By:
Gregory P. Bufithis, Esq.
Founder/CEO
8 April 2016 – Most of the press reports on the Panama Papers have focused on tax evasion. And almost lock-step have been the law firms and lawyers talking about “law firm data breach” and “the need to protect client data”. Lost were the most important stories like money-laundering, terrorist financing and how corporations used these vehicles to get around economic and trading sanctions levied by their governments against brutal regimes. They used these shell/shadow companies to get around those sanctions … these shadow companies also used by the regimes themselves … to help fund war.
But it’s an old story. You WWII historians out there know the sordid tales of how Standard Oil was shipping fuel to the Nazis through Switzerland during the war, and how I.T.T. was helping supply the rocket bombs that marauded much of London – all through sham corporations. Ah, capitalism. Ya gotta love it.
Alas, fodder for a separate post.
For Mossack Fonseca … the hacked law firm behind these “Panama Papers” (with several Blue Chip law firms also involved but yet to be named) … says it has always complied with international protocols to ensure the companies it incorporates “are not used for tax evasion, money-laundering, terrorist finance or other illicit purposes”. Of course it does.
And given the nature of its activities, Mossack Fonseca has shown an astonishing disregard for security. Marcel Dekker, one of the experts involved, shared with me that Mossack Fonseca has failed to update its Outlook Web Access login since 2009 and not updated its client login portal since 2013. It’s client portal was also vulnerable to the DROWN attack, a security exploit that targets servers supporting the obsolete and insecure SSL v2 protocol. The portal, which runs on the Drupal open source CMS, was last updated in August 2013, according to the site’s change log. I have more juicy IT details but let’s not clog up this post.
So how did investigators sift through 2.6 terabytes of information for exact names and places, needng to analyze and search multiple file formats fast and efficiently?
They turned to Nuix and its software called Investigator Lab. The software utilizes a suite of programs like an optical character recognition program and named entity extraction software.
My colleague Chris Dale has written a masterful post on how it was done, with links, which you can read by clicking here.
And my buddy Sean Allocca over at Digital Forensics Investigator has a bit more including a quote by Gerard Ryle, Director of the International Consortium of Investigative Journalists which received the treasure trove, extolling the virtues of the Nuix technology. For his piece click here.
