Who leaked the Panama papers?
How do you leak 2.6 terabytes of data?
That's 11.5m records, 4.8m emails and 2.1m PDFs – 40 years worth of data, about 214,000 offshore entities and numerous famous names and faces and how they secretly arranged their taxes.
The Panama papers leak is the biggest in history – but how did it ever get leaked and who was behind it?
We know it was an anonymous whistleblower, but it’s unlikely to be the lone good-hearted soul, working for the greater good everyone might imagine, according to one cyber security expert.
Secret services
“My suspicion is that there is an organisation behind it” said Dr Sandro Gaycken senior researcher on cyber defence and cyber strategy at the European School of Management and Technology in Berlin. “That could be an individual . On the other hand, there are many entities who stand to benefit.”
“Who's profiting from these leaks? In Chinese leaks, for example, it comes from people posing as activists, but it’s often political rivals. But most of the time, it’s secret services,” said Gaycken, who adds that Russia is also one for leaking information that appears to come from activists.
Western secret services and many states stand to gain from getting unpaid tax money back and putting an end to tax havens, he points out, while the leak itself can also act as a deterrent to anyone considering such secrecy.
Read more: Panama papers: Reaction to the revelations
The Panama papers may be the largest but they are also the latest of several leaks about offshore records over the last few years, indicating a sustained attempt to uncover such secrets.
Bastian Oberway, a reporter at German newspaper Suddeutsche Zeitung, told Wired the anonymous whistleblower contacted him over encrypted chat, intending to make the documents public but warning that their “life was in danger”.
He details the security methods used to keep the leak under wraps and the whistleblower anonymous. Ironically, it’s these types of measures which were missing when it came to keeping the Panama papers secret in the first place.
Legitimate secrets
Essentially, we got too carried away with the internet, creating a web of information which can be accessed across huge networks, making it easier than ever for people to take them if they wish.
There are legitimate uses for offshore companies and while in this case, the leak is widely seen as good for global transparency, legitimate secrets, whether personal or in matters of national security may need to be kept under wraps.
Read more: Everything you ever wanted to know about bearer shares
A lack of cyber security “is of great value to many criminal and nation state activities” said Philip Lieberman, president of Lieberman software.
“Clients should ask their firms about whether they are regularly penetration tested by different firms, have segregated networks, use multiple levels of cryptography, use air gapped networks, use automated privileged access and privileged identity management system to rotate all sensitive passwords on every system every two to 24 hours worldwide,” he adds.
Gaycken said: "The owners of dirty secrets are not safe anymore. Anything that's known digitally can be known publicly."
Going offline
Security services are already moving away from the kind of connected information networks they’ve been building for decades. Much like celebrities downgrading their iPhones for flip phones after a spate of hacks.
"I've been seeing secret services move offline,” said Gaycken, “moving to smaller more controlled networks – one or two computers, with physical computers, no networks, decentralised peer cryptography,” returning to more conventional ways.
He also points out how Russia has never changed its ways when it comes to keeping hold of information since the Cold War – “That's why you never get leaks from Russia”. Unless they want you to know something, of course.
Read more: HMRC: Sigh. Yes, we're looking into the Panama leak
There are two ways the leak is likely to have come about.
“There’s a hack from outside where a connection is established and then they start to take data, or an insider who knows how to access and extract data – whether that’s via removable storage, email attachment, or encrypted methods if they don’t want to get caught,” said Gaycken.
There’s also the prospect of the Panama papers leaking as a result of a secret service organisation hiring an insider and then getting them to leak information and it's likely the information was taken over a period of time.
"Culture of leaking"
Oberway declined to reveal the method used for getting hold of the files. “I learned a lot about making the safe transfer of big files,” he told Wired. And even he doesn't know who the source is.
"Data secrets are not safe anymore. We learnt it with Snowden, this leak, other leaks and more in China and Saudi Arabia," said Gaycken. "It's the first phase of culture of leaking."