Post Mortem of a Breach – The Panama Papers

by Paresh Borkar

Summary:

In May of 2016 , a massive security breach resulted due to the hack of servers at Mossack Fonseca, a major law firm involving emails, pdf files, photo files and excerpts of an internal database. It was around 2.6 TB of data that spanned a period of more than 40 years. This is the largest data leak in history—over 20 times the scale of the WikiLeaks data leak of 2010.

Investigation

Based on evidence gathered , three cause were cited as the ones that could have been exploited and ultimate the technical factors for the breach. The first one was un-patched versions of Outlook WebMail Access. It was found that no patch was applied since 2009 and left the email servers to SSLv2 protocol vulnerabilites. Another software used as part of the content management system “Drupal” wasn’t updates since 2013 and was found to be running version 7.23. There have been close to 300 vulnerabilities reported by ThreatWatch since then. A SQL injection vulnerability reported in 2014 is suspected to be exploited.

And lastly, there was a WordPress plugin “Slider Revolution” used by the website which also remained up patched since 2013. ThreatWatch identified two vulnerabilities.

Conclusion:

This trend of multiple vulnerabilities resulting in a breach requires careful consideration , tracking and management of vulnerabilities across different systems and tiers. Its also worth to note that the responsibility of handling these vulnerabilities can span multiple organizations and teams which makes it a challenging problem for organizations to deal with.

Organizations cant just wish away very old vulnerabilites as bad actors and hackers always keep an eye on older systems with unpatched software or EOL softwares.

Leave a Reply

Your email address will not be published. Required fields are marked *