Mossack Fonseca – From Opaque to Transparent

Just A Hard-drive of Data

The scale of the leak from Mossack Fonseca compared to other recent leaks is staggering. 2.6TB of data, 11 and half million documents. WikiLeaks comes in at just 1.7GB – a drop in the ocean.

OK – let’s be honest you could fit all that data on a portable hard-drive you could buy in the high-street, so is it really that big? At it’s quickest speed you could fill the drive in just over two hours – but of course the reality is it would take much longer. In this case apparently over a year.

The information was released by the ‘source” over a year, and processed to be in a useful form in parallel over that time-frame too (Guardian). It’s well heck of a leak, and highlighted one massive hole is Mossack Fonseca IT security.

It’s A Hack – Really?

Mossack Fonseca themselves appear to be saying this took place outside their organisation – they got hacked, but I struggle to understand how a hack of this size could take place without anyone knowing. The most standard of defences would pick-up some level of intrusion, and basics for half savvy techy responsible for networking. For me this stinks of a disgruntled employee – which is of course the #1 cause of most security and data breaches. All unencrypted – ready to read? Mind blowing.

The level of IT Standard seemed to be a little lapse according to several sources too (Wired).

The Morality?

I was really annoyed, no I was angry, with Snowden (Business Insider). See I like my national security and that of our nation’s allies. If you are paid well to do a job, you do it. It’s your job. Protecting me, my friends and family. I understand there is collateral damage at times – but broadly it keeps the vast, vast, majority safe.

As a side note, I personally refuse to work for organisations I view as immoral – pay day lenders, call centres for PPI claims – I have no interest in working for them. There is always a questions of how you live, and how you make you living.  But I also understand I am lucky, and I have choices.

Mossack Fonseca on the other hand operated for the elite (note a twinge of jealously), however contributed, and I suspect condoned illegal activity, money laundering, tax evasions and a string of other immoral things. So hack away? Not quite – but I am not going to be angry about the leak or the people who did it, if and when, they reveal themselves.

Internet Of Transparency

This hack, or data leak, does have a moral standing, but I believe it is yet again a wake-up call to businesses, organisations and individuals that we are no longer an “internet of things” but an “internet of transparency”.

The company, Nuix, who analysed the data from Mossack Fonseca, say they kept the data on servers off the grid. It’s a little like telling a friend a secret – once you tell one person, it’s not long before the whole world knows. As soon as you plug your servers with data onto the internet – you just a few firewalls away from the entire world accessing your systems and data.

Invest, Check and Retain – Assure

Building good IT security is about knowing the risks, in this case MASSIVE. And then acting accordingly across the entire organisation. Implementing good process and procedure of how to protect what you have, and take action when necessary to stop or alert when things go wrong. This involves the entire business, starting at the top and working down. From a technical standpoint it’s about good investment – doing nothing is not an option.

  • Invest: Keep your important stuff secure – invest in good technology.
  • Test: But don’t just rely on good technology – regularly check it’s working with external security auditors and professionals.
  • Retain: People hold the key – literally they do, so retain and reward great people (and that’s not the ones that hold you to ransom over the technical abilities).
  • Assure: Don’t forget to seek assurances (and evidence) from your partners/suppliers who have your data too – you are just as strong as your weakest link.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *