The looming mystery behind the Panama Papers: How did the largest document leak in history even happen?
By Marcy Wheeler, Salon
Thursday, Apr 7, 2016 01:18 PM EST
“Hello. This is John Doe. Interested in data?” That line — apparently written in English and using an American cultural reference — is much of what we know about the source, possibly a hacker, behind the Panama Papers, a massive trove of documents on which four hundred journalists have been collaborating for up to a year, detailing how a Panamanian law firm called Mossack Fonseca has helped some of the world’s most powerful people set up shell companies capable of concealing vast amounts of wealth. The source reached out to Bastian Obermayer, a reporter for Germany’s Sueddeutsche Zeitung newspaper, over a year ago, explaining, “I want to make these crimes public.”
Beyond that, the International Consortium of Investigative Journalists (ICIJ), the group with which Sueddeutsche Zeitung shared the documents in order to expand the investigation, has explained only that, “The source wanted neither financial compensation nor anything else in return, apart from a few security measures.”
Indeed, Obermayer has claimed, in an interview with Wired, that he doesn’t know who the source actually is. “I don’t know the name of the person or the identity of the person,” though he says he has had extensive conversations with the person.
Readers of Panama Papers have just that one opening line — “I want to make these crimes public” — to explain the source’s motive, although as Sueddeutsche Zeitung and other outlets reporting on the story are required to explain, some uses for offshore accounts are perfectly legal; and, as many outlets have noted, Mossack Fonseca is just one cog in a giant industry supporting tax havens, key parts of which are in the United States.
Mossack Fonseca would like readers to believe this came from an email hack. The company informed its customers (in a message posted to WikiLeaks suggesting not all of them had been compromised) that its email server had been compromised. “We rule out an inside job. This is not a leak. This is a hack,” one of the founders of the firm, Ramon Fonseca, told Reuters. “We have a theory and we are following it.” The firm also reported a crime to authorities.
However, there are good reasons to doubt that this was just an email server hack. While Mossack Fonseca’s emails appear not to have been encrypted, there is far more to the leak than emails. It includes scanned passports and some database excerpts, suggesting that, however the files were obtained, it went beyond what got sent via email. Moreover, multiple outlets have identified outdated code and other configuration problems in Mossack Fonseca’s public website. So it seems probable that the firm’s trove of customer data has been exposed far more than MF wants to admit.
Which then raises the question: Do security vulnerabilities on Mossack Fonseca’s systems explain why it, and not another of the even bigger law firms serving tax haven customers, got exposed in this hack? Or is there another explanation? Did the hacker — if that is where these documents came from — single out Mossack Fonseca because it had already been exposed as a firm serving dubious clients, or did the source just target an easy mark, given MF’s security problems?
To be sure, none of these questions diminish the importance of the Panama Papers project, which has already led to the resignation of some key figures exposed by the stories. Even if there were less noble motives behind this leak, there would still be tremendous value in exposing the problems and pervasiveness of tax havens. But these questions should be part of the discussion about what we’re seeing.
We’ve been given a giant snapshot of one really important part of a really damaging part of global finance. The snapshot is important and the reporting on it is crucial. But we might want to ask, why are we getting this particular snapshot?