You’ve no doubt read about the Panama Papers – the Panamanian law firm, Mossack Fonseca (MF), that was hacked and the subsequent fall out revealing prominent names who use or have used offshore tax havens to maximise their money. Apparently the law firm relies on an international network of other lawyers, as well as bankers and accountants to support its high net-worth clients.
What may surprise you is that for all the alleged money involved in and around the business of off-shore tax havens, very little seems to have been spent in keeping MF’s internet facing systems secure. One of which is WordPress – which is used for their customer-facing website
According to a blog by the good people at Wordfence, the Panama Paper breach was likely caused by an out-of-date WordPress plugin with a known vulnerability.This security vulnerability was compounded because MF had other systems laying on the same (security) layer – breach one level of security on a server and it is easy (or less difficult) to traverse onto another.
Whilst ignorance of security flaws is not a crime in its self, having the equivalent of a first floor flat with two rooms with an open adjoining door is pretty damning.
It’s pretty easy to generalise and in this case I would have assumed that MF, due to the finances that they were managing, would have a pretty secure setup.
Its a fairly common statement not to assume anything. In this case, certain individuals wouldn’t have ended up with egg on their face or lots of questions in Parliament.
Another common statement is that there are no stupid questions – therefore be prepared to ask any service provider about their security.