When Edward Snowden went public as the NSA whistleblower in 2013, few were surprised that a system administrator was behind the spy agency’s leak. Inside administrators who hold the keys to an organization’s data kingdom are a much greater threat to security than outside hackers.
Now it appears another technical insider may be connected to a leak at Mossack Fonseca, the law firm at the heart of the massive Panama Papers scandal. A computer technician employed by Mossack Fonseca’s Geneva office was arrested this week on suspicion of removing “large amounts of data” from the law firm’s network, according to Swiss newspaper Le Temps. Le Temps reported that the worker was arrested after the law firm filed a complaint accusing him of unauthorized access and breach of trust, and of stealing a large amount of confidential data. Investigators also seized computers in the law firm’s Swiss office.
The paper did not name the suspect and was unable to confirm if the data theft involved the millions of records that have come to be known as the Panama Papers leak, considered to be the biggest leak in whistleblower history, or a different data theft.
Bastian Obermayer, one of the primary reporters behind publication of the Panama Papers stories, tweeted today that the person arrested is not the “John Doe” who leaked him the Panama Papers. “According to our information,” he wrote, “the #mossackfonseca IT person arrested in Geneva is not #panamapapers” source ‘John Doe’.”
— Bastian Obermayer (@b_obermayer) June 15, 2016
That’s not to say, however, that the suspect arrested this week is not connected in some way with the leak. He may have assisted the “John Doe” who passed the documents to Obermayer. Or he may be responsible for a different earlier leak at the law firm, that preceded the massive Panama Papers leak.
On April 3, the International Consortium of Investigative Journalists and more than a hundred media partners around the world revealed that a whistleblower had gifted them with more than 11 million documents, including emails, databases and PDFs, exposing the offshore accounts of the Panamanian law firm’s customers. The accounts were designed to hide money belonging to celebrities, world leaders and corporate officials around the world.
ICIJ Director Gerard Ryle told WIRED that in late 2014 an unknown source contacted Obermayer, a reporter for the German newspaper Suddeutsche Zeitung, after the paper had published stories related to a different, smaller leak of Mossack Fonseca documents. Those documents had been given to German government regulators. The source contacted the paper via encrypted chat, offering more [data] than you have ever seen from the Panamanian law firm that would “make these crimes public.” The source indicated that his or her life was in danger and refused to meet in person with Obermayer.
Their communication methods over the following months indicated that the source was well-versed in operational security and took careful steps to protect his or her identity. Each time the source communicated with Obermayer, they deleted their correspondence. They also conducted an authentication check each time they resumed their communication.
Id say is it sunny? Youd say the moon is raining or whatever nonsense, and then both of us can verify its still the other person on the device, Obermayer told WIRED.
The source leaked the documents piecemeal over time until the paper had amassed more than 11 million records stolen from Mossack Fonseca. Obermayer wouldn’t tell WIRED how the source transmitted what must have been hundreds of gigabytes of data at a time.
John Doe’s Motives
Obermayer’s “John Doe” revealed the motive for his leak in a lengthy statement published last month, stating that the secret offshore accounts weren’t just being used to evade taxes but to commit other more serious crimes.
“I decided to expose Mossack Fonseca because I thought its founders, employees and clients should have to answer for their roles in these crimes, only some of which have come to light thus far. It will take years, possibly decades, for the full extent of the firms sordid acts to become known,” he wrote.
He went on to implicate Mossack Fonseca’s IT staff in the firm’s crimes. “At the very least we already know that Mossack personally perjured himself before a federal court in Nevada, and we also know that his information technology staff attempted to cover up the underlying lies. They should all be prosecuted accordingly with no special treatment,” he wrote.
Now at least one IT staff member is under criminal investigation, though not for the alleged crimes referenced by John Doe.
Mossack Fonseca said in April that it suspected an insider was responsible for the Panama Papers leak but didn’t elaborate. But the company also reportedly had very poor digital security, which included systems riddled with vulnerabilities that would have made it susceptible to being hacked by outsiders.
Thierry Ulmann, a lawyer for Mossack Fonseca, didn’t respond to a request for comment from WIRED about the arrest this week, but he told Le Temps it remains to be seen yet if the suspect is John Doe. “All hypotheses are open,” he said. He said stolen data was taken out through the suspect’s computer in Geneva and that the worker had “full access privileges.” He didn’t say, however, whether the stolen data included the Panama Papers.
An attorney for the arrested IT worker told Le Temps that his client is innocent. WIRED reached out to the attorney and the arresting Swiss authorities but has not heard back.