Fonseca, the law firm in question, remained in the dark about the massive breach and extraction of confidential data regarding its wealthy clients.

They include the multiple flaws in Mossack Fonseca’s IT infrastructure and practices (see below); the gradual staging of the leaks, over more than a year; the observation that law firms don’t always prioritize data security and leak detection; and the apparent lack of warning signs that would have alerted Mossack Fonseca to “the biggest data leak in history” unfolding on its watch.

Lots of room for improvement

What could Mossack Fonseca have done better? Evidently, from an IT-security standpoint, pretty much everything. A short list, compiled from long-distance analysis of MF’s website and server structure by various IT-security experts, would include:

  • Updating the Outlook Web Access login (not done since 2009)
  • Updating the client login portal (not done since 2013)
  • Updating all plugins to WordPress, especially for Revolution Slider
  • Not using the (obsolete and insecure) SSLv2 protocol on servers
  • Not using a three-year-old version of the Drupal open-source content management framework
  • Encrypting all email
  • Incorporating two-factor authentication on the website

But even if the law firm had taken all of these sensible and standard precautions, its IT systems and data could still have been vulnerable to the attacks of a determined leaker or hacker. The glaring omission in this, as in many breaches of sensitive data, is the lack of organizational visibility into threats that were emerging on its networks.

Visibility into the network is essential

Regardless of whether Mossack Fonseca’s adversary was inside or outside the organization, the data exfiltration of 2.6 terabytes of data should have alerted the firm to the fact that huge spikes of information were being transmitted out of its system.

Any time several terabytes of data are being backed up from their repository to an internal storage device, or copied to a compromised computer within the organization, or transmitted to an external address, those flows of data should generate alerts that give the IT organization prompt warning and a chance to respond.

All too often, organisations fall into the trap of putting too many resources into trying to prevent an attack from happening in the first place… What is equally important is ensuring organisations have the ability to detect an attack when these preventative measures fail and can swiftly respond.

As one British security analyst observed, “All too often, organisations fall into the trap of putting too many resources into trying to prevent an attack from happening in the first place… What is equally important is ensuring organisations have the ability to detect an attack when these preventative measures fail and can swiftly respond.

Dynamic Endpoint Modeling provides exactly this level of network insight and endpoint protection. Observable’s solution gives security professionals real-time insight into endpoint devices and alerts them when a device begins behaving abnormally. All of this gives you the best chance to detect and defend against leaks and attacks.

For Mossack Fonseca and its 14,153 clients who may have been affected by the Panama Papers leak, the proverbial horses may have left the stable. But for your organization, there’s time to learn from others’ mistakes.


Experience Dynamic Endpoint Modeling on Your Own Network

Getting better visibility into your network and improving your security couldn’t be easier. Sign up for a free, no-risk trial of Observable’s Endpoint Modeling solution, and change the way you see security.

Detect Threats Faster – Start Your Free, No-Risk Trial